Practice Test 2 - Udemy

Question 1

Which of the following services can facilitate the deployment and scaling of containers?

A. Azure Kubernetes
B. Azure Active Directory
C. Azure Logic Apps
D. Azure Cognitive Services

Answer 1

A. Azure Kubernetes

Explanation:
Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps, with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multicloud Kubernetes clusters. Interoperate with Azure security, identity, cost management, and migration services.

Question 2

Which of the following would you need to set up alerts for outages or when autoscaling is about to deploy new instances?

A. Azure Service Health
B. Azure Bastion
C. Azure Advisor
D. Azure Monitor

Answer 2

D. Azure Monitor

Explanation:
You can use Azure Monitor to set up alerts for key events that are related to your specific resources.

Question 3

Is it possible to run a PowerShell module directly from a Windows computer with Azure PowerShell installed?

A. No
B. Yes

Answer 3

B. Yes

Explanation:
A Powershell script can create Azure resources, and since the Powershell module is installed on the Windows computer, this is easily doable.

Question 4

Which of the following services is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform?

A. Azure Databricks
B. Azure Machine Learning Studio
C. Azure Cognitive Services
D. Azure Bot Services

Answer 4

A. Azure Databricks

Explanation:
Please read this answer carefully. ‘Optimised’ is the keyword in the question.

Lot of people get confused between Azure Databricks and Azure HDInsight.

Azure HDInsight is primarily a managed Apache Hadoop service that lets you run Apache Spark, Apache Hive, Apache Kafka, Apache HBase, and more in the cloud.

Azure Databricks is a premium Spark offering that is ideal for customers who want their data scientists to collaborate easily and run their Spark based workloads efficiently and at industry leading performance.

It is essentially an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform.

Question 5

Which of the following is NOT a cost saving solution?

A. Load balancer your virtual machines to manage incoming traffic
B. Using a Pay as you go Subscription
C. Use Azure Reserved Virtual Machine Instances
D. Choosing an appropriate instance type for a VM

Answer 5

A. Load balancer your virtual machines to manage incoming traffic

Explanation:
Load balancing is used for PERFORMANCE OPTIMISATION and not cost saving.

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It’s the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer’s front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.

A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.

An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.

Question 6

Select the option that is FALSE for Resource Groups.

A. Resources may be moved from one resource group to another
B. Resources can be nested
C. A resource can only belong to one resource group
D. The resources in a resource group can be located in different regions than the resource group
E. You can deploy up to 800 instances of a resource type in each resource group
F. You can add or remove a resource to a resource group at any time

Answer 6

B. Resources can be nested

Explanation:
Resource groups can’t be nested, i.e, a resource group cannot exist inside another resource group. It is however possible is to link resources from other resource groups within a resource group.

From the official documentation (amazing summary, please do read) -

Question 7

In a Private Preview, Azure invites all customers to take part in early access to new concepts and features.

A. True
B. False

Answer 7

B. False

Explanation:
From the official documentation:

Private Preview - During this phase we invite a few customers to take part in early access to new concepts and features. This phase DOES NOT include formal support.

Question 8

Azure Advisor has the ability to provide recommendations for Azure ExpressRoute.

A. No
B. Yes

Answer 8

B. Yes

Explanation:
From the official Azure documentation:

Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.

Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic Manager profiles, and virtual machines.

Azure Advisor also includes your recommendations from Microsoft Defender for Cloud which may include recommendations for additional resource types.

Question 9

In the case of Resource groups, the most restrictive lock in the inheritance takes precedence.

A. Yes
B. No

Answer 9

A. Yes

Explanation:
When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Question 10

Azure HDInsight can be used to run popular open-source frameworks including Apache Hadoop, Spark, Hive, Kafka, and more for open-source big data analytics.

A. No
B. Yes

Answer 10

B. Yes

Explanation:
Yes! Azure HDInsight is an enterprise-ready, managed cluster service for open-source analytics.

You can run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka,

and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. You can also effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Question 11

Your manager has asked you to recommend an Azure Service that can be used to securely manage and store certificates for your teams services. Which of the following would you recommend?

A. Azure Active Directory
B. Azure Bastion
C. Azure Key Vault
D. Azure Confidential Ledger

Answer 11

C. Azure Key Vault

Explanation:
Secure key management is essential to protect data in the cloud . Azure Key Vault encrypts keys and small secrets like passwords that use keys stored in hardware security modules (HSMs).

For more assurance, it is possible to import or generate keys in HSMs, and Microsoft processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). With Key Vault, Microsoft doesn’t see or extract your keys.

You can monitor and audit your key use with Azure logging—pipe logs into Azure HDInsight or your security information and event management (SIEM) solution for more analysis and threat detection.

All of the control, none of the work - the motto

By using Key Vault, you don’t need to provision, configure, patch, and maintain HSMs and key management software. Provision new vaults and keys (or import keys from your own HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over your keys—simply grant permission for your own and partner applications to use them as needed. Applications never have direct access to keys. Developers manage keys used for Dev/Test and seamlessly migrate to production the keys that are managed by security operations.

Question 12

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure Event Hubs and Azure Blob Storage.

Would you agree with this implementation?

A. No
B. Yes

Answer 12

A. No

Explanation:
Even though Azure Event Hubs falls under PaaS, Azure Blob Storage is considered IaaS and therefore our requirements are not met.

Question 13

If you want to raise the limit or quota above the default limit, _____________________

A. Upgrade your support plan
B. Create an Azure Policy defining this increase but it will be charged
C. Open an online custom support request at no charge
D. Define a blueprint in Azure Blueprint to implement this change

Answer 13

C. Open an online custom support request at no charge

Explanation:
If you want to raise the limit or quota above the default limit, you can open an online customer support request at no charge.

Question 14

An Azure subscription can trust multiple Azure Active Directory (Azure AD) tenants

A. No
B. Yes

Answer 14

A. No

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Please Note :

Multiple subscriptions can trust the same Azure AD directory. Each subscription can

only trust a single directory.

Question 15

The private preview phase for a service includes formal support.

A. No
B. Yes

Answer 15

A. No

Explanation:
No. Private is a phase when Azure invites a few customers to take part in early access to new concepts and features. This phase does not include formal support. It is not available to the general public as well.

Question 16

Which of the following services can help you decouple components and asynchronous message storage, for communication between application components, whether they are running in the cloud, on the desktop, on-premise, or on mobile devices?

A. Azure Asynchronous Communicator
B. Azure Data Box
C. Azure File Sync
D. Azure Queue Storage

Answer 16

D. Azure Queue Storage

Explanation:
You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices.

A single queue message can be up to 64 KB in size, and a queue can contain millions of messages, up to the total capacity limit of a storage account. Queue storage is often used to create a backlog of work to process asynchronously

Question 17

When you cancel an Azure Subscription, your resources are immediately deleted permanently to free up space.

A. No
B. Yes

Answer 17

A. No

Explanation:
When you cancel an Azure subscription:

A resource lock doesn't block the subscription cancellation.

Azure preserves your resources by deactivating them instead of immediately deleting them.

Azure only deletes your resources permanently after a waiting period.

Question 18

Each Azure Subscription can trust multiple Active Directories.

A. True
B. False

Answer 18

B. False

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Question 19

Where can you obtain up-to-date details about the personal data Microsoft processes, how it processes it and for what purposes?

A. Compliance Manager
B. Azure Knowledge Center
C. Microsoft Privacy Statement
D. Azure Trust Center

Answer 19

C. Microsoft Privacy Statement

Explanation:
This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes.

Microsoft offers a wide range of products, including server products used to help operate enterprises worldwide, devices you use in your home, software that students use at school, and services developers use to create and host what’s next. References to Microsoft products in this statement include Microsoft services, websites, apps, software, servers, and devices.

Please read the product-specific details in this privacy statement, which provide additional relevant information. This statement applies to the interactions Microsoft has with you and the Microsoft products listed below, as well as other Microsoft products that display this statement.

Question 20

A SaaS solution allows access to the underlying Operating System of the application.

A. Yes
B. No

Answer 20

B. No

Explanation:
A SaaS solution does not provide access to the operating system. In fact, with a SaaS we have the least maintenance effort but also the least degree of control.

An example of SaaS is Zoom, Outlook etc.

Question 21

_______ is capable of sending encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.

A. A VPN Gateway
B. An Application Gateway
C. Network Security Group (NSG)
D. A Firewall

Answer 21

A. A VPN Gateway

Explanation:
From the official documentation:

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

Question 22

As a consultant, which of the following Locks would you recommend to an organization to prevent deletion or modification of mission-critical resources?

A. ReadOnly
B. CanNotModify
C. IsCritical
D. CanNotChange

Answer 22

A. ReadOnly

Explanation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.

You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. In the left navigation panel, the subscription lock feature’s name is Resource locks, while the resource group lock feature’s name is Locks.

CanNotDelete means authorized users can read and modify a resource, but they can't delete it.

ReadOnly means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides.

Question 23

Azure HDInsight an example of a Software as a Service (SaaS) offering.

A. No
B. Yes

Answer 23

A. No

Explanation:
No, Azure HDInsight is a PaaS offering.

From the official Azure documentation:

Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Question 24

Azure guarantees 99.99% availability for the Free version of the Azure Active Directory (AAD).

A. Yes
B. No

Answer 24

B. No

Explanation:
Note from the above image that NO SLA is provided for the FREE tier of the Azure Active Directory!

Question 25

It’s possible to deploy an Azure VM from an Ubuntu system by using PowerShell in the Cloud Shell.

A. No
B. Yes

Answer 25

B. Yes

Explanation:
Tip: Most such questions mentioning Operating Systems (Ubuntu, Linux, Windows, MacOS) are to create confusion. If you can open a browser - you can access the Cloud Shell which gives you access to Bash or PowerShell.

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Question 26

When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals still maintain access to Azure resources.

A. No
B. Yes

Answer 26

A. No

Explanation:
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

One or more Azure subscriptions can establish a trust relationship with an instance of Azure Active Directory (Azure AD) in order to authenticate and authorize security principals and devices against Azure services. When a subscription expires, the trusted instance of the Azure AD service remains, but the security principals LOSE access to Azure resources.

Question 27

Is there a default spending limit for the Azure Free account?

A. Yes
B. No

Answer 27

A. Yes

Explanation:
A credit of $200 is assigned to the Free account and is valid for 30 days from the

date of activation.

Question 28

You have managed an App that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and be relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?

A. SaaS
B. PaaS
C. IaaS
D. DaaS

Answer 28

B. PaaS

Explanation:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and access them over a secure Internet connection.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

PaaS allows you to avoid the expense and complexity of buying and managing software licenses, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes, or the development tools and other resources. You manage the applications and services you develop, and the cloud service provider typically manages everything else.

Since we need to reduce the overhead effort of managing everything, and create our

own solution, PaaS is the best option!

Question 29

Every Azure region is composed of a set of datacenters.

A. No
B. Yes

Answer 29

B. Yes

Explanation:
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. Each Azure region has a minimum of three availability zones.

Question 30

Yes or No:

The composite SLA for an application replying on multiple services would be higher than the individual SLAs of the particular services.

A. No
B. Yes

Answer 30

A. No

Explanation:
From the official Azure documentation:

Composite SLAs involve multiple services supporting an application, each with differing levels of availability.

For example, consider an App Service web app that writes to Azure SQL Database. At the time of this writing, these Azure services have the following SLAs:

App Service web apps = 99.95%

SQL Database = 99.99%

What is the maximum downtime you would expect for this application? If either service fails, the whole application fails. The probability of each service failing is independent, so the composite SLA for this application is 99.95% × 99.99% = 99.94%. That’s LOWER than the individual SLAs, which isn’t surprising because an application that relies on multiple services has more potential failure points.

You can improve the composite SLA by creating independent fallback paths. For example, if SQL Database is unavailable, put transactions into a queue to be processed later.

With this design, the application is still available even if it can’t connect to the database. However, it fails if the database and the queue both fail at the same time. The expected percentage of time for a simultaneous failure is 0.0001 × 0.001, so the composite SLA for this combined path is:

Database or queue = 1.0 − (0.0001 × 0.001) = 99.99999%

The total composite SLA is:

Web app and (database or queue) = 99.95% × 99.99999% = ~99.95%

There are tradeoffs to this approach. The application logic is more complex, you are paying for the queue, and you need to consider data consistency issues.

Question 31

Select the three types of storage tiers for Azure Blob Storage?

A. Cold Tier
B. Archive Storage Tier
C. Hot Tier
D. Deep Sleep Tier
E. Infrequently Accessed Tier

Answer 31

A. Cold Tier
B. Archive Storage Tier
C. Hot Tier

Explanation:
Azure storage offers different access tiers, which allow you to store blob object data in the most cost-effective manner. The available access tiers include:

1) Hot Storage- Optimized for storing data that is accessed frequently.

2) Cool Storage- Optimized for storing data that is infrequently accessed and stored for at least 30 days.

3) Archive Storage- Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours).

Reference : https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal

Question 32

Australia is composed of 1 single Azure Region.

A. Yes
B. No

Answer 32

B. No

Explanation:
No, Australia has several Azure regions -

Including Australia East, Central, Southeast etc.

Question 33

Choose 3 components of Azure SLAs:

A. Usage Targets
B. Uptime and Connectivity Guarantees
C. Service Credits
D. Performance Targets

Answer 33

B. Uptime and Connectivity Guarantees
C. Service Credits
D. Performance Targets

Explanation:
A Service Level Agreement or SLA is a formal document that provides specific terms that state the level of service that will be provided to a customer. Microsoft’s Azure SLA defines three primary characteristics of

Azure service - Performance targets, Uptime, and Connectivity guarantees.

It should be noted that the free and shared tiers of many services DO NOT come with an SLA. (Imp.)

Reference : https://cloudacademy.com/course/understanding-azure-pricing-and-support/service-level-agreements/

Question 34

Which of the following requires the greatest security effort on your part?

A. DaaS
B. IaaS
C. PaaS
D. SaaS

Answer 34

B. IaaS

Explanation:
IaaS (Infrastructure as a Service) is, in effect, where a cloud provider hosts the infrastructure components traditionally present in an on-premises data center including servers (operating systems), storage and networking hardware as well as the virtualization or hypervisor layer.

From a security perspective, this offering is probably the closest to traditional in-house IT infrastructure, (Indeed, many companies will effectively move existing server payloads to IaaS either partially or completely resulting in a hybrid solution.) and it will require much of the same security tools as a result.

Reference : https://www.tripwire.com/state-of-security/security-data-protection/cloud/secure-configuration-cloud-iaas-paas-saas/

Question 35

With Azure ___________ , you can scale your applications and create highly available services

A. Information Protection
B. Kubernetes
C. Bastion
D. Load Balancer

Answer 35

D. Load Balancer

Explanation:
From the official documentation:

Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.

Why use Azure Load Balancer?

With Azure Load Balancer, you can scale your applications and create highly available services. Load balancer supports both inbound and outbound scenarios. Load balancer provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

Question 36

An organization is planning to migrate large amounts of data from their On-Prem storage to Azure. However, they are worried of incurring huge costs for this transfer and have halted their plans for now.

Is this assumption valid?

A. No
B. Yes

Answer 36

A. No

Explanation:
Data ingress (incoming) to Azure data centers is free, so the organizations assumptions are invalid.

Question 37

A startup is planning to run a few simulations and needs to deploy pre-configured Virtual Machines in a lab-like environment using ARM templates. These VMs will be used to test app versions and scale up load testing by creating multiple test agents and environments.

As the principal consultant, which of the following services would you recommend?

A. Azure DevTest Labs
B. Microsoft Managed Desktop
C. Azure VM Scale Sets
D. Azure Reserved VM Instances

Answer 37

A. Azure DevTest Labs

Explanation:
Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms.

Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.

Question 38

Yes or No:

If you have a Delete lock on a resource and attempt to delete its resource group, all resources inside the resource group still get deleted.

A. No
B. Yes

Answer 38

A. No

Explanation:
Explanation

From the official docs:

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add later inherit the same parent lock. The most restrictive lock in the inheritance takes precedence.

If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.

Question 39

Yes or No:

In order to move a VM from one subscription to another, it must first be stopped.

A. No
B. Yes

Answer 39

A. No

Explanation:
From the official documentation:

Virtual Machines are resources and can be moved to a new subscription.

Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to stop the VM in order to move it and it should continue to run during the move.

Question 40

Is data transfer between Azure services located in two regions free?

A. No
B. Yes

Answer 40

A. No

Explanation:
Outbound data transfer is charged at the normal rate and inbound data transfer is free.

Question 41

Which of the following can you use to filter traffic to and from an Azure Virtual Network?

A. Azure DDoS Protection
B. Azure Firewall
C. Azure network Security Group
D. Azure Advanced Threat Protection (ATP)

Answer 41

C. Azure network Security Group

Explanation:
You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

For each rule, you can specify source and destination, port, and protocol. This article describes properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule.

Question 42

Which of the following statements BEST describes the Modern Lifecycle Policy for Azure products and services?

A. For products and services governed by the Modern Lifecycle Policy, unless otherwise noted, Microsofts policy to provide a minimum 120 days notification when customers are required to take action in order to avoid significant degradation to the normal use of the product or service
B. For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 6 months notification prior to ending support if no successor product or service is offered - excluding free services or preview releases
C. For products and services governed by the Modern Lifecycle Policy, unless other noted, Microsofts policy is to provide a minimum 90 days notification when customers are required to take action in order to avoid
D. For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months notification prior to ending support if no successor product or service is offered - excluding free services or preview releases

Answer 42

D. For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months notification prior to ending support if no successor product or service is offered - excluding free services or preview releases

Explanation:
The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. Under this policy, the product or service remains in support if the following criteria are met:

Customers must stay current as per the servicing and system requirements published for the product or service.

Customers must be licensed to use the product or service.

Microsoft must currently offer support for the product or service.

Hence, only the statement -

“For products governed by the Modern Lifecycle Policy,

Microsoft will provide a minimum of 12 months’ notification prior to ending support

if no successor product or service is offered —excluding free services or preview

releases.” is correct.

Question 43

You plan to provision Infrastructure as a Service (IaaS) resources in Azure.

Which of the following is an example of IaaS in Azure?

A. Azure Event hubs
B. Azure Machine Learning
C. Azure HDInsight
D. Azure Virtual Machine

Answer 43

D. Azure Virtual Machine

Explanation:
An Azure virtual machine is an example of Infrastructure as a Service (IaaS).

Azure Machine Learning, Azure Event Hubs, Azure HDInsight are all examples of Platform as a Service (Paas)

Question 44

Which of the following is a great place to start when examining the security of your Azure-based solutions and provides threat protection across all of your services both in Azure, and on-premises?

A. Azure Security Center
B. Azure Trust Center
C. Azure Compliance Manager
D. Azure Advanced threat protection

Answer 44

A. Azure Security Center

Explanation:
A great place to start when examining the security of your Azure-based solutions is Azure Security Center. Security Center is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises. Security Center can:

1) Provide security recommendations based on your configurations, resources, and networks.

2) Monitor security settings across on-premises and cloud workloads, and automatically apply

required security to new services as they come online.

3) Continuously monitor all your services, and perform automatic security assessments to

identify potential vulnerabilities before they can be exploited.

4) Use machine learning to detect and block malware from being installed on your virtual

machines and services. You can also define a list of allowed applications to ensure that only

the apps you validate are allowed to execute.

5) Analyze and identify potential inbound attacks, and help to investigate threats and any post-

breach activity that might have occurred.

Question 45

A company has approached you to help them plan an architecture, that would be capable of capturing data from millions of connected devices and securely storing them for analysis. Which of the following two services would you include in the project proposal?

A. Azure Data Lake
B. Azure IoT Hubs
C. Azure Notification Hubs
D. Azure ExpressRoute

Answer 45

A. Azure Data Lake
B. Azure IoT Hubs

Explanation:
From the official Azure documentation:

Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.

Several messaging patterns are supported, including device-to-cloud telemetry, uploading files from devices, and request-reply methods to control your devices from the cloud. IoT Hub also supports monitoring to help you track device creation, device connections, and device failures.

IoT Hub scales to millions of simultaneously connected devices and millions of events per second to support your IoT workloads. For more information about scaling your IoT Hub, see IoT Hub scaling. To learn more about the tiers of service offered by IoT Hub, check out the pricing page.

IoT Hub can further route messages to Azure Data Lake Storage.

Reference 1 (IoT Hub) - https://azure.microsoft.com/en-in/services/iot-hub/

Reference 2 (Data Lake) - https://azure.microsoft.com/en-in/solutions/data-lake/

Question 46

Which of the following services would you use to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps without having any machine-learning expertise?

A. Azure Cognitive Services
B. Azure Machine Learning Studio
C. Azure Events Hub
D. Azure App Services

Answer 46

A. Azure Cognitive Services

Explanation:
Cognitive Services bring AI within reach of every developer—without requiring machine-learning expertise. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate decision-making into your apps.

Reference : https://azure.microsoft.com/en-us/services/cognitive-services/#feature

Question 47

Which of the following would you use if you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications?

A. Azure Advisor
B. Azure Sentinel
C. Azure Service Health
D. Azure Monitor

Answer 47

D. Azure Monitor

Explanation:
From the Official Azure Documentation:

If you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Reference: https://docs.microsoft.com/en-ca/learn/modules/monitoring-fundamentals/3-analyze-decision-criteria

Question 48

True or False:

A Platform as a Service (PaaS) solution that has already been deployed cannot be scaled up or out without re-deploying it.

A. False
B. True

Answer 48

A. False

Explanation:
You can always scale your PaaS solution up (increase the memory) or out (add more instances) without re-deployment.

The very beauty of PaaS is that it allows you to avoid the expense and complexity of buying and managing software licences, the underlying application infrastructure and middleware, container orchestrators such as Kubernetes or the development tools and other resources. You manage the applications and services that you develop, and the cloud service provider typically manages everything else.

Question 49

If you setup a free Azure account, then does the Standard support plan come along with this free account?

A. No
B. Yes

Answer 49

A. No

Explanation:
The BASIC Support plan is associated with all accounts but a STANDARD plan needs to be purchased and costs $100/month.

Reference: https://azure.microsoft.com/en-in/support/plans/

Question 50

Suppose the lead architect in your company has asked your team to implement a PaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure SQL Database and an Azure Load Balancer.

Would you agree with this implementation?

A. Yes
N. No

Answer 50

B. No

Explanation:
Explanation

Tricky question!

Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure as servers, storage, and networking, but also middleware, development tools, business intelligence (BI) services, database management systems, and more.

Azure SQL Databases are PaaS, that’s fine. BUT:

Azure Load Balancers are IaaS not PaaS!