Practice test 1 Flashcards

Question 1

Q

Which of the following services can help you:

Assign time-bound access to resources using start and end dates

Enforce multi-factor authentication to activate any role

Azure DDos Protection
Azure Security Center
Azure Advanced Threat Protection (ATP)
Azure Privileged Identity Management

Answer

A

4.Azure Privileged Identity Management

Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft Intune.

Reasons to use:

Organizations want to minimize the number of people who have access to secure information or resources, because that reduces the chance of a malicious actor getting that access, or an authorized user inadvertently impacting a sensitive resource. However, users still need to carry out privileged operations in Azure AD, Azure, Office 365, or SaaS apps. Organizations can give users just-in-time (JIT) privileged access to Azure resources and Azure AD. There is a need for oversight for what those users are doing with their administrator privileges.

Question 2

Q

For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, you will have Virtual Machine Connectivity to at least one instance guaranteed at least _______ of the time.
1. 99.95%
2. 99.99%
3. 99%
4. 99.5%

Answer

A

99.99%

SLA for Virtual Machines

For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.

For all Virtual Machines that have two or more instances deployed in the same Availability Set or in the same Dedicated Host Group, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.

For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%.

For any Single Instance Virtual Machine using Standard SSD Managed Disks for Operating System Disk and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.5%.

For any Single Instance Virtual Machine using Standard HDD Managed Disks for Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 95%.

Question 3

Q

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure Logic App and an Azure Data Factory instance.

Would you agree with this implementation?

Yes or No

Answer

A

Yes

Azure Logic App and Azure Data Factory both fall under the PaaS (Platform as a Service) category.

Question 4

Q

Yes or no?

All resource types support Tags in Azure.

Answer

A

No, according to the official documentation, Tags CANNOT be applied to all resource types. Management groups currently don’t support tags.

Question 5

Q

Yes or No:

Deleting a resource groups deletes all the resources inside it as well.

Answer

A

Yes

Deleting the resource group will remove the resource group as well as all the resources in that resource group. This can be useful for the management of resources. For example, a virtual machine has several components (the VM itself, virtual disks, network adapter etc.).

By placing the VM in its own resource group, you can delete the VM along with all its associated components by deleting the resource group.

Another example is when creating a test environment. You could place the entire test environment (Network components, virtual machines etc.) in one resource group. You can then delete the entire test environment by deleting the resource group.

Question 6

Q

Which of the following services provides information about Azure service incidents, planned maintenance and can notify you of issues via Email, SMS and push notifications?

Azure Trust Portal
Azure Initiatives
Azure Service Health
Azure Monitor

Answer

A

Azure Service Health

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. We can configure customizable cloud alerts and use your personalized dashboard to analyze health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Question 7

Q

Yes or No:

A resource can belong to more than one resource group

Answer

A

No

No! 1 resource = 1 resource group (very simply logic)

Question 8

Q

Which of the following affect costs in Azure? (Choose 2)
1. Availability Zone
2. Instance size
3. Knowledge center usage
4. Location

Answer

A

2,4
2. Instance size
4. Location

The instance size and the location (eg -US or Europe etc ) affect the prices. The knowledge center is completely free to use, and you aren’t charged for an Availability Zone.

Question 9

Q

When computing and processing demand increases beyond an on-premises datacenter’s capabilities, businesses can easily use the ___________ cloud to instantly scale capacity up or down to handle excess capacity.

Public
Private

Answer

A

Public

When computing and processing demand increases beyond an on-premises datacenter’s capabilities, businesses can use the cloud to instantly scale capacity up or down to handle excess capacity. It also allows them to avoid the time and cost of purchasing, installing, and maintaining new servers that they may not always need.

Question 10

Q

When assigning Azure role-based access control (Azure RBAC) at the management group level, which of the following occurs?

Permissions are restricted to the management group level only.
Permissions are assigned individually for each subscription under the management group.
Permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group.
Permissions apply only to the resources within the management group.

Answer

A

Permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group.

Permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group.

When you assign Azure role-based access control (Azure RBAC) at the management group level, the permissions are inherited by all sub-management groups, subscriptions, resource groups, and resources under the management group. This approach simplifies access management and helps maintain consistency across the organization.

Question 11

Q

Yes or No:

When you create a resource group, you need to provide a location for that resource group.

Answer

A

Yes

When you create a resource group, you need to provide a location for that resource group.

You may be wondering, “Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?”

The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

Question 12

Q

When should you scale out your deployment?

When you need additional Virtual Machines / computers to speed up your application
When you want to reduce the unused capacity of your system
When you need to reduce your cost of operation
When you need a stronger CPU to make your application run faster

Answer

A

When you need additional Virtual Machines / computers to speed up your application

Scale Out

A scale out operation is the equivalent of creating multiple copies of your web site and adding a load balancer to distribute the demand between them. When you scale out a web site in Azure, there is no need to configure load balancing separately since this is already provided by the platform

Question 13

Q

Select the characteristics of the Public Cloud from the following:

Metered pricing
No capital expenditure to scale up
Hardware must be purchased for start-up and maintenance.
Applications can be quickly provisioned and deprovisioned.
Organizations are responsible for hardware maintenance and updates.
Unsecured connections

Answer

A

Metered pricing
No capital expenditure to scale up
Applications can be quickly provisioned and deprovisioned.

With the public cloud, you get pay-as-you-go pricing and you pay only for what you use, no CapEx costs are involved.

With the public cloud, you have self-service management. You are responsible for the deployment and configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the cloud resources is managed by the cloud provider.

Incorrect Answers:

Hardware must be purchased for start-up and maintenance - You don’t have to purchase any hardware on the public cloud. The underlying hardware is shared so you could have multiple customers using cloud resources hosted on the same physical hardware. Moreover, this is a characteristic of the private cloud.

Unsecured Connections - Connections to the public cloud are secure.

Organizations are responsible for hardware maintenance and updates - This is a characteristic of the Private Cloud.

Question 14

Q

Can you apply a read-only lock to an Azure resource that already has a delete lock applied to it?

No, but a read-only lock can be temporarily disabled to make modifications
No, a delete lock overrides all other locks and prevents any modifications or deletions
Yes, but only by the owner of the subscription

Answer

A

Yes, but only by the owner of the subscription

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Try this out in the Azure portal, you should be able to add a read-only lock to a resource having a CanNotDelete lock already!

Question 15

Q

Which of the following can be used to manage your Azure Resources from an iPhone?

Azure Mobile App
Azure Portal
Azure CLI
Azure Cloud Shell
Windows PowerShell

Answer

A

Azure Mobile App
Azure Portal
Azure Cloud Shell

The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the Azure portal on an iPhone.

Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure Cloud Shell from the Azure portal. Being web-based, you can use the Azure Cloud Shell on an iPhone.

Incorrect Answers:

A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.
D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.

Question 16

Q

Your organization has an on-premise infrastructure. The requirement from senior management is to migrate everything to the cloud.
As an advisor, what would you recommend to deal with an unexpected Azure outage in a Data Center / Availability Zone?

Fault Tolerance
Scalability
Using cheap resources to lose lesser money
Elasticity

Answer

A

Fault Tolerance

There are several mechanisms built into Microsoft Azure to ensure services and applications remain available in the event of a failure. Such failures can include hardware failures, such as hard-disk crashes, or temporary availability issues of dependent services, such as storage or networking services. Azure and its software-controlled infrastructure are written in a way to anticipate and manage such failures. In the event of a failure, the Azure infrastructure (the Fabric Controller) reacts immediately to restore services and infrastructure. For example, if a virtual machine (VM) fails due to a hardware failure on the physical host, the Fabric Controller moves that VM to another physical node based on the same hard disk stored in Azure storage. Azure is similarly capable of coordinating upgrades and updates in such a way as to avoid service downtime.

For computing resources (such as cloud services, traditional IaaS VMs, VM scale sets), the most important and fundamental concepts for enabling high availability are fault domains and upgrade domains. These have been part of Azure since its inception.

Question 17

Q

What is the primary purpose of Microsoft Defender for Cloud?
1. To monitor security posture and protect against threats in cloud, on-premises, hybrid, and multi-cloud environments.
2. To provide a physical security layer for computing hardware.
3. To automate the deployment of virtual machines in the cloud.
4. To provide network segmentation for virtual machines.

Answer

A

To monitor security posture and protect against threats in cloud, on-premises, hybrid, and multi-cloud environments.

From the official Microsoft documentation:

Defender for Cloud is a monitoring tool for security posture management and threat protection. It monitors your cloud, on-premises, hybrid, and multi-cloud environments to provide guidance and notifications aimed at strengthening your security posture.

Defender for Cloud provides the tools needed to harden your resources, track your security posture, protect against cyber attacks, and streamline security management. Deployment of Defender for Cloud is easy, it’s already natively integrated to Azure.

Question 18

Q

Which of the following factors influence the cost of Azure resources? (Select all that apply)

Maintenance
Geography
Consumption
Resource type

Answer

A

Geography
Consumption
Resource type

The correct answers are - Resource type, Consumption, and Geography. These factors influence the cost of Azure resources. Maintenance, on the other hand, is an important aspect of managing resources to control costs but does not directly influence the cost of the resources themselves.

Question 19

Q

When you as a consumer are implementing a Software as a Service (SaaS) solution, you are responsible for configuring high availability.
Review the bolded text. If the statement is already correct, select “No change is needed”. If the statement is incorrect, choose the option below that would make the statement correct.

Installing the SaaS solution
Configuring the SaaS solution
No change is needed
Creating a resource group

Answer

A

Configuring the SaaS solution

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).

SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider’s data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well. SaaS allows your organization to get quickly up and running with an app at minimal upfront cost.

If you’ve used a web-based email service such as Outlook, Hotmail, or Yahoo! Mail, then you’ve already used a form of SaaS. With these services, you log into your account over the Internet, often from a web browser. The email software is located on the service provider’s network, and your messages are stored there as well. You can access your email and stored messages from a web browser on any computer or Internet-connected device.

The previous examples are free services for personal use. For organizational use, you can rent productivity apps, such as email, collaboration, and calendaring; and sophisticated business applications such as customer relationship management (CRM), enterprise resource planning (ERP), and document management. You pay for the use of these apps by subscription or according to the level of use.

Question 20

Q

What is the primary goal of the defense-in-depth model in cybersecurity?

To establish multiple layers of security controls to mitigate risks.
To outsource security responsibilities to third-party providers.
To focus solely on physical security measures for data centers.
To create a single layer of security controls to prevent all threats.

Answer

A

To establish multiple layers of security controls to mitigate risks.

The defense-in-depth model involves implementing a series of security layers, each providing a different type of protection against threats. This approach minimizes the impact of a single security breach by adding multiple lines of defense.

Question 21

Q

You want to deploy a file share that can be accessed from multiple Azure virtual machines without setting up a separate file server. Which Azure service can you use to achieve this?

Azure App Service
Azure Storage Account
Azure SQL Database
Azure Virtual Network

Answer

A

Azure Storage Account

This is a tricky question. Azure Storage Account is the correct answer as it provides Azure Files, which can be used to create a file share accessible from multiple virtual machines. Remember, we always need to choose the BEST option from the ones provided. Even though Azure Files would’ve been the ideal option, but since its not one of the options we need to go with the best option possible.

Other Options:

Azure SQL Database is a database service and not suitable for sharing files among multiple virtual machines.

Azure Virtual Network is a networking service and not suitable for file sharing.

Azure App Service is a platform for hosting web applications and not suitable for file sharing.

Question 22

Q

Power BI can access infrequently used data from which of the following?

Azure Cosmos DB
Azure PostgreSQL
Azure SQL Data Warehouse
Azure DataLake

Answer

A

Azure SQL Data Warehouse
Azure DataLake

Question 23

Q

What is the primary purpose of Microsoft Purview in Azure?
1. To offer a suite of security services for protecting virtual machines.
2. To enable real-time analytics and monitoring for Azure resources.
3. To manage and govern data across on-premises, multi-cloud, and SaaS environments.
4. To provide a cloud-based development platform for building and deploying applications.

Answer

A

To manage and govern data across on-premises, multi-cloud, and SaaS environments.

Microsoft Purview is designed to help organizations manage, discover, classify, and govern data across a variety of sources, including on-premises, multi-cloud, and software-as-a-service (SaaS) environments. It provides a unified data governance solution to ensure data security, compliance, and data-driven insights.

Question 24

Q

How does Defender for Cloud contribute to the security of Azure-native services?
1. By enforcing access controls on physical hardware.
2. By natively integrating with Azure services to provide monitoring and protection.
3. By focusing solely on Azure App Service protection.
4. By automatically deploying Log Analytics agents to Azure machines.

Answer

A

By natively integrating with Azure services to provide monitoring and protection.

Defender for Cloud, being an Azure-native service, natively integrates with Azure services, monitoring and protecting them without requiring additional deployment. This integration enhances the security posture of Azure resources.

Question 25

Q

Which of the following is a server-less solution that allows you to write less code, maintain less infrastructure, and save on costs.?
1. Azure DevOps
2. Azure Logic Apps
3. Azure Functions
4. Azure App Service

Answer

A

Azure Functions

Azure Functions allows you to run small pieces of code (called “functions”) without worrying about application infrastructure. With Azure Functions, the cloud infrastructure provides all the up-to-date servers you need to keep your application running at scale.

A function is “triggered” by a specific type of event. Supported triggers include responding to changes in data, responding to messages, running on a schedule, or as the result of an HTTP request.

Few of the features of Azure Functions are:

Question 26

Q

Which of the following Azure Support Plans grants access to:

1) 24x7 Access to Support Engineers via email and phone

2) Training in the form of webinars from Azure experts

3) Access to the Support API
_______________________________________________________
1. Basic
2. Developer
3. Standard
4. Professional Direct

Answer

A

Professional Direct

Look at the table below. Clearly, Professional Direct is the correct option.
It is the only option (last column) that fulfills all mentioned requirements.

Question 27

Q

You’ve been asked by senior management to prepare a presentation describing not only the benefits, but also the estimated cost savings you can realize by migrating your workloads to Azure. As the lead architect, which service would you use for these calculations?
1. Azure Cost Management
2. Azure Advisor
3. Azure TCO calculator
4. Azure Monitor

Answer

A

Azure TCO calculator

For users wishing to adopt cloud services, Azure provides a web-based TCO Calculator. You can use this calculator to estimate the costs of migrating your data and applications to Azure and predict potential savings.

Question 28

Q

In the defense-in-depth model, what is the role of the “network” layer?
1. It limits communication between resources and enforces access controls.
2. It secures access to virtual machines.
3. It focuses on securing access to applications.
4. It ensures the physical security of computing hardware.

Answer

A

It limits communication between resources and enforces access controls.

The “network” layer in the defense-in-depth model is responsible for limiting communication between resources, which helps prevent the spread of attacks. It enforces access controls to ensure that only necessary communication occurs and reduces the risk of an attack affecting other systems.

Question 29

Q

Yes or No:

It is possible to deploy Azure resources through a Tablet by using Bash in the Azure Cloud Shell.

Answer

A

Yes

Azure Cloud Shell is an interactive, authenticated, browser-accessible (the key to everything since all you need is a browser and the OS doesn’t matter) shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Question 30

Q

You are the senior architect of XYZ organization and the senior management has requested to migrate all on-prem resources to the cloud.
The requirement is that only Platform as a Service (PaaS) solutions must be used in Azure.
Solution: To begin, you create an Azure App Service and Azure SQL databases.
Would this meet the goal?

Answer

A

Yes

Please always remember - Azure App Service and Azure SQL Databases are both PaaS services!
Azure App Service - Allows us to quickly build, deploy, and scale web apps created with popular frameworks such as .NET, .NET Core, Node.js, Java, PHP, Ruby, or Python, in containers or running on any operating system. It offers rigorous, enterprise-grade performance, security, and compliance requirements by using the fully managed platform for your operational and monitoring tasks.
Azure SQL Database - Microsoft Azure SQL Database is a managed cloud database provided as a part of Microsoft Azure. A cloud database is a database that runs on a cloud computing platform, and access to it is provided as a service. Managed database services take care of scalability, backup, and high availability of the database.

Question 31

Q

Which of the following services allows you to send events generated from Azure resources to applications?
1. Azure Event Grid
2. Azure App Service
3. Azure Cognitive Services
4. Azure Event Hub

Answer

A

Azure Event Grid

Question 32

Q

Yes or No:

A resource group can contain resources from multiple Azure regions.

Answer

A

Yes

Resources from multiple different regions can be placed in a resource group. The resource group only contains metadata about the resources it contains.

Question 33

Q

Yes or No: Permissions are by default inherited by all resources residing in a resource group.

Answer

A

Yes

A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group.

Question 34

Q

For industries that work with highly sensitive data, such as banking, finance, government, and healthcare, ___________ cloud may be their best cloud option.
1. Hybrid
2. Public
3. Private

Answer

A

Hybrid

For industries that work with highly sensitive data, such as banking, finance, government, and healthcare, hybrid may be their best cloud option. For example, some regulated industries require certain types of data to be stored on-premises while allowing less sensitive data to be stored on the cloud. In this kind of hybrid cloud architecture, organizations gain the flexibility of the public cloud for less regulated computing tasks, while still meeting their industry requirements.

Question 35

Q

A hacker group recently attacked your video streaming website and all your resources were exhausted and unavailable to your users. What can you do to prevent this type of attack in the future?
1. Use Azure Virtual Networks
2. Use Azure DDoS protection
3. Use an Azure Firewall
4. Use a Network Security Group

Answer

A

Use Azure DDoS protection

Azure has two DDoS service offerings that provide protection from network attacks (Layer 3 and 4): DDoS Protection Basic and DDoS Protection Standard.

DDoS Protection Basic

Basic protection is integrated into the Azure by default at no additional cost. The scale and capacity of the globally deployed Azure network provides defense against common network-layer attacks through always-on traffic monitoring and real-time mitigation. DDoS Protection Basic requires no user configuration or application changes. DDoS Protection Basic helps protect all Azure services, including PaaS services like Azure DNS.
Basic DDoS protection in Azure consists of both software and hardware components. A software control plane decides when, where, and what type of traffic should be steered through hardware appliances that analyze and remove attack traffic. The control plane makes this decision based on an infrastructure-wide DDoS Protection policy. This policy is statically set and universally applied to all Azure customers.
For example, the DDoS Protection policy specifies at what traffic volume the protection should be triggered. (That is, the tenant’s traffic should be routed through scrubbing appliances.) The policy then specifies how the scrubbing appliances should mitigate the attack.
The Azure DDoS Protection Basic service is targeted at protection of the infrastructure and protection of the Azure platform. It mitigates traffic when it exceeds a rate that is so significant that it might affect multiple customers in a multitenant environment. It doesn’t provide alerting or per-customer customized policies.
DDoS Protection Standard
Standard protection provides enhanced DDoS mitigation features. It’s automatically tuned to help protect your specific Azure resources in a virtual network. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. It has several advantages over the basic service, including logging, alerting, and telemetry. The following sections outline the key features of the Azure DDoS Protection Standard service.

Question 36

Q

Which of the following is an accurate description of Azure ExpressRoute?
1. A service that provides backup and disaster recovery solutions for Azure resources.
2. A service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters.
3. A service that enables you to manage and monitor Azure resources from a single, unified dashboard.
4. A service that allows you to connect your on-premises infrastructure to Azure over the public internet.

Answer

A

A service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters.

Azure ExpressRoute is a service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters. This allows you to extend your on-premises network into Azure, providing a more secure and reliable connection than the public internet.

A service that allows you to connect your on-premises infrastructure to Azure over the public internet: This is incorrect because Azure ExpressRoute does not use the public internet for connectivity. Instead, it provides a private, dedicated connection.

A service that provides backup and disaster recovery solutions for Azure resources: This is incorrect because Azure ExpressRoute is not specifically designed for backup and disaster recovery. While it can be used in conjunction with these solutions, it is primarily used for private connectivity.

A service that enables you to manage and monitor Azure resources from a single, unified dashboard: This is incorrect because Azure ExpressRoute is not a management or monitoring tool for Azure resources. It is a connectivity service that enables you to extend your on-premises network into Azure.

Question 37

Q

Which of the following is a distributed network of servers that can efficiently deliver web content to users?
1. Azure Application Gateway
2. Azure Virtual Network
3. Azure Logic Apps
4. Azure Content Delivery Network

Answer

A

Azure Content Delivery Network

According to the official docs, a Content Delivery Network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.

Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).

Question 38

Q

Which of the following factors can affect the availability of an Azure service under the SLA?
1. Natural disasters
2. Planned maintenance activities
3. Network disruptions outside of Azure
4. Hardware or software failures within Azure

Answer

A

Natural disasters
Planned maintenance activities

The Service Level Agreement (SLA) for Azure services guarantees a certain level of availability, which is expressed as a percentage of uptime over a specific period of time. However, certain factors can affect the availability of an Azure service, even if it is covered under the SLA.

Network disruptions outside of Azure, such as issues with your own internet service provider (ISP), can impact your ability to connect to Azure services and can affect their availability. However, these types of disruptions are outside of Microsoft’s control, so they are NOT considered in the Azure SLA.

Planned maintenance activities, which are performed to update or maintain Azure services, can cause temporary downtime. However, Microsoft typically schedules maintenance activities during off-peak hours to minimize their impact on availability.

Hardware or software failures within Azure can cause disruptions to service availability. Microsoft implements measures to minimize the impact of these failures, such as redundancy and failover mechanisms, but they can still occur.

Natural disasters, such as earthquakes or hurricanes, can also impact the availability of Azure services, but this is outside of Microsoft’s control.

Question 39

Q

You want to restrict access to certain Azure resources based on departmental requirements within your organization. Which Azure feature would you use?
1. Azure Active Directory
2. Subscriptions
3. Management groups
4. Resource groups

Answer

A

Subscriptions

In this scenario, you would use subscriptions to restrict access to certain Azure resources based on departmental requirements. Subscriptions can be used to apply different access-management policies, reflecting different organizational structures. Azure applies access-management policies at the subscription level, which allows you to manage and control access to the resources that users provision within specific subscriptions.

Other options -

Resource groups: Resource groups are primarily used to organize resources that are related to the same project or have the same lifecycle. They are not specifically designed for access control based on departmental requirements.

Management groups: Management groups are used to efficiently manage access, policies, and compliance for multiple subscriptions, providing a level of scope above subscriptions. They are more suitable for large-scale governance rather than restricting access based on departmental requirements.

Azure Active Directory: While Azure Active Directory (Azure AD) is responsible for handling authentication and authorization, it alone cannot restrict access to certain Azure resources based on departmental requirements. Instead, Azure AD is used in conjunction with other features like subscriptions to control access.

Question 40

Q

The ___________________ is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
1. Center for Internet Security (CIS)
2. American National Standards Institute (ANSI)
3. International Organization for Standardization (ISO)
4. General Data Protection Regulation (GDPR)

Answer

A

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The GDPR is an important component of EU privacy law and of human rights law, in particular Article 8 of the Charter of Fundamental Rights of the European Union.

Question 41

Q

Which of the following services would you help achieve the following:
1) Create and manage a group of load balanced VMs.
2) Provide high availability and application resiliency by distributing VMs across availability zones
3) Allows your application to automatically scale as resource demand changes
——————————————————————————————
1. Azure Resource Groups
2. Azure Scale Sets
3. Azure Region Pairs
4. Azure Subscriptions

Answer

A

Azure Scale Sets

Question 42

Q

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure App Service and 3 Azure Virtual machines.

Would you agree with this implementation?

Answer

A

No

An Azure App Service is a PaaS (Platform as a Service) example so this is not an issue.

However, Azure Virtual machines fall under the category of IaaS (Infrastructure as a Service) service since you’re renting infrastructure. Therefore, we would disagree with this decision.

Question 43

Q

Is it possible to modify an Azure resource that has a delete lock applied to it?
1. Yes, but only by users with the least privileges
2. No, a delete lock prevents all users from modifying or deleting the resource
3. No, but a delete lock can be temporarily disabled to make modifications
4. Yes, it is possible for the admin to do so

Answer

A

Yes, it is possible for the admin to do so

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Question 44

Q

_________________ offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. This means it can be used to completely replace or supplement traditional on-premises file servers or NAS devices.
1. Azure Files
2. Azure Blob Storage
3. Azure SQL Database
4. Azure Data Lake Storage

Answer

A

Azure Files

Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server. To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.

Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity.

Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you’re accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.

Question 45

Q

What is the present maximum capacity for storage accounts?
1. 400 TB
2. 2 PiB
3. 750 TiB
4. 5 PiB

Answer

A

5 PiB

The maximum storage account capacity currently is : 5PiB

*These might change with time

Question 46

Q

Yes or No:

We get total control of the underlying Operating System when working with Platform As a Service (PaaS) solutions.

Answer

A

No

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Question 47

Q

Your company plans to deploy multiple Virtual Machines in Azure. As the lead architect, you must ensure that all these virtual machines are available if a single data center fails.

Solution: You deploy the virtual machines to two or more Availability Zones.

Would this solution meet the goal?

Answer

A

Yes

Absolutely! The answer is in the question itself. If one data center goes down, we can make sure our VM is still running in another data center! This is the entire concept of fault tolerance - Make sure you have enough backups to prevent downtime.

Availability Zones -

An Availability Zone is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking (VERY IMPORTANT PLEASE NOTE).

To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.

Azure services that support Availability Zones fall into two categories:

1) Zonal services – where a resource is pinned to a specific zone (for example, virtual machines, managed disks, Standard IP addresses), or

2) Zone-redundant services – when the Azure platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).

To achieve comprehensive business continuity on Azure, build your application architecture using the combination of Availability Zones with Azure region pairs. You can synchronously replicate your applications and data using Availability Zones within an Azure region for high-availability and asynchronously replicate across Azure regions for disaster recovery protection.

Question 48

Q

During live telecasts of football matches, streaming platforms sometimes experience massive spikes in viewerships and users visiting their websites when a goal is scored. Which of the following would be beneficial to deal with such expected demand of resources?
1. Serverless Computing
2. Containers
3. Virtual Machines
4. Kubernetes

Answer

A

Serverless Computing

Serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code.

While understanding the definition of serverless computing, it’s important to note that servers are still running the code. The serverless name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer. This approach enables developers to increase their focus on the business logic and deliver more value to the core of the business (IMPORTANT). Serverless computing helps teams increase their productivity and bring products to market faster, and it allows organizations to better optimize resources and stay focused on innovation.

Question 49

Q

Which of the following services provides a personalized view of the health of the Azure services, regions, and resources you rely on?
1. Azure Monitor
2. Azure Service Health
3. Azure Advisor
4. Azure Resource Health

Answer

A

Azure Service Health

Azure Service Health provides a personalized view of the health of the Azure services, regions, and resources you rely on. The status.azure.com website, which displays only major issues that broadly affect Azure customers, doesn’t provide the full picture. But Azure Service Health displays both major and smaller, localized issues that affect you. Service issues are rare, but it’s important to be prepared for the unexpected. You can set up alerts that help you triage outages and planned maintenance. After an outage, Service Health provides official incident reports, called root cause analyses (RCAs), which you can share with stakeholders.

Question 50

Q

You have dozens of Virtual Machines (VM) hosted in Azure. The lead architect has asked for your suggestions to migrate all the VMs to an Azure pay-as-you-go subscription. Which expenditure model would apply to the stated requirement?
1. Scalable
2. Operational
3. Capital
4. Fault Tolerant

Answer

A

Operational

Fault Tolerant and Scalable are wrong answers because such payment models don’t exist. Capital expenditure is also incorrect since we aren’t going to be paying anything up front. Operational makes most sense since it means ‘pay as you go’ , i.e paying only for what you consume and nothing else.

Pay-As-You-Go

This offer is billed at the standard Pay-As-You-Go rates, except as otherwise specified.

You will be notified through email at least 30 days in advance of any changes to the Pay-As-You-Go rates. New services may be added periodically to the Azure platform. Azure will notify you in advance of these new services and any fees that might be charged for using them. However, you would only be charged if you elect to use the new services.

Any taxes which may result from receiving services at no charge are the sole responsibility of the recipient.

Question 51

Q

How can you determine the estimated monthly cost of an Azure service or resource?
1. By checking the current Azure Marketplace pricing
2. By contacting Microsoft customer support
3. By analyzing the usage data of the resource
4. By using the Azure Pricing Calculator

Answer

A

By using the Azure Pricing Calculator

The Azure Pricing Calculator is a free tool that can be used to estimate the monthly cost of Azure services and resources based on factors such as region, usage, and quantity. It allows users to select specific Azure services and configurations and provides an estimated monthly cost based on the chosen parameters.

Other options:

By contacting Microsoft customer support : This is incorrect because contacting Microsoft customer support is not a reliable method to determine the estimated monthly cost of an Azure service or resource.

By analyzing the usage data of the resource: This is incorrect because analyzing the usage data of a resource can help in optimizing costs but it does not provide an estimated monthly cost.

By checking the current Azure Marketplace pricing: This is incorrect because checking the current Azure Marketplace pricing does not necessarily provide the estimated monthly cost of a particular service or resource.

Question 52

Q

Yes or No:

Data in an Azure storage account is replicated 3 times in the primary region.

Answer

A

Yes

Azure Storage always stores multiple copies of your data so that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets the Service-Level Agreement (SLA) for Azure Storage even in the face of failures.

Question 53

Q

Which of the following displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services?
1. Azure Service Health
2. Azure Monitor
3. Azure Advisor
4. Azure Arc

Answer

A

Azure Advisor

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Advisor is designed to help you save time on cloud optimization. The recommendation service includes suggested actions you can take right away, postpone, or dismiss.

The recommendations are available via the Azure portal and the API, and you can set up notifications to alert you to new recommendations.

When you’re in the Azure portal, the Advisor dashboard displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services.

Question 54

Q

Azure virtual machines (VM) are classified as which of the following offering
1. Platform-as-a-service (Paas)
2. Software-as-a-service (Saas)
3. Infrastructure-as-a-service (Iaas)
4. Database-as-a-service (Daas)

Answer

A

Infrastructure-as-a-service (Iaas)

According to the official Azure website, Azure VMs are classified as IaaS since you are renting out physical hardware. Refer to this image :

Question 55

Q

What is the significance of implementing security controls at the “data” layer in the defense-in-depth model?
1. It prevents network-based attacks against resources.
2. It ensures the physical security of data storage.
3. It protects sensitive data and ensures confidentiality, integrity, and availability.
4. It reduces the impact of denial of service (DoS) attacks.

Answer

A

It protects sensitive data and ensures confidentiality, integrity, and availability.

The “data” layer in the defense-in-depth model is responsible for controlling access to business and customer data. It ensures that sensitive data is properly secured and complies with regulatory requirements, ensuring its confidentiality, integrity, and availability.

Question 56

Q

You can significantly reduce costs (up-to 72%) as compared to pay-as-you-go pricing by _______________.
1. Using the free tier
2. Using Reserved Instances
3. Not using a lot of resources
4. Provisioning a lot of resources

Answer

A

Using Reserved Instances

You can significantly reduce costs — up to 72 percent compared to pay-as-you-go prices—with

one-year or three-year terms on Windows and Linux virtual machines (VMs). When you combine the cost savings gained from Azure RIs (reserved instances) with the added value of the Azure Hybrid Benefit, you can save up to 80 percent**.

It is possible to lower your total cost of ownership by combining Azure Reserved Instances with pay-as-you-go prices to manage costs across predictable and variable workloads. In many cases, you can further reduce your costs with reserved instance size flexibility.

Question 57

Q

Is an internet connection necessary for using cloud computing?

Answer

A

No

The answer is no. Cloud computing services can be used over the internet, but they can also be used through private networks or dedicated connections, such as Azure ExpressRoute, which provides a dedicated, private network connection between on-premises infrastructure and Azure data centers. Some cloud services can also be accessed offline or through local networks.

For example, Azure Stack is a hybrid cloud solution that allows you to use Azure services on-premises, without an internet connection. This can be useful for organizations that have limited or unreliable internet connectivity but still want to take advantage of the benefits of cloud computing.

Similarly, some cloud providers offer edge computing solutions that allow you to run cloud workloads on devices located at the edge of the network, such as in a factory or remote location, without needing a constant internet connection.

In general, however, most cloud services do require an internet connection to access and use them. This is because the underlying infrastructure and resources that support these services are typically hosted in data centers that are connected to the internet.

Question 58

Q

Yes or No:

If you assign permissions to a resource group, all the resources inside it inherit these permissions.

Answer

A

Yes

Yes, it is true that if you assign certain permissions to a resource group, then all the resources inside it inherit those permissions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.
Generally, we add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group.

See below (VERY IMPORTANT TO UNDERSTAND AND REMEMBER THIS DIAGRAM):

Question 59

Q

Yes or No:

One of the definitions of the Hybrid cloud model is to use multiple Public Clouds in conjunction with a Private Cloud.

Answer

A

Yes

A hybrid cloud—sometimes called a cloud hybrid—is a computing environment that combines an on-premises datacenter (also called a private cloud) with a public cloud, allowing data and applications to be shared between them. Some people define hybrid cloud to include “multicloud” configurations where an organization uses more than one public cloud in addition to their on-premises datacenter.

Question 60

Q

A client of yours is a content creator and would like to be notified via Email whenever their course is purchased. Which of the following solutions would be best suited for this automation?
1. A Server image in Azure Marketplace
2. An API app
3. A Web App
4. A Logic App

Answer

A

A Logic App

Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

For example, here are just a few workloads you can automate with logic apps:

-> Process and route orders across on-premises systems and cloud services.
-> Send email notifications with Office 365 when events happen in various systems, apps, and services.
-> Move uploaded files from an SFTP or FTP server to Azure Storage.
-> Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.
An example of a flow:

Question 61

Q

Which of the following services can automatically sign users in when they are on their corporate devices & connected to your corporate network?
1. Password Auth
2. Azure Sentinel
3. Single-Sign-On (SSO)
4. Multi-Factor Authentication (MFA)

Answer

A

Single-Sign-On (SSO)

From the official documentation: Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) automatically signs users in when they are on their corporate devices connected to your corporate network. When enabled, users don’t need to type in their passwords to sign in to Azure AD, and usually, even type in their usernames. This feature provides your users easy access to your cloud-based applications without needing any additional on-premises components.

With single sign-on, users sign in once with one account to access domain-joined devices, company resources, software as a service (SaaS) applications, and web applications. After signing in, the user can launch applications from the Office 365 portal or the Azure AD MyApps access panel. Administrators can centralize user account management, and automatically add or remove user access to applications based on group membership.

Question 62

Q

An organization would like to create a web app to allow its employees to enter their vacation / time-off details and then store that information in a backend storage solution. They have noted that Python is their preferred language.

As the lead consultant, which service would you recommend?
1. Azure Functions
2. Azure Cosmos DB
3. Azure App Service
4. Azure Kubernetes

Answer

A

Azure App Service

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
It is also possible to scale apps on an enterprise grade platform:

Question 63

Q

One of the teams in your company is looking for a solution for collecting, analyzing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment.

Which of the following would you recommend?
1. Azure Monitor
2. Azure Logs
3. Azure Insights
4. Azure Advisor

Answer

A

Azure Monitor

Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment.

The following diagram illustrates just how comprehensive Azure Monitor is.
On the left is a list of the sources of logging and metric data that can be collected at every layer in your application architecture, from application to operating system and network.

In the center, you can see how the logging and metric data is stored in central repositories.

On the right, the data is used in a number of ways. You can view real-time and historical performance across each layer of your architecture, or aggregated and detailed information. The data is displayed at different levels for different audiences. You can view high-level reports on the Azure Monitor Dashboard or create custom views by using Power BI and Kusto queries.

Additionally, you can use the data to help you react to critical events in real time, through alerts delivered to teams via SMS, email, and so on. Or you can use thresholds to trigger autoscaling functionality to scale up or down to meet the demand.

Question 64

Q

You have managed an app that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and be relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?
1. Infrastructure as a Service (IaaS)
2. Software as a Service (SaaS)
3. Platform as a Service (PaaS)
4. Database as a Service (DaaS)

Answer

A

Platform as a Service (PaaS)

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Answer 65

A

Azure Government

Azure Government - It is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local, and tribal governments and their partners have access to this dedicated instance, with operations controlled by screened US citizens.

Answer 66

A

Azure Active Directory

Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access to guard against 99.9 percent of cybersecurity attacks.

Microsoft Defender for Cloud - is a solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across cloud configurations, helps strengthen the overall security posture of environments, and can protect workloads across multicloud and hybrid environments from evolving threats.

Azure Bastion - is a fully managed service that provides more secure and seamless Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs) without any exposure through public IP addresses.

Microsoft Sentinel - is a birds-eye view across the enterprise. It puts the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI).

Answer 67

A

No

According to the official documentation, it is important to note that the services offered in public preview are excluded from the Service Level Agreements (SLAs) . It is therefore not a good idea to deploy production environments on resources / services that are in preview (public or private).

Answer 68

A

It provides protection against both external and internal threats.

The defense-in-depth model focuses on multiple layers of security, including internal defenses. This strategy provides safeguards against both external threats (outside attackers) and internal threats (compromised insiders).

The remaining options don’t make any sense and rather reduce the security configuration.

Answer 69

A

True

Yes, this is true. Resources don’t inherit the tags you apply to a resource group or a subscription. To apply tags from a subscription or resource group to the resources, see Azure Policies - tags.

Answer 70

A

A content delivery network (CDN)

The question states that users are located worldwide and need the least possible latency. The video playback experience would be improved if they can download the video from servers in the same region as the users. We can achieve this by using a Content Delivery Network.

A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.

Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).

The benefits of using Azure CDN to deliver website assets include:

-> Better performance and improved user experience for end users, especially when using applications in which multiple round-trips are required to load content.

-> Large scaling to better handle instantaneous high loads, such as the start of a product launch event.

-> Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

Answer 71

A

Reducing the amount of data transferred between Azure regions

Reducing the amount of data transferred between Azure regions can help reduce costs by minimizing data egress charges.

Other options:

Deploying more virtual machines: This can actually increase costs if they are not utilized efficiently.

Enabling automatic scaling: This can help optimize resource usage and reduce costs, but it depends on the specific workload and usage patterns.

Keeping virtual machines running 24/7: This can result in unnecessary costs, especially if they are not utilized all the time. It is recommended to use automation to start and stop VMs based on usage patterns.

Answer 72

A

Key Management

Enforcing organizational standards and to assess compliance at-scale - This is done by Azure Policy.

To see and stop threats before they cause harm - This is done by Azure Sentinel.

From the official documentation:

Key Management - Azure Key Vault can be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

Answer 73

A

Near unlimited scalability as on-demand resources are available to meet your business needs.

The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies create resources such as virtual machines and virtual networks on the hardware resources.

Incorrect Answers:

Resources are not shared with others, so higher levels of control and privacy are possible - This is a characteristic of a Private Cloud.

Your organization can customize its cloud environment to meet specific business needs - This is also a characteristic of a Private Cloud.

Peace of mind that Azure will send over hardware for you to store in your warehouse - Azure stores all infrastructure on their end. You’d be storing hardware that you purchased and incur CapEx in a Private cloud setup.

Answer 74

A

No

It is important to note that data inbound (ingress) is FREE, but data outbound (egress) is NOT FREE.

Answer 75

A

10,000

The maximum number of management groups that can be supported in a single directory is 10,000. This allows for efficient management of access, policies, and compliance for a large number of subscriptions in an organization.

Answer 76

A

The given statement is correct.

When planning to migrate a website to Azure, the Pay As you Go pricing model is a big advantage. You can even use Azure Websites to accomplish this.

Azure Websites is offered in four tiers: Free, Shared (Preview), Basic and Standard.

Websites Shared (Preview): The price for the Shared tier during preview is $0.013 per hour per website instance (~$10/month). This price reflects a 33% preview discount.

Websites Basic and Standard: The Basic and Standard tiers offer multiple instance sizes as well as scaling to meet changing capacity needs starting from $56 for a Basic (Single Small instance) and $75 for a Standard ( Single small instance)

For more details on features per price tier , click here.

Incorrect Answers:
- You do not need a VPN for Azure web sites.
- You do not pay to transfer data into Azure web sites.
- You are not charged by the second.

Answer 77

A

Azure Cosmos DB

Today’s applications are required to be highly responsive and always online. To achieve low latency and high availability, instances of these applications need to be deployed in datacenters that are close to their users. Applications need to respond in real time to large changes in usage at peak hours, store ever increasing volumes of data, and make this data available to users in milliseconds.

Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service. With the click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide. You can elastically scale throughput and storage, and take advantage of fast, single-digit-millisecond data access using your favorite API including: SQL, MongoDB, Cassandra, Tables, or Gremlin. Cosmos DB provides comprehensive service level agreements (SLAs) for throughput, latency, availability, and consistency guarantees, something no other database service offers.

Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure Functions, Cosmos DB makes storing data quick and easy with much less code than required for storing data in a relational database.

Answer 78

A

6

A management group tree can support up to 6 levels of depth. This limit doesn’t include the root level or the subscription level.

Answer 79

A

A Subscription

Answer 80

A

Azure Cost Management and Billing

Azure Cost Management and Billing is the correct answer & provides recommendations to optimize your cloud spending based on your usage patterns. The service provides insights and cost management tools to help you monitor, allocate, and optimize your cloud costs.

Other options:

Azure Advisor is a service that provides personalized recommendations to help you optimize your Azure resources for high availability, security, performance, and cost. Azure Advisor also provides recommendations to optimize your cloud spending, but its primary focus is on providing guidance for improving the security, reliability, and performance of your Azure resources. While it may include some cost optimization recommendations, it is not solely focused on cost management and billing like Azure Cost Management and Billing. In such questions we’ll always choose the BEST choice possible.

Azure Monitor is a service that provides a single pane of glass to monitor the performance and health of your applications and infrastructure in Azure.

Azure Policy is a service that enables you to enforce governance policies for your Azure resources to ensure compliance with organizational standards and regulations.

Answer 81

A

When protection from regional disasters is required.

Geo-redundant storage (GRS) copies data synchronously within a single region and then asynchronously to a secondary region, providing durability and protection against regional disasters.

Answer 82

A

Yes

A credit of $200 is assigned to the Free account and is valid for 30 days from the date of activation.

Answer 83

A

Microsoft Privacy Statement

Overall explanation
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Microsoft offers a wide range of products, including server products used to help operate enterprises worldwide, devices you use in your home, software that students use at school, and services developers use to create and host what’s next. References to Microsoft products in this statement include Microsoft services, websites, apps, software, servers, and devices.

Please read the product-specific details in this privacy statement, which provide additional relevant information. This statement applies to the interactions Microsoft has with you and the Microsoft products listed below, as well as other Microsoft products that display this statement.

Answer 84

A

Cold Tier
Hot Tier
Archive Storage Tier

Azure storage offers different access tiers, which allow you to store blob object data in the most cost-effective manner. The available access tiers include:

1) Hot Storage- Optimized for storing data that is accessed frequently.

2) Cool Storage- Optimized for storing data that is infrequently accessed and stored for at least 30 days.

3) Archive Storage- Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).

Answer 85

A

No

When you cancel an Azure subscription:

A resource lock doesn’t block the subscription cancellation.

Azure preserves your resources by deactivating them instead of immediately deleting them.

Azure only deletes your resources permanently after a waiting period.

Answer 86

A

monthly

Availability for all Azure services is calculated over a monthly billing cycle. Click here to download SLA for most Microsoft Azure Services.

Answer 87

A

Locally redundant storage and zone-redundant storage.

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region, locally redundant storage (LRS) and zone-redundant storage (ZRS).

Also, Azure Storage offers locally redundant storage (LRS) and zone-redundant storage (ZRS) as options for replicating data within the primary region.

Answer 88

A

No

An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Please Note :
Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Answer 89

A

Enable automatic scaling to adjust VM size based on workload

The correct answer is ‘Enable automatic scaling to adjust VM size based on workload’ as it could be an effective way to optimize costs for the Virtual Machine in Azure. Automatic scaling allows you to automatically adjust the number of Virtual Machine instances and the size of the instances based on demand, which can help you save costs by avoiding overprovisioning.

Using a larger VM size : This would increase costs as its more expensive to use a larger VM size.

Using a smaller VM size: This could reduce performance and may not be suitable for a resource-intensive workload.

Using a different Azure region with lower VM pricing: This may not be a practical solution if the workload requires a specific region for compliance or latency reasons.

Answer 90

A

Yes

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.
Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and virtual machines.

Azure Advisor also includes your recommendations from Microsoft Defender for Cloud which may include recommendations for additional resource types.

Answer 91

A

False

An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Answer 92

A

Yes

A Powershell script can create Azure resources, and since the Powershell module is installed on the Windows computer, this is easily doable.

Answer 93

A

No

An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

One or more Azure subscriptions can establish a trust relationship with an instance of Azure Active Directory (Azure AD) in order to authenticate and authorize security principals and devices against Azure services. When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals LOSE access to Azure resources.

Answer 94

A

Infrastructure as a service (Iaas)

IaaS (Infrastructure as a Service) is, in effect, where a cloud provider hosts the infrastructure components traditionally present in an on-premises data center including servers (operating systems), storage and networking hardware as well as the virtualization or hypervisor layer.

From a security perspective, this offering is probably the closest to traditional in-house IT infrastructure, (Indeed, many companies will effectively move existing server payloads to IaaS either partially or completely resulting in a hybrid solution.) and it will require much of the same security tools as a result.

Answer 95

A

No

No, Australia has several Azure regions -
Including Australia East, Central, Southeast etc.

Answer 96

A

No

Composite SLAs involve multiple services supporting an application, each with differing levels of availability.

For example, consider an App Service web app that writes to Azure SQL Database. At the time of this writing, these Azure services have the following SLAs:

App Service web apps = 99.95%

SQL Database = 99.99%

What is the maximum downtime you would expect for this application? If either service fails, the whole application fails. The probability of each service failing is independent, so the composite SLA for this application is 99.95% × 99.99% = 99.94%. That’s LOWER than the individual SLAs, which isn’t surprising because an application that relies on multiple services has more potential failure points.

You can improve the composite SLA by creating independent fallback paths. For example, if SQL Database is unavailable, put transactions into a queue to be processed later.

With this design, the application is still available even if it can’t connect to the database. However, it fails if the database and the queue both fail at the same time. The expected percentage of time for a simultaneous failure is 0.0001 × 0.001, so the composite SLA for this combined path is:

Database or queue = 1.0 − (0.0001 × 0.001) = 99.99999%

The total composite SLA is:

Web app and (database or queue) = 99.95% × 99.99999% = ~99.95%

There are tradeoffs to this approach. The application logic is more complex, you are paying for the queue, and you need to consider data consistency issues.

Answer 97

A

For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months’ notification prior to ending support if no successor product or service is offered—excluding free services or preview releases.

The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. Under this policy, the product or service remains in support if the following criteria are met:

Customers must stay current as per the servicing and system requirements published for the product or service.

Customers must be licensed to use the product or service.

Microsoft must currently offer support for the product or service.

Answer 98

A

Power costs
Current infrastructure configuration
IT labor costs

Current infrastructure configuration - Correct, the TCO calculator allows you to input your current infrastructure configuration, including servers, databases, storage, and outbound network traffic.

Power costs - Correct, the TCO calculator lets you add assumptions about power costs in your current environment to estimate the cost difference between on-premises and Azure.

IT labor costs - Correct, the TCO calculator allows you to include assumptions about IT labor costs to help estimate the cost difference between your current environment and Azure.

Subscription type - Incorrect, the TCO calculator focuses on comparing on-premises infrastructure costs with Azure Cloud infrastructure costs. Subscription type is not part of the input for the TCO calculator.

Answer 99

A

Deploy the VM to a certain subnet and restrict traffic using a Network Security Group (NSG).

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet. You can then deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization’s internal network. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups. For more information, see Security groups.

You can filter network traffic between subnets using either or both of the following options:

1) Security groups: Network security groups and application security groups can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. To learn more, see Network security groups or Application security groups.

2) Network virtual appliances: A network virtual appliance is a VM that performs a network function, such as a firewall, WAN optimization, or other network function. To view a list of available network virtual appliances that you can deploy in a virtual network, see Azure Marketplace.

Answer 100

A

Yes

A resource can connect to resources in other resource groups. This scenario is common when the two resources are related but don’t share the same lifecycle. For example, you can have a web app that connects to a database in a different resource group.

Answer 101

A

No

The BASIC Support plan is associated with all accounts but a STANDARD plan needs to be purchased and costs $100/month.

Answer 102

A

Azure App Service

The Azure App Service is the correct answer and is a fully managed Platform as a Service (PaaS) that provides a runtime environment for hosting, deploying, and scaling applications.

Azure App Service supports a variety of programming languages, including .NET, Java, Node.js, Python, and PHP, among others. It also provides built-in support for popular content management systems like WordPress and Drupal, and integrates with Azure DevOps for streamlined deployment and continuous integration/continuous deployment (CI/CD).

Other Options:

Azure Logic Apps is designed more for workflow automation and integration, and does not provide a runtime environment for hosting and deploying applications. While it is possible to use Azure Logic Apps to trigger actions in response to events in Azure App Service (for example, deploying a new version of an application), it is not a direct replacement for Azure App Service.

Azure Advisor is a valuable tool for optimizing Azure resources, it is not a fully managed Platform as a Service (PaaS) like Azure App Service. Azure Advisor does not provide a runtime environment for hosting, deploying, and scaling applications, and it does not support a variety of programming languages.

Azure Front Door is a useful service for load balancing and routing traffic, it is not a fully managed Platform as a Service (PaaS) like Azure App Service. Azure Front Door does not provide a runtime environment for hosting, deploying, and scaling applications, and it does not support a variety of programming languages.

Answer 103

A

True

Azure AD provides services such as:

Authentication

This includes verifying identity to access applications and resources. It also includes providing functionality such as self-service password reset, multifactor authentication, a custom list of banned passwords, and smart lockout services.

Single sign-on

SSO enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts.

Application management

You can manage your cloud and on-premises apps by using Azure AD. Features like Application Proxy, SaaS apps, the My Apps portal (also called the access panel), and single sign-on provide a better user experience.

Device management

Along with accounts for individual people, Azure AD supports the registration of devices. Registration enables devices to be managed through tools like Microsoft Intune. It also allows for device-based Conditional Access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.

Answer 104

A

open an online customer support request at no charge.

If you want to raise the limit or quota above the default limit, you can open an online customer support request at no charge.

Answer 105

A

No

A resource group is a logical container for Azure resources. When you create a resource group, you specify which location to create the resource group in.

However, when you create a virtual machine and place it in the resource group, the virtual machine can still be in a different location (different datacenter).

Therefore, creating multiple resource groups, even if they are in separate datacenters does not ensure that the services running on the virtual machines are available if a single data center fails. What you really need is high availability and deploying the VM to multiple Regions and AZs.

Answer 106

A

It allows data to be accessible even if a zone becomes unavailable.

For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region. ZRS offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year. With ZRS, your data is still accessible for both read and write operations even if a zone becomes unavailable.

Answer 107

A

Azure File Storage
Azure Table Storage
Azure Blob Storage

The Azure services that can be used to store unstructured data are: Azure Blob Storage, Azure Table Storage and Azure File Storage.

Azure Table Storage can also be used to store unstructured data in Azure. Azure Table Storage is a NoSQL key-value store that can be used to store structured and semi-structured data, as well as unstructured data such as large text and binary data. Azure Table Storage allows you to store large amounts of data in a flexible schema that can evolve over time, making it a good choice for storing unstructured data that does not fit well into a fixed schema.

Azure File Storage can also be used to store unstructured data in Azure. Azure File Storage is a fully managed file share service that can be used to store and share unstructured data, such as documents, media files, and logs. Azure File Storage provides the standard SMB (Server Message Block) file share protocol, which allows you to easily mount file shares from multiple VMs in the same region or across regions. This makes it a good choice for scenarios where you need to share unstructured data between multiple VMs or applications.

Azure Blob Storage is a massively scalable object storage service that allows you to store and access large amounts of unstructured data, such as text and binary data, images, and videos. It’s commonly used for data storage, backup and recovery, and data archiving.

Incorrect -

Azure Queue Storage, on the other hand, is not suitable for storing unstructured data. It is designed for reliably queuing and processing messages between different components of a distributed application, rather than for storing large amounts of unstructured data.

Answer 108

A

Azure DevTest Labs

Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.

Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.

Answer 109

A

Yes

Yes! Azure HDInsight is an enterprise-ready, managed cluster service for open-source analytics.

You can run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka,

and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. You can also effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Answer 110

A

To provide high availability and durability in the face of failures.

From the official documentation: Azure Storage always stores multiple copies of your data so that it’s protected from planned and unplanned events such as transient hardware failures, network or power outages, and natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures. Redundancy in Azure Storage ensures that data is protected from planned and unplanned events, providing high availability and durability even in the event of hardware failures, outages, or disasters.

Answer 111

A

Azure Virtual Machine

An Azure virtual machine is an example of Infrastructure as a Service (IaaS).

Azure Machine Learning, Azure Event Hubs, Azure HDInsight are all examples of Platform as a Service (Paas)

Answer 112

A

Site-to-Site (IPsec)

The correct answer Site-to-Site (IPsec).

Site-to-Site (IPsec) VPN connection type is used to connect two or more virtual networks that are in different regions, data centers, or even different cloud providers. It allows you to connect an on-premises network or a branch office network to an Azure virtual network, or to connect two Azure virtual networks that are in different regions. Site-to-Site VPN connections use a VPN gateway to provide a secure connection over the Internet. IPsec is the protocol used to secure the VPN connection.

Other options:

VNet-to-VNet (IPsec): This is not the best choice for this scenario because it is designed to connect two virtual networks within the same region. It creates an IPsec tunnel between the two virtual networks, allowing resources to communicate securely and privately over the Microsoft backbone network. Since the two virtual networks in this scenario are in different regions, VNet-to-VNet (IPsec) would not be the most efficient or cost-effective option.

Point-to-Site (VPN over SSL): This is used to connect individual devices to an Azure virtual network over a VPN connection. It is not suitable for connecting virtual networks in different regions.

ExpressRoute: This is a private connection between an on-premises infrastructure and an Azure data center. It provides dedicated, high-speed connectivity between your network and Azure, but it is not suitable for connecting virtual networks in different regions.

Answer 113

A

Yes

Virtual Machines are resources and can be moved to a new region.

For VMs, replica VMs are created in the target region. The source VM is shut down, and some downtime occurs (usually minutes).

Answer 114

A

Azure Security Center

A great place to start when examining the security of your Azure-based solutions is Azure Security Center. Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Security Center can:

1) Provide security recommendations based on your configurations, resources, and networks.

2) Monitor security settings across on-premises and cloud workloads, and automatically apply required security to new services as they come online.

3) Continuously monitor all your services, and perform automatic security assessments to identify potential vulnerabilities before they can be exploited.

4) Use machine learning to detect and block malware from being installed on your virtual

machines and services. You can also define a list of allowed applications to ensure that only the apps you validate are allowed to execute.

5) Analyze and identify potential inbound attacks, and help to investigate threats and any post-breach activity that might have occurred.

Answer 115

A

Total Cost of Ownership calculator

The Total Cost of Ownership (TCO) calculator is designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. It takes into account your current infrastructure configuration, power costs, IT labor costs, and other factors to provide an estimate of the cost difference between the two environments.

Other options -

Pricing calculator - This tool is designed to estimate the cost of provisioning resources in Azure but does not provide a comparison between on-premises infrastructure costs and Azure Cloud infrastructure costs.

Resource cost calculator - This option is incorrect because there is no specific “Resource cost calculator” in Azure. The Pricing calculator and TCO calculator are the main tools used to estimate costs in Azure.

Billing calculator - This option is incorrect because there is no specific “Billing calculator” in Azure. The Pricing calculator estimates costs for provisioning resources in Azure, while the TCO calculator compares on-premises infrastructure costs to Azure Cloud infrastructure costs.

Answer 116

A

False

You can always scale your PaaS solution up (increase the memory) or out (add more instances) without re-deployment.

The very beauty of PaaS is that it allows you to avoid the expense and complexity of buying and managing software licences, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes or the development tools and other resources. You manage the applications and services that you develop, and the cloud service provider typically manages everything else.

Answer 117

A

Datacenters

Azure datacentres are unique physical buildings—located all over the globe—that house a group of networked computer servers.

Answer 118

A

Load Balancer

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Why use Azure Load Balancer?

With Azure Load Balancer, you can scale your applications and create highly available services. Load balancer supports both inbound and outbound scenarios. Load balancer provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

Answer 119

A

No

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Answer 120

A

False

Private Preview - During this phase we invite a few customers to take part in early access to new concepts and features. This phase DOES NOT include formal support.

Answer 121

A

A Resource group must be in the same region as its resources

The option “Resource group must be in the same region as its resources” is NOT a valid constraint for Resource Groups.

While it’s recommended that resources in a resource group be located in the same region for optimal performance, it’s not a strict requirement. Resources in a resource group can span different regions, and this can be useful for achieving high availability and disaster recovery scenarios, as well as for optimizing data access for users in different geographic locations.

Other options:

Resource group can contain resources located in different regions: This is a valid Azure resource group constraint. As mentioned above, resources in a resource group can span different regions.

Resource group can contain resources that belong to different subscriptions: This is also a valid Azure resource group constraint. A single resource group can contain resources that belong to different subscriptions, which is useful for managing resources across multiple subscriptions.

Resource group can be used to apply consistent policies to resources: This is also a valid Azure resource group constraint. Azure Policy can be used to apply governance policies to all resources in a resource group, ensuring consistent compliance across resources.

Answer 122

A

Access to a number of Azure products free for 12 months
Credit to spend within the first 30 days of sign-up
Access to more than 25 products that are always free

Access to a number of Azure products free for 12 months - This is correct because an Azure free trial subscription provides access to several Azure products for free during the first 12 months.

Credit to spend within the first 30 days of sign-up - This is correct as the Azure free trial subscription offers credit to spend within the first 30 days after sign-up, which allows users to explore and use various Azure services during that period.

Unlimited access to all Azure services - This is incorrect because the Azure free trial subscription does not provide unlimited access to all Azure services. It offers a limited set of free services, usage allowances, and credits to spend within a specified timeframe.

Access to more than 25 products that are always free - This is correct because, in addition to the free services available during the trial period, the Azure free trial subscription provides access to more than 25 products that are always free, based on resource and region availability. These products can be used without any additional costs even after the trial period is over.

Answer 123

A

Single Sign On (SSO)

SSO enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts.

Answer 124

A

Uptime and Connectivity Guarantees
Service Credits
Performance Targets

A Service Level Agreement or SLA is a formal document that provides specific terms that state the level of service that will be provided to a customer. Microsoft’s Azure SLA defines three primary characteristics of

Azure service - Performance targets, Uptime, and Connectivity guarantees.

It should be noted that the free and shared tiers of many services DO NOT come with an SLA. (Imp.)

Answer 125

A

Azure Monitor

You can use Azure Monitor to set up alerts for key events that are related to your specific resources.

Answer 126

A

By geography

The cost of network traffic in Azure is affected by geography. Data transfer costs can vary depending on the zones, which are geographical groupings of Azure regions for billing purposes. The cost of moving data within a region or between regions can differ, impacting the overall cost of network traffic.

Other options -

By the number of users: While the number of users may affect the overall amount of network traffic, the cost is not directly determined by the number of users. Instead, it is determined by the amount of data transferred and the geographical zones involved.

By resource type: The cost of network traffic is related to the amount of data transferred and the zones involved, not the specific Azure resources being used. While the type of resources may have an impact on the amount of data transferred, the cost of network traffic itself is not directly influenced by the resource type.

By the type of subscription: The type of subscription may affect the overall cost of Azure services, including usage allowances, but it doesn’t directly determine the cost of network traffic. Network traffic costs are determined by the amount of data transferred and the geographical zones involved.

Answer 127

A

No

This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.

Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Answer 128

A

Azure Key Vault

Secure key management is essential to protect data in the cloud . Azure Key Vault encrypts keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).

For more assurance, it is possible to import or generate keys in HSMs, and Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). With Key Vault, Microsoft doesn’t see or extract your keys.

You can monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.

All of the control, none of the work - the motto

By using Key Vault, you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations.

Answer 129

A

Azure Monitor

If you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Answer 130

A

No

Outbound data transfer is charged at the normal rate and inbound data transfer is free.

Answer 131

A

No

No, Azure HDInsight is a PaaS offering.

From the official Azure documentation:

Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Answer 132

A

Azure Network Security Group

You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

For each rule, you can specify source and destination, port, and protocol. This article describes properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule.

Answer 133

A

To estimate the cost of provisioning resources in Azure

To estimate the cost of provisioning resources in Azure - This is the correct answer because the Azure Pricing Calculator is specifically designed to help users estimate the cost of provisioning resources in Azure.

To compare the costs of running on-premises and Azure Cloud infrastructure - This option is incorrect because this function is performed by the Total Cost of Ownership (TCO) Calculator, not the Pricing Calculator.

To provision resources in Azure - This option is incorrect because the Pricing Calculator does not provision resources; it only provides cost estimates for resources. To provision resources, you would use the Azure Portal or other management tools.

To manage the billing of your Azure account - This option is incorrect because the Pricing Calculator does not manage billing. It only provides cost estimates for resources. To manage billing, you would use the Azure Cost Management and Billing tools.

Answer 134

A

Azure Databricks

Lot of people get confused between Azure Databricks and Azure HDInsight.

Azure HDInsight is primarily a managed Apache Hadoop service that lets you run Apache Spark, Apache Hive, Apache Kafka, Apache HBase, and more in the cloud.

Azure Databricks is a premium Spark offering that is ideal for customers who want their data scientists to collaborate easily and run their Spark based workloads efficiently and at industry leading performance.

It is essentially an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform.

Answer 135

A

Azure Virtual Network

The correct answer is Azure Virtual Network. The Azure Virtual Network service allows you to create and manage private networks in the cloud and connect them to on-premises networks using a VPN gateway.

Azure Virtual Network is a networking service that allows you to create and manage virtual networks in the cloud, and connect them securely to your on-premises infrastructure. With Azure Virtual Network, you can create subnets, assign IP addresses, and control traffic flow between virtual machines and other resources.

The VPN gateway in Azure Virtual Network provides a secure, encrypted connection between your virtual network in Azure and your on-premises network. This allows you to extend your on-premises infrastructure to the cloud, and access resources in Azure as if they were located on your local network.

Other Options -

Azure DNS: While Azure DNS provides a scalable and reliable domain name system (DNS) service that can be used to resolve domain names to IP addresses, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway.

Azure Traffic Manager: While Azure Traffic Manager is a global DNS-based traffic load balancer that can be used to distribute traffic across multiple endpoints, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway.

Azure Security Center: While Azure Security Center is a unified security management and monitoring service that provides threat protection for cloud workloads, it is not directly related to creating and managing private networks or connecting them to on-premises networks using a VPN gateway. Azure Security Center is focused on securing cloud resources and workloads, rather than on networking and connectivity.

Answer 136

A

A VPN Gateway

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

Answer 137

A

No

A SaaS solution does not provide access to the operating system. In fact, with a SaaS we have the least maintenance effort but also the least degree of control. An example of SaaS is Zoom, Outlook etc.

Answer 138

A

Yes

A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Each Azure region has a minimum of three availability zones.

Answer 139

A

No

No. Private is a phase when Azure invites a few customers to take part in early access to new concepts and features. This phase does not include formal support. It is not available to the general public as well.

Answer 140

A

Azure Content Delivery Network (CDN)

The Azure Content Delivery Network (CDN) service cannot be used to deploy a containerized application.

CDN is a service for delivering static content (such as images, videos, and other files) from a distributed network of servers. It is not designed for running and deploying containerized applications.

On the other hand, Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and Azure Virtual Machines (VMs) can all be used to deploy containerized applications.

Azure Kubernetes Service (AKS) provides a managed Kubernetes service for deploying, scaling, and managing containerized applications.

Azure Container Instances (ACI) is a serverless service that allows you to run containers on demand without having to manage the underlying infrastructure.

Azure Virtual Machines (VMs) provide a more flexible option for running containers by allowing you to choose the operating system and configure the environment to your specific needs.

Answer 141

A

Azure Network Watcher

The correct answer is Azure Network Watcher.

Azure Network Watcher is a monitoring and diagnostic service that provides tools to diagnose network issues in Azure. It includes a VPN diagnostics tool that can be used to diagnose connectivity issues with VPN gateways, including Site-to-Site VPN (IPsec) gateways. The tool can help identify configuration issues, routing issues, and other common problems that can cause connectivity issues.

Other Options:

Azure Traffic Manager: This is a global DNS load balancer that can be used to distribute incoming traffic across multiple Azure regions. It is not designed for diagnosing network connectivity issues.

Azure Application Gateway: This is a web traffic load balancer that can be used to manage and route HTTP and HTTPS traffic. It is not designed for diagnosing network connectivity issues.

Azure ExpressRoute: This is a dedicated, private connection between an on-premises datacenter and Azure. It is not used for Site-to-Site VPN (IPsec) connections, and is not designed for diagnosing connectivity issues with VPN gateways.

Answer 142

A

The network bandwidth between the primary and secondary regions
The amount of data being replicated
The number of virtual machines being replicated
The types of virtual machines being replicated.

All of the options could potentially affect the cost of this setup.

The number of virtual machines being replicated - The more virtual machines being replicated, the higher the cost will be, as each VM will require resources to be replicated to the secondary region.

The amount of data being replicated - The amount of data being replicated can have a significant impact on the cost, as data transfer between regions incurs charges.

The network bandwidth between the primary and secondary regions - The network bandwidth between the primary and secondary regions can also impact the cost, as higher bandwidth requirements will result in higher charges.

The types of virtual machines being replicated - The types of virtual machines being replicated could also impact the cost, as certain VM sizes are more expensive than others.

Answer 143

A

No

Tricky question!

Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure as servers, storage, and networking, but also middleware, development tools, business intelligence (BI) services, database management systems, and more.

Azure SQL Databases are PaaS, that’s fine. BUT:

Azure Load Balancers are IaaS not PaaS!

Answer 144

A

Yes

Tip: Most such questions mentioning Operating Systems (Ubuntu, Linux, Windows, MacOS) are to create confusion. If you can open a browser - you can access the Cloud Shell which gives you access to Bash or PowerShell.

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Answer 145

A

Load balance your virtual machines to manage incoming traffic

Load balancing is used for PERFORMANCE OPTIMISATION and not cost saving.

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It’s the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer’s front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.

A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.

An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.

Answer 146

A

Tags

Tags do not incur costs, but are rather a great way to know which resources are incurring costs!

Answer 147

A

Azure Data Lake
Azure IoT Hubs

Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.

Several messaging patterns are supported, including device-to-cloud telemetry, uploading files from devices, and request-reply methods to control your devices from the cloud. IoT Hub also supports monitoring to help you track device creation, device connections, and device failures.

IoT Hub scales to millions of simultaneously connected devices and millions of events per second to support your IoT workloads. For more information about scaling your IoT Hub, see IoT Hub scaling. To learn more about the tiers of service offered by IoT Hub, check out the pricing page.

IoT Hub can further route messages to Azure Data Lake Storage.

Answer 148

A

Azure Kubernetes

Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps, with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multicloud Kubernetes clusters. Interoperate with Azure security, identity, cost management, and migration services.

Answer 149

A

Availability Zones

Availability Zones are a high-availability offering from Microsoft Azure that provide a fault-tolerant architecture for applications. Availability Zones are physically separate data centers within an Azure region, each with their own power, cooling, and networking infrastructure.

By deploying virtual machines and other resources across multiple Availability Zones, you can ensure that your application remains available even in the event of a data center outage or other disruption. Availability Zones provide redundancy and isolation, which helps protect your application from both planned and unplanned downtime.

Other options -

Availability Sets are a feature of Microsoft Azure that help ensure that virtual machines are distributed across multiple fault domains and update domains within a single data center or region. This helps protect against hardware failures and other disruptions by ensuring that virtual machines are not all located in the same physical rack or power source. However, Availability Sets do not provide any inherent protection against data center-wide outages, which can occur due to issues such as network outages, power failures, or natural disasters. In such cases, all virtual machines in the affected data center or region may become unavailable.

Scale Sets is not necessarily the best choice for ensuring availability during planned maintenance events because it only provides horizontal scalability by adding or removing virtual machines based on demand, but does not inherently provide any availability benefits beyond what is provided by the underlying infrastructure.

Scale Sets are a feature of Microsoft Azure that provide automatic scaling of a set of virtual machines based on demand. This helps ensure that the application can handle varying levels of traffic and usage, but does not necessarily provide inherent resiliency against planned maintenance events or other types of disruptions.

Azure Container Registry is a managed private Docker registry service that enables you to store and manage container images in Azure. While it provides benefits such as secure storage, authentication, and geo-replication of container images, it is not directly related to ensuring availability during planned maintenance events.

Answer 150

A

No

Data ingress (incoming) to Azure data centers is free, so the organizations assumptions are invalid.

Answer 151

A

Platform as a service (Paas)

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Since we need to reduce the overhead effort of managing everything, and create our own solution, PaaS is the best option!

Answer 152

A

Azure Policy

Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill-down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.

Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started.

Answer 153

A

ReadOnly

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. In the left navigation panel, the subscription lock feature’s name is Resource locks, while the resource group lock feature’s name is Locks.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Answer 154

A

Yes

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Answer 155

A

Yes

Yes, both of these services fall under the PaaS category, and therefore meet our requirements!

Answer 156

A

Azure Cognitive Services

Cognitive Services bring AI within reach of every developer—without requiring machine-learning expertise. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps.

Answer 157

A

Resource groups can’t be nested, i.e, a resource group cannot exist inside another resource group. It is however possible is to link resources from other resource groups within a resource group.

Answer 158

A

Azure Queue Storage

You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices.

A single queue message can be up to 64 KB in size, and a queue can contain millions of messages, up to the total capacity limit of a storage account. Queue storage is often used to create a backlog of work to process asynchronously.

Answer 159

A

For a lift-and-shift migration

From the official docs: Infrastructure as a service (IaaS) is the most flexible category of cloud services, as it provides you the maximum amount of control for your cloud resources. In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security. You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on. With IaaS, you’re essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you.

Some common scenarios where IaaS might make sense include:

Lift-and-shift migration: You’re standing up cloud resources similar to your on-prem datacenter, and then simply moving the things running on-prem to running on the IaaS infrastructure.

Testing and development: You have established configurations for development and test environments that you need to rapidly replicate. You can stand up or shut down the different environments rapidly with an IaaS structure, while maintaining complete control.

Answer 160

A

Azure Logic Apps

Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

Answer 161

A

Azure Cognitive Services

Cognitive Services brings AI within reach of every developer and data scientist. With leading models, a variety of use cases can be unlocked. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate advanced decision-making into your apps. Enable developers and data scientists of all skill levels to easily add AI capabilities to their apps.

Answer 162

A

No

The answer is No!

Cloud services and on-premises infrastructure have different security models, with unique strengths and weaknesses. While cloud services provide greater control over some aspects of data security, such as network security and access control, they also require a greater degree of trust in the cloud provider to maintain physical security of the data centers where the data is stored. In contrast, on-premises infrastructure provides greater control over physical security, as the organization has direct control over the physical security measures and can ensure that the data is physically secure.

This is why you’ll see a lot of large organizations aren’t comfortable storing sensitive data on the cloud.

Answer 163

A

Vertical scaling adjusts the number of resources, while horizontal scaling adjusts capabilities.

Vertical scaling involves adjusting the number of resources, such as CPUs or RAM. Horizontal scaling, on the other hand, involves adding or subtracting resources to adjust capabilities, such as adding more virtual machines.

Answer 164

A

Azure Government

Azure Government is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local and tribal governments and their partners have access to this dedicated instance, operated by screened US citizens. Azure Government offers the broadest level of certifications of any cloud provider to simplify even the most critical government compliance requirements.

Answer 165

A

No

No, it is false that ExpressRoute connections go over the public Internet. However, they do offer more reliability, faster speeds, and lower latencies than typical Internet connections.

All incoming data into Azure using ExpressRoute is free of charge (as with any other inbound data transfer to Azure).

Answer 166

A

Apply the CanNotDelete Lock on the resources

Applying a delete lock to the resource group will prevent the resources inside it from being deleted.

As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively:

1) CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.

2) ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Answer 167

A

External Identities

External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.

Answer 168

A

Threats targeting Azure services like Azure App Service, Azure SQL, and Azure Storage Account.

Defender for Cloud helps detect threats targeting various Azure services, such as Azure App Service, Azure SQL, and Azure Storage Account - these are PaaS services anyway. It provides monitoring and protection for these services to enhance their security.

Answer 169

A

AzCopy

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Answer 170

A

Elastic Pools

Just like Azure VM Scale Sets are used with VMs, you can use Elastic Pools with Azure

SQL Databases!

SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single Azure SQL Database server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

Answer 171

A

Azure Powershell
Azure Portal
Azure CLI
Azure Cloudshell

All of the above can be used to manage Azure resources on a MacOS based system!

Azure Portal - Available for all Operating Systems

Azure CLI - Available for MacOS, Windows and Linux

Azure Powershell - Available to install on MacOS, Windows, Linux, Docker, and Arm (Subset of Azure Cloudshell)

Azure Cloudshell - Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Answer 172

A

A dedicated intrusion detection system (IDS).

From the official documentation: “At Microsoft Azure, our security approach focuses on defense in depth, with layers of protection built throughout all phases of design, development, and deployment of our platforms and technologies. We also focus on transparency, making sure customers are aware of how we’re constantly working to learn and improve our offerings to help mitigate the cyberthreats of today and prepare for the cyberthreats of tomorrow.”

The defence in depth model is all about multiple layers - so always choose the option that best matches this.

A dedicated intrusion detection system (IDS) is an example of a security layer in the defense-in-depth model. It monitors network traffic for suspicious activity and helps detect and respond to potential breaches.

Answer 173

A

Azure File Sync

Azure File Sync enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

Answer 174

A

21Vianet

Microsoft Azure operated by 21Vianet is the first international public cloud service that has been commercialized in China in compliance with Chinese laws and regulations.

Answer 175

A

Multi-Tenancy

The concept of sharing resources among multiple users or tenants, allowing for cost savings and increased efficiency, is known as “multi-tenancy”.

Other options -

Redundancy: It refers to the duplication of critical system components to ensure continued operation in case of a failure. While redundancy is an important attribute of many cloud systems, it is not specifically related to the concept of sharing resources among multiple users.

Autonomy: It refers to the ability of a system or organization to operate independently, with minimal external control or interference. While autonomy can be an important attribute of cloud systems, it is not specifically related to the concept of multi-tenancy.

Monolithic architecture: It architecture refers to a software architecture pattern in which all components of an application are tightly integrated and deployed as a single unit. While monolithic architecture can be used in cloud systems, it is not specifically related to the concept of multi-tenancy, which involves the sharing of resources among multiple users or tenants.

Answer 176

A

data , identities

As you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter.

Division of responsibility

In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.

For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).

Regardless of the type of deployment, the following responsibilities are always retained by you:

Data
Endpoints
Account
Access management

Answer 177

A

Region Pair

Regional Pairs are 2 connected Azure Regions for Disaster Recovery within the same Geography.

Many organizations require both high availability provided by availability zones that are also supported with protection from large-scale phenomena and regional disasters. As discussed in the resiliency overview for regions and availability zones, Azure regions are designed to offer protection against local disasters with availability zones. But they can also provide protection from regional or large geography disasters with disaster recovery by making use of another region that uses cross-region replication.

To ensure customers are supported across the world, Azure maintains multiple geographies. These discrete demarcations define a disaster recovery and data residency boundary across one or multiple Azure regions.

Cross-region replication is one of several important pillars in the Azure business continuity and disaster recovery strategy. Cross-region replication builds on the synchronous replication of your applications and data that exists by using availability zones within your primary Azure region for high availability. Cross-region replication asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.

Answer 178

A

Azure DNS

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains then can be hosted in Azure DNS for record management. For more information, see Delegate a domain to Azure DNS.

Answer 179

A

By including multiple values for a single tag name

The correct answer is ‘By including multiple values for a single tag name’.

When you need to assign more than the maximum number of allowed tags to an Azure resource, you can use JSON strings to include multiple values for a single tag name. This approach allows you to apply more tag values than the limit allows while maintaining compliance with Azure’s tag limit. The JSON string should be added as the tag value, and it should contain a comma-separated list of values that you want to apply to the tag.

Answer 180

A

The correct answer is Scalability. It specifically refers to the ability to provision and deprovision cloud resources quickly and with minimal management effort.

Other options -

Resiliency: It refers to the ability of a system to recover quickly from failures or disruptions. While resiliency is an important attribute of cloud systems, it is not specifically related to the ability to provision and deprovision resources quickly.

Elasticity: It is the ability of a system to scale up or down in response to changes in demand. This is a closely related concept to scalability, but specifically refers to the ability to handle changes in workload or traffic.

Sustainability: It refers to the ability of a system to operate in an environmentally friendly manner, with minimal impact on the planet. While sustainability is an important consideration for cloud providers, it is not specifically related to the ability to provision and deprovision resources quickly.

Answer 181

A

Elasticity

Elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations.

With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment.

Answer 182

A

Encrypt the data both at rest and in transit.

To help protect data in the cloud, you need to account for the possible states in which your data can occur, and what controls are available for that state. Best practices for Azure data security and encryption relate to the following data states:

1) At rest: This includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk.

2) In transit: When data is being transferred between components, locations, or programs, it’s in transit. Examples are transfer over the network, across a service bus (from on-premises to cloud and vice-versa, including hybrid connections such as ExpressRoute), or during an input/output process.

Answer 183

A

The time it takes for data to travel over the network

Network latency is the time it takes for data or a request to go from the source to the destination. Latency in networks is measured in milliseconds.

Answer 184

A

Products

The Products tab allows us to choose certain services, and configure a solution. We then get an estimated cost for deploying our solution.

Answer 185

A

Azure Active Directory Passwordless

Features like multifactor authentication (MFA) are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know.

Each organization has different needs when it comes to authentication. Microsoft global Azure and Azure Government offer the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD):

Windows Hello for Business
Microsoft Authenticator
FIDO2 security keys

Answer 186

A

No

Tags applied to the resource group or subscription aren’t inherited by the resources. To apply tags from a subscription or resource group to the resources, see Azure Policies - tags.

Answer 187

A

Azure Active Directory Domain Services

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

An Azure AD DS managed domain lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

Azure AD DS integrates with your existing Azure AD tenant. This integration lets users sign in to services and applications connected to the managed domain using their existing credentials. You can also use existing groups and user accounts to secure access to resources. These features provide a smoother lift-and-shift of on-premises resources to Azure.

Answer 188

A

No

No, a Network Security Group (NSG) DOES NOT encrypt traffic.

From the Official Azure Documentation:

You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Answer 189

A

Yes

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Answer 190

A

Yes

Azure Virtual Machines and Azure Virtual Networks both fall under the IaaS category, and therefore this solution would meet the lead architect’s ask.

Answer 191

A

No

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for logging and analytics.

To learn about Azure Firewall features, see Azure Firewall features.

Answer 192

A

Yes

When organizations move workloads and data to the cloud, their on-premises datacenters often continue to play an important role. The term hybrid cloud refers to a combination of public cloud and on-premises datacenters, to create an integrated IT environment that spans both. Some organizations use hybrid cloud as a path to migrate their entire datacenter to the cloud over time. Other organizations use cloud services to extend their existing on-premises infrastructure.

When to use a hybrid solution

Consider using a hybrid solution in the following scenarios:

As a transition strategy during a longer-term migration to a fully cloud-native solution.

When regulations or policies do not permit moving specific data or workloads to the cloud.

For disaster recovery and fault tolerance, by replicating data and services between on-premises and cloud environments.

To reduce latency between your on-premises datacenter and remote locations, by hosting part of your architecture in Azure.

Answer 193

A

No

The Q/A forums is a free service offered by Azure. There is no cost associated with it.

You can get answers to common questions, and even filter by product to limit the results!

Answer 194

A

No

The answer is No. Azure Site Recovery can be used to replicate and recover virtual machines not only within Azure, but also from on-premises datacenters to Azure, and between different datacenters or regions.

Azure Site Recovery is a disaster recovery solution that provides continuous replication of virtual machines and physical servers to a secondary site, allowing for rapid recovery in case of a disaster. It supports a wide range of scenarios, including replication from VMware, Hyper-V, and physical servers to Azure, as well as replication between Azure regions or datacenters.

Answer 195

A

Azure Machine Learning Studio

Azure Machine Learning Studio is an enterprise-grade service for the end-to-end machine learning lifecycle.

It empower data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. Innovate on a secure, trusted platform designed for responsible AI applications in machine learning.

Answer 196

A

Microsoft representative
Microsoft Partner
Azure website

You can choose the purchasing option that works best for your organisation. Or, use any of the options simultaneously.

Answer 197

A

VPN

VPNs use an encrypted tunnel within another network. They’re typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet). Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks.

VPNs can enable branch offices to share sensitive information between locations. For example, let’s say that your offices on the East coast region of North America need to access your company’s private customer data, which is stored on servers that are physically located in a West coast region. A VPN can connect your East coast offices to your West coast servers allowing your company to securely access your private customer data.

Answer 198

A

Horizontal scaling

Horizontal scaling

With horizontal scaling, if you suddenly experienced a steep jump in demand, your deployed resources could be scaled out (either automatically or manually). For example, you could add additional virtual machines or containers, scaling out. In the same manner, if there was a significant drop in demand, deployed resources could be scaled in (either automatically or manually), scaling in.

Vertical scaling

With vertical scaling, if you were developing an app and you needed more processing power, you could vertically scale up to add more CPUs or RAM to the virtual machine. Conversely, if you realized you had over-specified the needs, you could vertically scale down by lowering the CPU or RAM specifications.

Answer 199

A

Yes

Azure Advisor helps in quick and easy optimization of your Azure deployments. Azure Advisor analyses your configurations and usage telemetry and offers personalised, actionable recommendations to help you optimise your Azure resources for reliability, security, operational excellence, performance and cost.

Answer 200

A

Azure HDInsight

VERY IMPORTANT!

From the Official Azure docs:
We can easily run popular open source frameworks—including Apache Hadoop, Spark, and Kafka—using Azure HDInsight, a cost-effective, enterprise-grade service for open source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open source ecosystem with the global scale of Azure.

Many people get confused between Azure HDInsight and Azure Databricks -

1) Azure HDInsight brings both Hadoop and Spark under the same umbrella and enables enterprises to manage both using the same set of tools e.g. using Ambari, Apache Ranger etc. It also offers industry standard notebook experience with support for both Jupyter and Zeppelin notebooks. Enterprises that want this ease of manageability across all their big data workloads can choose to use HDInsight.

2) Azure Databricks is a premium Spark offering that is ideal for customers who want their data scientists to collaborate easily and run their Spark based workloads efficiently and at industry leading performance.

Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. For more details, refer to Azure Databricks Documentation.

Answer 201

A

Azure Event Hubs

Event Hubs is a fully managed, real-time data ingestion service that’s simple, trusted and scalable. Stream millions of events per second from any source to build dynamic data pipelines and immediately respond to business challenges. Keep processing data during emergencies using the geo-disaster recovery and geo-replication features.

Integrate seamlessly with other Azure services to unlock valuable insights. Allow existing Apache Kafka clients and applications to talk to Event Hubs without any code changes – you get a managed Kafka experience without having to manage your own clusters. Experience real-time data ingestion and microbatching on the same stream.

Answer 202

A

Azure Firewall Manager

The correct answer is Azure Firewall Manager.

Azure Firewall Manager is not a tool for vulnerability management within the Azure Security Center. Instead, Azure Firewall Manager is a centralized security management service that provides a single pane of glass to manage multiple Azure Firewall instances and virtual networks across different regions and subscriptions. It allows you to configure and deploy Azure Firewall instances, create and apply security policies, and view security alerts and reports.

Other options -

Azure Defender: This is a unified security management service that provides advanced threat protection across your hybrid cloud workloads, including virtual machines, containers, and Azure services. It includes a variety of security tools, such as vulnerability assessment, security alerts, and security recommendations.

Azure Advisor: This is a service within the Azure Security Center that provides personalized recommendations to optimize your Azure resources for performance, high availability, security, and cost. It includes recommendations related to security vulnerabilities, such as enabling Network Security Groups (NSGs) and applying endpoint protection.

Azure Policy: This is a service that helps you enforce compliance with your corporate standards and regulatory requirements by applying policies to your Azure resources. It includes built-in policies to help identify and remediate security vulnerabilities, such as requiring encryption for storage accounts and enforcing secure communication protocols.

Answer 203

A

It focuses on securing virtual machines and access to them.

From the official docs: The focus in this layer is on making sure that your compute resources are secure and that you have the proper controls in place to minimize security issues.

At this layer, it’s important to:

Secure access to virtual machines.

Implement endpoint protection on devices and keep systems patched and current.

Therefore, the “compute” layer in the defense-in-depth model concentrates on securing access to virtual machines and ensuring they are properly protected. It involves implementing security controls and measures within the virtual machine environment. This is the best option out of the ones given.

Answer 204

A

Azure Data Box

Azure Data Box devices easily move data to Azure when busy networks aren’t an option. Move large amounts of data to Azure when you’re limited by time, network availability, or costs, using common copy tools such as Robocopy. All data is AES-encrypted, and the devices are wiped clean after upload, in accordance with NIST Special Publication 800-88 revision 1 standards.

Answer 205

A

Azure ExpressRoute

Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity:

Point-to-site virtual private networks The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.

Site-to-site virtual private networks A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Azure ExpressRoute For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides a dedicated private connectivity to Azure that doesn’t travel over the internet.

Answer 206

A

Virtual Network Peering

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.

User-defined routes (UDR) are a significant update to Azure’s Virtual Networks that allows for greater control over network traffic flow. This method allows network administrators to control the routing tables between subnets within a VNet, as well as between VNets.

Answer 207

A

Role assignments
Azure Resource Manager templates
Policy assignments
Resource groups

All the options are correct. From the official docs: Azure Blueprints deploy a new environment based on all of the requirements, settings, and configurations of the associated artifacts. Artifacts can include things such as:

Role assignments
Policy assignments
Azure Resource Manager templates
Resource groups

Answer 208

A

To prevent accidental deletion or modification of critical resources.

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Unlike role-based access control (RBAC), you use management locks to apply a restriction across all users and roles. To learn about setting permissions for users and roles, see Azure RBAC.

Therefore, Resource locks in Azure are used to prevent accidental deletion or modification of important resources. They help maintain the integrity of critical resources by preventing unwanted changes.

Answer 209

A

Zone Redundant Storage (ZRS)

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but isn’t recommended for applications requiring high availability or durability.

Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Geo-zone-redundant storage (GZRS) combines the high availability provided by redundancy across availability zones with protection from regional outages provided by geo-replication. Data in a GZRS storage account is copied across three Azure availability zones in the primary region and is also replicated to a secondary geographic region for protection from regional disasters.

Answer 210

A

Azure Resource Manager

Azure provides native support for IaC via the Azure Resource Manager model. Teams can define declarative ARM templates that specify the infrastructure required to deploy solutions.

Third-party platforms like Terraform, Ansible, Chef, and Pulumi also support IaC to manage automated infrastructure.

Answer 211

A

300

Azure strives to ensure a minimum distance of 300 miles (483 kilometers) between datacenters in enabled regions, although it isn’t possible across all geographies. Datacenter separation reduces the likelihood that natural disaster, civil unrest, power outages, or physical network outages can affect multiple regions. Isolation is subject to the constraints within a geography, such as geography size, power or network infrastructure availability, and regulations.

Answer 212

A

Authentication

Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.

Answer 213

A

No

A resource can connect to resources in other resource groups. This scenario is common when the two resources are related but don’t share the same lifecycle. For example, you can have a web app that connects to a database in a different resource group.

Answer 214

A

Budgets

Budgets is the correct answer. Budgets in Azure Cost Management allow you to set a spending limit for Azure based on a subscription, resource group, service type, or other criteria. You can also set a budget alert, which will notify you when the budget reaches the defined alert level.

Other options -

Cost analysis: Incorrect because cost analysis is used to explore and analyze your organizational costs in different ways, such as by billing cycle, region, or resource. It helps you understand spending trends but does not provide notifications for reaching a certain threshold.

Cost alerts: Incorrect because cost alerts are the notifications you receive when a certain threshold is reached, but they are not the feature you use to set up the alert in the first place. You need to set a budget and configure a budget alert to receive cost alerts.

Department spending quota alerts: Incorrect because department spending quota alerts are specific to organizations with Enterprise Agreements (EAs) and are used to notify when department spending reaches a fixed threshold of the quota. This alert type is not related to general Azure spending thresholds.

Answer 215

A

Azure Container Registry

Azure provides the ability to apply metadata tags to resources to help organize and manage resources. These tags consist of name-value pairs that can be used to categorize resources based on common attributes. Azure supports tagging for most of its resource types, but some do not support tagging. Azure Container Registry is correct as Azure Container Registry does not support tagging. Container Registry is a private registry for storing and managing container images and does not currently support metadata tags.

Virtual Machines - This is incorrect as Virtual Machines support tagging. Tags can be used to help identify and manage VMs.

Azure App Service - This is incorrect as Azure App Service supports tagging. Tags can be used to help organize and manage App Service resources.

Azure Cosmos DB - This is incorrect as Azure Cosmos DB supports tagging. Tags can be used to help identify and manage Cosmos DB resources.

Answer 216

A

By preserving the relationship between blueprint definition and blueprint assignment

Azure Blueprints helps in monitoring deployments by preserving the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed). This connection allows you to track and audit your deployments effectively.

Other options:

Azure Blueprints doesn’t provide real-time monitoring of resource usage. It focuses on standardizing and automating environment deployments based on predefined configurations.

Automatically suspending resources when they reach a certain cost threshold is not a function of Azure Blueprints. It is more related to cost management features like budgets and cost alerts.

Sending email notifications when a deployment reaches a certain milestone is not a feature specific to Azure Blueprints. This could be achieved through other Azure services or custom monitoring solutions.

Answer 217

A

Network Security Group

Network Security Group is the correct answer.

A Network Security Group (NSG) is a basic form of firewall that can be used to filter network traffic between subnets in an Azure virtual network. NSGs are used to define inbound and outbound traffic rules that control the flow of traffic to and from resources in a virtual network.

Other options -

Azure Firewall: It is a firewall service that can be used to filter network traffic, and is typically used to protect virtual networks from external threats and to enforce network security policies. However, Azure Firewall is not typically used to filter network traffic between subnets in an Azure virtual network. This is because Network Security Group (NSG) is the recommended method for filtering network traffic within a virtual network.

Azure Application Gateway: It provides application-level load balancing and routing, but is not used to filter network traffic between subnets in an Azure virtual network. It is focused on providing routing and load balancing for web traffic, rather than network traffic.

Azure Load Balancer: It can be used to distribute incoming traffic across multiple virtual machines or instances within a Virtual Network, but is not used to filter network traffic between subnets in an Azure virtual network. It provides a load balancing service, rather than a filtering service.

Answer 218

A

Azure Activity Log

The Azure Monitor activity log is a platform log in Azure that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started. You can view the activity log in the Azure portal or retrieve entries with PowerShell and the Azure CLI. This article provides information on how to view the activity log and send it to different destinations.

Answer 219

A

Compliance Manager from the Service Trust Portal

Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.

There is nothing called alpha blade in Azure.

Answer 220

A

Azure Storage Explorer

Azure Storage Explorer is a free tool to conveniently manage your Azure cloud storage resources from your desktop.

Answer 221

A

Role Based Access Control (RBAC)

Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.

What can you do with Azure RBAC?

Here are some examples of what you can do with Azure RBAC:

Allow one user to manage virtual machines in a subscription and another user to manage virtual networks

Allow a DBA group to manage SQL databases in a subscription

Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets

Allow an application to access all resources in a resource group

Answer 222

A

Azure Blob Storage

A blob is a binary, large object and a storage option for any type of data that you want to store in a binary format. Learn about blob types.

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.

Blob storage is designed for:

1) Serving images or documents directly to a browser.

2) Storing files for distributed access.

3) Streaming video and audio.

4) Writing to log files.

5) Storing data for backup and restore, disaster recovery, and archiving.

6) Storing data for analysis by an on-premises or Azure-hosted service.

Answer 223

A

No

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains then can be hosted in Azure DNS for record management. For more information, see Delegate a domain to Azure DNS.

Answer 224

A

No

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Although you can see when a maintenance is planned and act accordingly to migrate a VM if needed, you can’t prevent service failures.

Answer 225

A

Resource locks prevent modifications but allow read access.

From the Azure docs:

As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly.

CanNotDelete means authorized users can read and modify a resource, but they can’t delete it.

ReadOnly means authorized users can read a resource, but they can’t delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Based on these definitions, we can still READ but not modify/delete the resources. This allows you to view resource configurations without accidentally altering them.

Answer 226

A

Budget alerts
Department spending quota alerts
Credit alerts

Budget alerts: Correct. Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the alert condition of the budget.

Credit alerts: Correct. Credit alerts notify you when your Azure credit monetary commitments are consumed. Monetary commitments are for organizations with Enterprise Agreements (EAs).

Department spending quota alerts: Correct. Department spending quota alerts notify you when department spending reaches a fixed threshold of the quota. Spending quotas are configured in the EA portal.

Other options -

Resource usage alerts: Incorrect. Resource usage alerts are not part of the Cost Management service. Cost Management focuses on costs, budgets, and spending alerts.

Answer 227

A

Azure Dedicated Host

Azure Dedicated Host is the correct answer.

Azure Dedicated Host is an Azure service that offers a dedicated physical server to host your virtual machines. With Azure Dedicated Host, you can control the underlying host infrastructure and manage host maintenance operations such as updates and reboots. You can also select the number of cores, amount of memory, and types of storage devices that best suit your workloads.

Other options -

Azure Virtual Machines: This is a cloud-based infrastructure as a service (IaaS) offering that provides virtual machines for running applications and services. However, Azure Virtual Machines do not offer dedicated physical servers.

Azure Virtual Dedicated Host: This is not a valid Azure service.

Azure Bare Metal: This is a term that generally refers to a physical server or machine without a hypervisor layer. While Azure provides access to virtual machines with a range of hardware specifications, Azure Bare Metal is not a specific service that provides dedicated physical servers.

Answer 228

A

Azure Service Health

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Answer 229

A

DDoS protection

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.

Azure DDoS Protection enables you to protect your Azure resources from denial of service (DoS) attacks with always-on monitoring and automatic network attack mitigation. There is no upfront commitment, and your total cost scales with your cloud deployment.

Answer 230

A

Initiatives

An initiative definition is a collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions. They simplify by grouping a set of policies as one single item. For example, you could create an initiative titled Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center.

Answer 231

A

50

The correct answer is 50.

Azure allows users to assign name-value pairs, called tags, to each resource, resource group, and subscription. The maximum number of tag name-value pairs that can be assigned to each of these entities is 50. If you need to apply more tags than the allowed number, you can use a JSON string to include multiple values for a single tag name. Each resource group or subscription can contain numerous resources, each with their own set of 50 tag name-value pairs.

Answer 232

A

No

This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.

Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Answer 233

A

To ensure secure configurations of workloads and resources.

The “Secure” aspect of Defender for Cloud aims to ensure that workloads and resources are securely configured. It provides policies and guidelines to help achieve Azure Security Benchmark compliance and secure configurations

Answer 234

A

Locally redundant storage (LRS)

Azure Storage always stores multiple copies of your data so that it’s protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

Redundancy in the primary region

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but isn’t recommended for applications requiring high availability or durability.

Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Answer 235

A

Azure PowerShell uses PowerShell commands, while the Azure CLI uses Bash commands.

The Azure CLI is functionally equivalent to Azure PowerShell, with the primary difference being the syntax of commands. While Azure PowerShell uses PowerShell commands, the Azure CLI uses Bash commands.

The Azure CLI provides the same benefits of handling discrete tasks or orchestrating complex operations through code. It’s also installable on Windows, Linux, and Mac platforms, as well as through Azure Cloud Shell.

Due to the similarities in capabilities and access between Azure PowerShell and the Bash based Azure CLI, it mainly comes down to which language you’re most familiar with.

Answer 236

A

Azure Key Vault

Azure Key Vault helps solve the following problems:

1) Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets

2) Key Management - Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

3) Certificate Management - Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.

Azure Key Vault has two service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module(HSM)-protected keys

Answer 237

A

No

Tricky question! PowerAutomate is not the same as PowerShell.

PowerAutomate moreover isn’t a part of Azure! It falls under the Microsoft umbrella of offerings, just like PowerApps.

Hence, this statement is definitely False. You can use the Azure portal to provision Virtual Machines, or even the CLI.

Answer 238

A

Availability Zone

Answer 239

A

Virtual Network Peering

Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft’s private network only.

Azure supports the following types of peering:

Virtual network peering: Connecting virtual networks within the same Azure region.

Global virtual network peering: Connecting virtual networks across Azure regions.

Answer 240

A

A subscription

A subscription needs to be created first and foremost.

The Azure account is what lets you access Azure services and Azure subscriptions. It is possible to create multiple subscriptions in our Azure account to create separation for billing or management purposes. In your subscription(s) you can manage resources in resources groups.

The Azure hierarchy looks like :

Tenancy -> Subscription -> Resource Group -> Resource.

Answer 241

A

A budget alert is triggered

A budget alert is triggered is the correct option!

Other options -

The budget is automatically increased.by 10%: This is incorrect because reaching the budget alert level does not cause the budget to automatically increase. The purpose of the alert is to notify you when the spending reaches a certain threshold.

The resource usage is suspended: This is incorrect because a budget alert by itself does not suspend resource usage. It simply provides a notification that the alert threshold has been reached. However, you can configure advanced automation to suspend or modify resources based on budget conditions, but this is not the default behavior.

An invoice is sent to the account owner: This is incorrect because reaching the budget alert level does not trigger an invoice to be sent to the account owner. The budget alert is intended to inform you about the spending level, not to generate an invoice.

Answer 242

A

All of these

All of the above can help leverage the power of tags in one way or the other.

From the official Azure docs:

Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons:

Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Cost management and optimization: Making business groups aware of cloud resource consumption requires IT to understand the resources and workloads each team is using.

Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required.

Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.

Governance and regulatory compliance: Maintaining consistency across resources helps identify changes from agreed-upon policies. Prescriptive guidance for resource tagging demonstrates how one of the following patterns can help when deploying governance practices. Similar patterns are available to evaluate regulatory compliance using tags.

Automation: A proper organizational scheme allows you to take advantage of automation as part of resource creation, operational monitoring, and the creation of DevOps processes. It also makes resources easier for IT to manage.

Workload optimization: Tagging can help identify patterns and resolve broad issues. Tag can also help identify the assets required to support a single workload. Tagging all assets associated with each workload enables deeper analysis of your mission-critical workloads to make sound architectural decisions.

Answer 243

A

Azure Arc

Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems.

Today, companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources.

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Brainscape's Knowledge GenomeTM

Practice test 1 Flashcards

Brainscape's Knowledge Genome^TM