Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Azure Fundamentals > Practice Test 3 (Udemy) > Flashcards

Practice Test 3 (Udemy) Flashcards

1
Q

Which Azure service should you use to store certificates?

A. Azure Security Center
B. An Azure Storage Account
C. Azure Information Protection
D. Azure Key Vault

A

D. Azure Key Vault

Explanation:
From the Official Azure Documentation:

Azure Key Vault helps solve the following problems:

1) Secrets Management - Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets

2) Key Management - Azure Key Vault can also be used as a Key Management solution. Azure Key Vault makes it easy to create and control the encryption keys used to encrypt your data.

3) Certificate Management - Azure Key Vault is also a service that lets you easily provision, manage, and deploy public and private Transport Layer Security/Secure Sockets Layer (TLS/SSL) certificates for use with Azure and your internal connected resources.

Azure Key Vault has two service tiers: Standard, which encrypts with a software key, and a Premium tier, which includes hardware security module(HSM)-protected keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

_________________ is a hosting service for Domain Name System domains that provides name resolution by using Microsoft Azure infrastructure.

A. Azure VPN Gateway
B. Azure ExpressRoute
C. Azure Virtual Subnets
D. Azure DNS

A

D. Azure DNS

Explanation:
From the Official Azure Documentation:

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains then can be hosted in Azure DNS for record management. For more information, see Delegate a domain to Azure DNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You can link virtual networks together by using ________________.

A. Virtual Network Proxy
B. Virtual Network Hub
C. Virtual Network Peering
D. Virtual Network Seeding

A

C. Virtual Network Peering

Explanation:
Explanation

From the Official Azure Documentation:

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other. These virtual networks can be in separate regions, which allows you to create a global interconnected network through Azure.

User-defined routes (UDR) are a significant update to Azure’s Virtual Networks that allows for greater control over network traffic flow. This method allows network administrators to control the routing tables between subnets within a VNet, as well as between VNets.

Reference: https://docs.microsoft.com/en-ca/learn/modules/azure-networking-fundamentals/azure-virtual-network-fundamentals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Azure Service Health allows us to define the critical resources that should never be impacted due to outages and downtimes.

A. Yes
N. No

A

B. No

Explanation:
From the Official Azure Documentation:

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Although you can see when a maintenance is planned and act accordingly to migrate a VM if needed, you can’t prevent service failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

It’s possible to deploy a new Azure VM from a Google Chromebook by using PowerAutomate.

A. No
B. Yes

A

A. No

Explanation:

Tricky question! PowerAutomate is not the same as PowerShell.
PowerAutomate moreover isn’t a part of Azure! It falls under the Microsoft umbrella of offerings, just like PowerApps.

Hence, this statement is definitely False. You can use the Azure portal to provision Virtual Machines, or even the CLI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

_______________ copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability.

A. Geo-zone redundant storage (GZRS)
B. Zone Redundant Storage (ZRS)
C. Locally Redundant Storage (LRS)
D. Planet redundant storage (PRS)

A

B. Zone Redundant Storage (ZRS)

Explanation:
From the Official Azure Documentation:

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but isn't recommended for applications requiring high availability or durability.

Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.

Geo-zone-redundant storage (GZRS) combines the high availability provided by redundancy across availability zones with protection from regional outages provided by geo-replication. Data in a GZRS storage account is copied across three Azure availability zones in the primary region and is also replicated to a secondary geographic region for protection from regional disasters.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

______________ is a set of capabilities in Azure Active Directory (AAD) that enables organizations to secure and manage any outside user, including customers and partners.

A. External Identities
B. External User Management
C. Sentinel
D. External Profiles

A

A.External Identities

Explanation:
From the Official Azure Documentation:

External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Yes or No:

A Resource can only access other resources in the same resource group.

A. No
B. Yes

A

A. No

Explanation:
From the official Azure documentation:

A resource can connect to resources in other resource groups. This scenario is common when the two resources are related but don’t share the same lifecycle. For example, you can have a web app that connects to a database in a different resource group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is the mission-critical cloud deployment available only to US Federal, State, Local and Tribal Governments and their partners?

A. ISO
B. Azure Government
C. Azure Nation
D. Azure Federal

A

B. Azure Government

Explanation:
From the Official Azure Documentation:

Azure Government is the mission-critical cloud, delivering breakthrough innovation to US government customers and their partners. Only US federal, state, local and tribal governments and their partners have access to this dedicated instance, operated by screened US citizens. Azure Government offers the broadest level of certifications of any cloud provider to simplify even the most critical government compliance requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is network latency?

A. the maximum amount of data that can travel over the network
B. The cost incurred by the data traveling over the network
C. The time it takes for data to travel over the network
D. The distance the data travel over the network

A

C. The time it takes for data to travel over the network

Explanation:
Network latency is the time it takes for data or a request to go from the source to the destination. Latency in networks is measured in milliseconds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Azure ____________ is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.

A. Locks
B. Policies
C. Role Based Access Control (RBAC)
D. Resource Groups

A

C. Role Based Access Control (RBAC)

Explanation:
From the official Azure docs:

Access management for cloud resources is a critical function for any organization that is using the cloud. Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Azure RBAC is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.

What can you do with Azure RBAC?

Here are some examples of what you can do with Azure RBAC:

Allow one user to manage virtual machines in a subscription and another user to manage virtual networks

Allow a DBA group to manage SQL databases in a subscription

Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets

Allow an application to access all resources in a resource group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Having a hybrid cloud solution in place could be useful when regulations or policies do not permit moving specific data or workloads to the cloud.

A. Yes
B. No

A

A. yes

Explanation:
From the official Azure documentation:

When organizations move workloads and data to the cloud, their on-premises datacenters often continue to play an important role. The term hybrid cloud refers to a combination of public cloud and on-premises datacenters, to create an integrated IT environment that spans both. Some organizations use hybrid cloud as a path to migrate their entire datacenter to the cloud over time. Other organizations use cloud services to extend their existing on-premises infrastructure.

When to use a hybrid solution

Consider using a hybrid solution in the following scenarios:

As a transition strategy during a longer-term migration to a fully cloud-native solution.

When regulations or policies do not permit moving specific data or workloads to the cloud.

For disaster recovery and fault tolerance, by replicating data and services between on-premises and cloud environments.

To reduce latency between your on-premises datacenter and remote locations, by hosting part of your architecture in Azure.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

____________ is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. It also simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

A. Azure DNS
B. Azure Bridge
C. Azure Sentinel
D. Azure Arc

A

D. Azure Arc

Explanation:
Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems.

Today, companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources.

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following services allows you to easily run popular open source frameworks including Apache Hadoop, Spark, and Kafka for open source analytics?

A. Azure Data Lake Analytics
B. Azure Cognitive Services
C. Azure Cosmos DB
D. Azure HDInsight

A

D. Azure HDInsight

Explanation:
VERY IMPORTANT!

From the Official Azure docs:

We can easily run popular open source frameworks—including Apache Hadoop, Spark, and Kafka—using Azure HDInsight, a cost-effective, enterprise-grade service for open source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open source ecosystem with the global scale of Azure.

Many people get confused between Azure HDInsight and Azure Databricks -

1) Azure HDInsight brings both Hadoop and Spark under the same umbrella and enables enterprises to manage both using the same set of tools e.g. using Ambari, Apache Ranger etc. It also offers industry standard notebook experience with support for both Jupyter and Zeppelin notebooks. Enterprises that want this ease of manageability across all their big data workloads can choose to use HDInsight.

2) Azure Databricks is a premium Spark offering that is ideal for customers who want their data scientists to collaborate easily and run their Spark based workloads efficiently and at industry leading performance.

Azure Databricks is an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. For more details, refer to Azure Databricks Documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

______________ is a command-line utility that you can use to copy blobs or files to or from a storage account.

A. AzCopy
B. AzReplicate
C. AzMigrate
D. AzMove

A

A. AzCopy

Explanation:
From the Official Azure Documentation:

AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Example of a command -

azcopy make 'https://mystorageaccount.file.core.windows.net/myfileshare?
sv=2018-03-28&ss=bjqt&srs=sco&sp=rjklhjup&se=2019-05-10T04:37:48Z&st=2019-05-
09T20:37:48Z&spr=https&sig=%2FSOVEFfsKDqRry4bk3qz1vAQFwY5DDzp2%2B%2F3Eykf%2FJLs%3D'
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A recent unapproved size change to one of the Virtual Machines (VMs) in your company has led to a huge unexpected bill. Which of the following services can help you identify the user who made this unapproved change?

A. Azure Service Health
B. Azure Activity Log
C. Azure Xamarin
D. Azure Event Hubs
E. Azure Information Protection (AIP)

A

B. Azure Activity Log

Explanation:
From the Official Azure Documentation:

The Azure Monitor activity log is a platform log in Azure that provides insight into subscription-level events. The activity log includes information like when a resource is modified or a virtual machine is started. You can view the activity log in the Azure portal or retrieve entries with PowerShell and the Azure CLI. This article provides information on how to view the activity log and send it to different destinations.

Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which of the following is a free tool to conveniently manage your Azure cloud storage resources from your desktop?

A. Azure FileSync
B. Azure AzCopy
C. Azure Data Box
D. Azure Storage Explorer
E. Azure Migrate

A

D. Azure Storage Explorer

Explanation:
From the Official Azure Documentation:

Azure Storage Explorer is a free tool to conveniently manage your Azure cloud storage resources from your desktop.

Reference : https://azure.microsoft.com/en-ca/features/storage-explorer/#overview

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

It’s possible to deploy an Azure VM from a MacOS based system by using which of the following options?

A. Azure CLI
B. Azure Cloudshell
C. Azure Powershell
D. Azure Portal

A

A. Azure CLI
B. Azure Cloudshell
C. Azure Powershell
D. Azure Portal

Explanation:
All of the above can be used to manage Azure resources on a MacOS based system!

Azure Portal - Available for all Operating Systems

Azure CLI - Available for MacOS, Windows and Linux

Azure Powershell - Available to install on MacOS, Windows, Linux, Docker, and Arm (Subset of Azure Cloudshell)

Azure Cloudshell - Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your company makes use of several SQL databases. However, you want to increase their efficiency because of varying and unpredictable workloads. Which of the following can help you with this?

A. Region Pairs
B. Elastic Pools
C. Resource Tags
D. Scale Sets

A

B. Elastic Pools

Explanation:
Just like Azure VM Scale Sets are used with VMs, you can use Elastic Pools with Azure

SQL Databases!

SQL Database elastic pools are a simple, cost-effective solution for managing and scaling multiple databases that have varying and unpredictable usage demands. The databases in an elastic pool are on a single Azure SQL Database server and share a set number of resources at a set price. Elastic pools in Azure SQL Database enable SaaS developers to optimize the price performance for a group of databases within a prescribed budget while delivering performance elasticity for each database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

_____________ devices can easily move data to Azure when busy networks aren’t an option.

A. Azure Data Box
B. Azure File Sync
C. Azure Storage Explorer
D. Azure Migrate

A

A. Azure Data Box

Explanation:
From the Official Azure Documentation:

Azure Data Box devices easily move data to Azure when busy networks aren’t an option. Move large amounts of data to Azure when you’re limited by time, network availability, or costs, using common copy tools such as Robocopy. All data is AES-encrypted, and the devices are wiped clean after upload, in accordance with NIST Special Publication 800-88 revision 1 standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The members of your organization have been complaining about having to enter their password too many times which is frustrating. Moreover, users also tend to forget their passwords which leads to reset overhead. Which of the following services in Azure can help with this?

A. Azure Active Directory Passwordless
B. Azure Active Directory SeamlessAuth
C. Azure ExpressRoute
D. Azure Arc

A

A. Azure Active Directory Passwordless

Explanation:
From the Official Azure Documentation:

Features like multifactor authentication (MFA) are a great way to secure your organization, but users often get frustrated with the additional security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have, plus something you are or something you know.

Each organization has different needs when it comes to authentication. Microsoft global Azure and Azure Government offer the following three passwordless authentication options that integrate with Azure Active Directory (Azure AD):

Windows Hello for Business

Microsoft Authenticator

FIDO2 security keys

ou can also allow your employee’s phone to become a passwordless authentication method. You may already be using the Authenticator app as a convenient multi-factor authentication option in addition to a password. You can also use the Authenticator App as a passwordless option.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A startup has deployed a set of Virtual Machines which are critical for their day-to-day operations. They need to ensure their availability even if a single data center goes down.

One of their interns has suggested that deploying these VMs using a Scale Set would solve the problem. Do you agree?

A. No
B. Yes

A

A. No

Explanation:
This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.

Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

An Azure ________________ is a connection between two Azure Regions within the same geographic region for disaster recovery purposes.

A. Geography
B. Region
C. Availability Zone
D. Region Pair

A

D. Region Pair

Explanation:
Regional Pairs are 2 connected Azure Regions for Disaster Recovery within the same Geography.

Many organizations require both high availability provided by availability zones that are also supported with protection from large-scale phenomena and regional disasters. As discussed in the resiliency overview for regions and availability zones, Azure regions are designed to offer protection against local disasters with availability zones. But they can also provide protection from regional or large geography disasters with disaster recovery by making use of another region that uses cross-region replication.

To ensure customers are supported across the world, Azure maintains multiple geographies. These discrete demarcations define a disaster recovery and data residency boundary across one or multiple Azure regions.

Cross-region replication is one of several important pillars in the Azure business continuity and disaster recovery strategy. Cross-region replication builds on the synchronous replication of your applications and data that exists by using availability zones within your primary Azure region for high availability. Cross-region replication asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.

Example -

Reference: https://docs.microsoft.com/en-us/azure/availability-zones/cross-region-replication-azure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which Azure service should you use to correlate events from multiple resources into a centralized repository?

A. Azure Log Analytics
B. Azure Event Hubs
C. Azure Cosmos DB
D. Azure Blueprint

A

B. Azure Event Hubs

Explanation:
From the official documentation:

Event Hubs is a fully managed, real-time data ingestion service that’s simple, trusted and scalable. Stream millions of events per second from any source to build dynamic data pipelines and immediately respond to business challenges. Keep processing data during emergencies using the geo-disaster recovery and geo-replication features.

Integrate seamlessly with other Azure services to unlock valuable insights. Allow existing Apache Kafka clients and applications to talk to Event Hubs without any code changes – you get a managed Kafka experience without having to manage your own clusters. Experience real-time data ingestion and microbatching on the same stream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Your streaming website experiences a burst of heavy traffic whenever you launch a new web-series, but relatively moderate traffic on other days. Which of the following would be a great benefit if you migrate your setup to Azure?

A. Low Latency
B. Load Balancing
C. Elasticity
D. High Availability

A

C. Elasticity

Explanation:
From the official Azure docs:

Elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations.

With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn’t have to worry about investing in the purchase or maintenance of additional resources and equipment.

26
Q

Microsoft Azure services operated by ____________ in China.

A. Alibaba
B. 21Vianet
C. Morgan Stanley
D. Xiaomi

A

B. 21Vianet

Explanation:
Microsoft Azure operated by 21Vianet is the first international public cloud service that has been commercialized in China in compliance with Chinese laws and regulations.

27
Q

After taking a lot of courses and understanding cloud fundamentals, you’ve realized that migrating your business resources to Azure makes the most sense. Based on your understanding, which of the following would you need to create first?

A. A resource lock
B. A resource group
C. A virtual network
D. A subscription

A

D. A subscription

Explanation:
A subscription needs to be created first and foremost.

The Azure account is what lets you access Azure services and Azure subscriptions. It is possible to create multiple subscriptions in our Azure account to create separation for billing or management purposes. In your subscription(s) you can manage resources in resources groups.

The Azure hierarchy looks like :

Tenancy -> Subscription -> Resource Group -> Resource.

28
Q

_____________ notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.

A. Azure Health Bot
B. Azure Chaos Studio
C. Azure Percept
D. Azure Service Health

A

D. Azure Service Health

Explanation:
Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Reference: https://azure.microsoft.com/en-ca/features/service-health/#overview

29
Q

Suppose the lead architect in your company has asked your team to implement a IaaS based solution in Azure for a quick Proof-of-Concept (POC) to senior management. One of your colleagues goes ahead and creates an Azure Virtual Network and 3 Azure Virtual machines.

Would you agree with this implementation?

A. No
B. Yes

A

B. Yes

Explanation:
Azure Virtual Machines and Azure Virtual Networks both fall under the IaaS category, and therefore this solution would meet the lead architect’s ask.

Please refer to this diagram for simplicity.

30
Q

________________ is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems.

A. Azure Logic Apps
B. Azure DevOps
C. Azure App Service
D. Azure Events Hub

A

A. Azure logic Apps

Explanation:
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

31
Q

Which of the following Azure Storage would you use to store different types of files such as videos, audios, text in a highly cost effective and scalable manner?

A. Azure Cosmos DB
B. Azure PostgreSQL
C. Azure Blob Storage
D. Azure SQL Database

A

C. Azure Blob Storage

Explanation:
From the official Azure documentation:

A blob is a binary, large object and a storage option for any type of data that you want to store in a binary format. Learn about blob types.

Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.

Blob storage is designed for:

1) Serving images or documents directly to a browser.

2) Storing files for distributed access.

3) Streaming video and audio.

4) Writing to log files.

5) Storing data for backup and restore, disaster recovery, and archiving.

6) Storing data for analysis by an on-premises or Azure-hosted service.

32
Q

As the Lead Security Engineer of your organization, you’re worried that someone may mistakenly delete mission critical resources in Azure. What can you do to prevent this from accidentally happening?

A. Use Azure Monitor to define policies
B. Use Azure ExpressRoute
C. Apply the DoNotTouch Lock on the resources
D. Use an Azure Virtual Subnet
E. Apply the CanNotDelete Lock on the resources

A

E. Apply the CanNotDelete Lock on the resources

Explanation:
Applying a delete lock to the resource group will prevent the resources inside it from being deleted.

As an administrator, you can lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. The lock overrides any permissions the user might have.

You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively:

1) CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.

2) ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources

33
Q

For all cloud deployment types, you own your ___________ and _______________. You’re also responsible for their security.

A. data, identities
B. data, physical network
C. devices, operating system
D. information, network controls

A

A. data, identities

Explanation:
From the Official Azure Documentation:

As you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter.

Division of responsibility

In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.

For all cloud deployment types, you own your data and identities. You are responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control (which varies by service type).

Regardless of the type of deployment, the following responsibilities are always retained by you:

Data

Endpoints

Account

Access management
34
Q

You are looking to link resources together in your on-premises environment and within your Azure subscription but don’t want the connection to travel over the internet. Which of the following can you use?

A. Azure Site to Site VPN
B. Azure ExpressRoute
C. Azure Sentinel
D. Azure Bastion
E. Azure Point to Site VPN

A

B. Azure ExpressRoute

Explanation:
From the Official Azure Documentation:

Azure virtual networks enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments. There are three mechanisms for you to achieve this connectivity:

Point-to-site virtual private networks The typical approach to a virtual private network (VPN) connection is from a computer outside your organization, back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect that computer to the Azure virtual network.

Site-to-site virtual private networks A site-to-site VPN links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.

Azure ExpressRoute For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides a dedicated private connectivity to Azure that doesn't travel over the internet.
35
Q

A _______________ can enable branch offices to share sensitive information between locations.

A. Bastion
B. DNS
C. Bridge
D. VPN

A

D. VPN

Explanation:
From the Official Azure Documentation:

VPNs use an encrypted tunnel within another network. They’re typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet). Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks.

VPNs can enable branch offices to share sensitive information between locations. For example, let’s say that your offices on the East coast region of North America need to access your company’s private customer data, which is stored on servers that are physically located in a West coast region. A VPN can connect your East coast offices to your West coast servers allowing your company to securely access your private customer data.

36
Q

What is the maximum number of virtual network rules and IP network rules allowed per storage account in Azure?

A. 200
B. 150
C. 300
D. 500

A

A. 200

Explanation:
The current maximum number of virtual networks per storage account are 200!

Reference : https://docs.microsoft.com/en-us/azure/storage/common/scalability-targets-standard-account

37
Q

A Network Security Group (NSG) has the ability to encrypt data at rest and in transit.

A. No
B. Yes

A

A. No

Explanation:
No, a Network Security Group (NSG) DOES NOT encrypt traffic.

From the Official Azure Documentation:

You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

You may read more about encryption here.

38
Q

Your Azure account contains several policies and you wish to group/organize them. Which of the following can help you achieve this?

A. Resource Groups
B. Initiatives
C. Azure Active Directory
D. Network Security Groups

A

B. Initiatives

Explanation:
From the official Azure docs:

An initiative definition is a collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions. They simplify by grouping a set of policies as one single item. For example, you could create an initiative titled Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center.

39
Q

_______________ is a workflow-based risk assessment tool that helps you track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Cloud services.

A. The Microsoft Community Forums Website
B. The Azure Arc Portal
C. The TCO Portal
D. Compliance Manager from the Service Trust Portal

A

D. Compliance Manager from the Service Trust Portal

Explanation:
Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.

There is nothing called alpha blade in Azure.

40
Q

Which of the following services meets both criteria?

1) Monitoring of traffic patterns 24 hours a day, 7 days a week, looking for indicators of attacks.

2) Detailed reports in five-minute increments during an attack, and a complete summary after the attack ends.

3) Engagement of a dedicated team for help with attack investigation and analysis.

A. Azure Policies
B. Azure Information Protection
C. A network security group (NSG)
D. DDoS Protection

A

D. DDoS Protection

Explanation:
From the Official Azure Documentation:

Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.

Azure DDoS Protection enables you to protect your Azure resources from denial of service (DoS) attacks with always-on monitoring and automatic network attack mitigation. There is no upfront commitment, and your total cost scales with your cloud deployment.

Reference: https://azure.microsoft.com/en-ca/pricing/details/ddos-protection/

41
Q

Which of the following are valid Azure purchasing options?

A. Github website
B. Azure website
C. Microsoft representative
D. Microsoft Partner

A

B. Azure website
C. Microsoft representative
D. Microsoft Partner

Explanation:
You can choose the purchasing option that works best for your organisation. Or, use any of the options simultaneously.

Reference : https://azure.microsoft.com/en-ca/pricing/purchase-options/

42
Q

Azure Service Health has the ability to configure cloud alerts to notify you about active and upcoming service issues

A. Yes
N. No

A

A. Yes

Explanation:
From the Official Azure Documentation:

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime. Configure customisable cloud alerts and use your personalised dashboard to analyse health issues, monitor the impact to your cloud resources, get guidance and support, and share details and updates.

Reference: https://docs.microsoft.com/en-us/learn/modules/intro-to-governance/7-monitoring

43
Q

ExpressRoute connections go over the public Internet, and they offer more reliability, faster speeds, and lower latencies than typical Internet connections.

A. No
B. Yes

A

A. No

Explanation:
No, it is false that ExpressRoute connections go over the public Internet. They do offer more reliability, faster speeds, and lower latencies than typical Internet connections..

From the Official Azure Documentation:

All incoming data into Azure using ExpressRoute is free of charge (as with any other inbound data

transfer to Azure).

Reference: https://azure.microsoft.com/en-us/services/expressroute/#overview

44
Q

You are the lead of a Data Science team at your organization, and your management wants to utilize cloud capabilities to modernize your work stream.

What should the company use to build, test, and deploy predictive analytics solutions?

A. Azure App Service
B. Azure Machine Learning Studio
C. Azure Logic Apps
D. Azure Batch

A

B. Azure Machine Learning Studio

Explanation:
From the official docs:

Azure Machine Learning Studio is an enterprise-grade service for the end-to-end machine learning lifecycle.

It empower data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. Innovate on a secure, trusted platform designed for responsible AI applications in machine learning.

45
Q

Azure strives to ensure a minimum distance of ______________ miles between datacenters in enabled regions, although it isn’t possible across all geographies.

A. 200
B. 300
C. 500
D. 400

A

B. 300

Explanation:
Azure strives to ensure a minimum distance of 300 miles (483 kilometers) between datacenters in enabled regions, although it isn’t possible across all geographies. Datacenter separation reduces the likelihood that natural disaster, civil unrest, power outages, or physical network outages can affect multiple regions. Isolation is subject to the constraints within a geography, such as geography size, power or network infrastructure availability, and regulations.

46
Q

Which tab of the Azure pricing calculator would you use to calculate your estimate?

A. Estimate
B. Products
C. Machines
D. Storage

A

B. Products

Explanation:
The Products tab allows us to choose certain services, and configure a solution. We then get an estimated cost for deploying our solution.

47
Q

Upon applying a Tag to a Resource Group, all Resources inside it inherit that Tag.

A. Yes
B. No

A

B. No

Explanation:
From the official documentation:

Tags applied to the resource group or subscription aren’t inherited by the resources. To apply tags from a subscription or resource group to the resources, see Azure Policies - tags.

Reference : https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources

48
Q

Which of the following is a good usage of tags?

A. Using tags for data classification
B. Using tags to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information
C. All of these
D. Making business groups aware of cloud resource consumption requires IT to understand the resources and workloads each team is using
E. To help identify the assets required to support a single workload

A

C. All of these

Explanation:
All of the above can help leverage the power of tags in one way or the other.

From the official Azure docs:

Organizing cloud-based resources is a crucial task for IT, unless you only have simple deployments. Use naming and tagging standards to organize your resources for the following reasons:

Resource management: Your IT teams need to quickly locate resources associated with specific workloads, environments, ownership groups, or other important information. Organizing resources is critical to assigning organizational roles and access permissions for resource management.

Cost management and optimization: Making business groups aware of cloud resource consumption requires IT to understand the resources and workloads each team is using.

Operations management: Visibility for the operations management team about business commitments and SLAs is an important aspect of ongoing operations. For operations to be managed well, tagging for mission criticality is required.

Security: Classification of data and security impact is a vital data point for the team, when breaches or other security issues arise. To operate securely, tagging for data classification is required.

Governance and regulatory compliance: Maintaining consistency across resources helps identify changes from agreed-upon policies. Prescriptive guidance for resource tagging demonstrates how one of the following patterns can help when deploying governance practices. Similar patterns are available to evaluate regulatory compliance using tags.

Automation: A proper organizational scheme allows you to take advantage of automation as part of resource creation, operational monitoring, and the creation of DevOps processes. It also makes resources easier for IT to manage.

Workload optimization: Tagging can help identify patterns and resolve broad issues. Tag can also help identify the assets required to support a single workload. Tagging all assets associated with each workload enables deeper analysis of your mission-critical workloads to make sound architectural decisions.
49
Q

A team in your organization wants to implement a solution involving basic Artificial Intelligence (AI), but they have basic API and programming knowledge / background to implement this solution.

As an experienced Azure Architect, which of the following would be your suggestion?

A. Azure DevOps
B. Azure Active Directory
C. Azure Machine Learning Studio
D. Azure Cognitive Services

A

D. Azure Cognitive Services

Explanation:
From the official Azure documentation:

Cognitive Services brings AI within reach of every developer and data scientist. With leading models, a variety of use cases can be unlocked. All it takes is an API call to embed the ability to see, hear, speak, search, understand, and accelerate advanced decision-making into your apps. Enable developers and data scientists of all skill levels to easily add AI capabilities to their apps.

50
Q

You can use Azure DNS to buy a domain name.

A. No
B. Yes

A

A. No

Explanation:
Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

You can’t use Azure DNS to buy a domain name. For an annual fee, you can buy a domain name by using App Service domains or a third-party domain name registrar. Your domains then can be hosted in Azure DNS for record management. For more information, see Delegate a domain to Azure DNS.

51
Q

An Azure Firewall has the ability to encrypt data at rest as well as in transit.

A. No
B. Yes

A

A. No

Explanation:
A Firewall is used to mainly filter the traffic.

From the Official Azure Documentation:

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for logging and analytics.

To learn about Azure Firewall features, see Azure Firewall features.

52
Q

Which of the following is the strongest way to protect sensitive customer data?

A. Encrypt the data both at rest and in transit
B. Dont store sensitive data at all
C. Encrypt the data in transit
D. Encrypt the data at rest

A

A. Encrypt the data both at rest and in transit

Explanation:
From the official Azure docs:

To help protect data in the cloud, you need to account for the possible states in which your data can occur, and what controls are available for that state. Best practices for Azure data security and encryption relate to the following data states:

1) At rest: This includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk.

2) In transit: When data is being transferred between components, locations, or programs, it’s in transit. Examples are transfer over the network, across a service bus (from on-premises to cloud and vice-versa, including hybrid connections such as ExpressRoute), or during an input/output process.

53
Q

You require to seamlessly connect two Virtual Networks in Azure without a lot of hassle. Which of the following services would make sense to use?

A. Virtual Network Peering
B. Virtual network Subnets
C. Virtual network connector
D. Virtual network integration service

A

A. Virtual Network Peering

Explanation:
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft’s private network only.

Azure supports the following types of peering:

Virtual network peering: Connecting virtual networks within the same Azure region.

Global virtual network peering: Connecting virtual networks across Azure regions.
54
Q

____________ is made up of one or more datacenters equipped with independent power, cooling, and networking. It is set up to be an isolation boundary. If one zone goes down, the other continues working.

A. Region
B. Availability Zone
C. Database racks
D. Scale set

A

B. Availability Zone

Explanation:

55
Q

_____________ copies your data synchronously three times within a single physical location in the primary region.

A. Worldwide Redundant Storage (WRS)
B. Locally Redundant Storage (LRS)
C. Geo Zone Redundant Storage (GZRS)
D. Zone Redundant Storage (ZRS)

A

B. Locally Redundant Storage (LRS)

Explanation:
Azure Storage always stores multiple copies of your data so that it’s protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive natural disasters. Redundancy ensures that your storage account meets its availability and durability targets even in the face of failures.

Redundancy in the primary region

Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region:

Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but isn't recommended for applications requiring high availability or durability.

Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region.
56
Q

The Azure Q/A forums is a paid service.

A. No
B. Yes

A

A. No

Explanation:
The Q/A forums is a free service offered by Azure. There is no cost associated with it.

You can get answers to common questions, and even filter by product to limit the results!

57
Q

Which of the following enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server?

A. Azure File Manager
B. Azure File Explorer
C. Azure File Sync
D. Azure File Storage

A

C. Azure File Sync

Explanation:
Azure File Sync enables centralizing your organization’s file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that’s available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

58
Q

________________ is the process of verifying a user’s credentials.

A. Federation
B. Ticketing
C. Authentication
D. Authorization

A

C. Authentication

Explanation:
Authentication is the process of establishing the identity of a person or service looking to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control use. It establishes if they are who they say they are.

Authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they’re allowed to access and what they can do with it.

59
Q

Azure Advisor provides a cloud score to assess how well-architected your workloads are AND can also provide ‘Step-by-Step’ guidance and quick actions for fast remediation.

A. yes
B. No

A

A. yes

Explanation:
From the Official Azure Documentation:

Azure Advisor helps in quick and easy optimization of your Azure deployments. Azure Advisor analyses your configurations and usage telemetry and offers personalised, actionable recommendations to help you optimise your Azure resources for reliability, security, operational excellence, performance and cost.

60
Q

A(n) ______________ lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment

A. Azure Active Direct Domain Services
B. Azure Migrate Deployment
C. Azure Active Directory External Identities
D. Azure Single Sign On

A

A. Azure Active Directory Domain Services

Explanation:
From the Official Azure Documentation:

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

An Azure AD DS managed domain lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

Azure AD DS integrates with your existing Azure AD tenant. This integration lets users sign in to services and applications connected to the managed domain using their existing credentials. You can also use existing groups and user accounts to secure access to resources. These features provide a smoother lift-and-shift of on-premises resources to Azure.

61
Q

Your streaming website experiences a burst of heavy traffic whenever you launch a new web-series, but relatively moderate traffic on other days. Which of the following would be a great benefit if you migrate your setup to Azure?

A. Low Latency

A

Azure Fundamentals (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions