Practice Test 4 (Udemy) Flashcards
An _________________ is a collection of policy definitions that are grouped together towards a specific goal or purpose in mind.
A. Azure Bundle
B. Azure Initiative
C. Azure Group
D. Azure Collection
B. Azure Initiative
Explanation:
From the Official Azure Documentation:
An Azure initiative is a collection of Azure policy definitions that are grouped together towards a specific goal or purpose in mind. Azure initiatives simplify management of your policies by grouping a set of policies together as one single item. For example, you could use the PCI-DSS built-in initiative which has all the policy definitions that are centered around meeting PCI-DSS compliance.
Similar to Azure Policy, initiatives have definitions ( a bunch of policies ) , assignments and parameters. Once you determine the definitions that you want, you would assign the initiative to a scope so that it can be applied.
Reference: Azure Policy Initiatives vs Azure Policies: When should I use one over the other? (microsoft.com)
Someone in your organization accidentally deleted an important Virtual Machine that has led to huge revenue losses. Your senior management has tasked you with investigating who was responsible for the deletion. Which Azure service can you leverage for this task?
A. Azure Event Hubs
B. Azure Arc
C. Azure Service Health
D. Azure Monitor
E. Azure Advisor
D. Azure Monitor
Explanation:
From the Official Azure Documentation:
Log Analytics is a tool in the Azure portal that’s used to edit and run log queries with data in Azure Monitor (Correct) Logs.
You might write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you might write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.
Whether you work with the results of your queries interactively or use them with other Azure Monitor features, such as log query alerts or workbooks, Log Analytics is the tool that you’ll use to write and test them.
Azure Advisor (incorrect) analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
Azure Service Health (incorrect) helps you stay informed and take action, with alerts for outages and a personalised dashboard for service issues.
Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-overview
Azure CosmosDB is an example of a ___________________ offering.
A. SaaS
B. PaaS
C. Serverless Computing
D. IaaS
B. PaaS
Explanation:
From the Official Azure Documentation:
Azure CosmosDB is an example of Platform as a Service!
Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale. Business continuity is assured with SLA-backed availability and enterprise-grade security. App development is faster and more productive thanks to turnkey multi region data distribution anywhere in the world, open source APIs and SDKs for popular languages. As a fully managed service, Azure Cosmos DB takes database administration off your hands with automatic management, updates and patching. It also handles capacity management with cost-effective serverless and automatic scaling options that respond to application needs to match capacity with demand.
Reference: https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
Which of these approaches is NOT a cost saving solutions?
A. Making use of Azure Cost Management
B. Load balancing the incoming traffic
C. Use Reserved Instances with Azure Hybrid
D. Use the correct and appropriate instance size based on current workload
B. Load balancing the incoming traffic
Explanation:
Load balancing is done to increase the overall availability of the application not to optimise costs.
Yes or No:
It is possible to have multiple Subscriptions inside a Management Group.
A. No
B. yes
B. Yes
Explanation:
From the Official Azure Documentation:
When you define your management group hierarchy, first create the root management group. Then move all existing subscriptions in the directory into the root management group. New subscriptions always go into the root management group initially. Later, you can move them to another management group.
What happens when you move a subscription to an existing management group? The subscription inherits the policies and role assignments from the management group hierarchy above it. Establish many subscriptions for your Azure workloads. Then create other subscriptions to contain Azure services that other subscriptions share.
Do you expect your Azure environment to grow? Then create management groups for production and nonproduction now, and apply appropriate policies and access controls at the management group level. As you add new subscriptions to each management group, those subscriptions inherit the appropriate controls.
Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/organize-subscriptions
Which of the following can you use to set spending thresholds?
A. Azure Policy
B. Azure Cost Management + Billing
C. Azure TCO
D. Azure Pricing Calculator
D. Azure Pricing Calculator
Explanation:
From the Official Azure Documentation:
With Azure products and services, you only pay for what you use. As you create and use Azure resources, you’re charged for the resources. Because of the deployment ease for new resources, the costs of your workloads can jump significantly without proper analysis and monitoring. You use Cost Management + Billing features to:
Conduct billing administrative tasks such as paying your bill Manage billing access to costs Download cost and usage data that was used to generate your monthly invoice Proactively apply data analysis to your costs Set spending thresholds Identify opportunities for workload changes that can optimize your spending
Reference: https://docs.microsoft.com/en-us/azure/cost-management-billing/cost-management-billing-overview
Azure DNS can manage DNS records for your Azure services, but cannot provide DNS for your external resources.
A. False
B. True
A. False
Explanation:
Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.
Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services.
DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. To learn more about pricing, see Azure DNS pricing.
Which of the following provides support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops?
A. Azure Advisor
B. Azure Migrate
C. Azure Recommendations
D. Azure Suggestions
B. Azure Migrate
Explanation:
From the Official Azure Documentation:
Azure Migrate provides all the Azure migration tools and guidance you need to plan and implement your move to the cloud—and track your progress using a central dashboard that provides intelligent insights.
Multiple scenarios
Use a comprehensive approach to migrating your application and datacenter estate. Get support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops. Migrate to destinations including Azure Virtual Machines, Azure VMware Solution, Azure App Service, and Azure SQL Database. Migrations are holistic across VMware, Hyper-V, physical server, and cloud-to-cloud migration.
When you cancel an Azure subscription, a Resource Lock can block the subscription cancellation.
A. True
B. False
B. False
Explanation:
From the Official Azure Documentation:
As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.
You can set locks that prevent either deletions or modifications. In the portal, these locks are called Delete and Read-only. In the command line, these locks are called CanNotDelete and ReadOnly. In the left navigation panel, the subscription lock feature’s name is Resource locks, while the resource group lock feature’s name is Locks.
If you have a Delete lock on a resource and attempt to delete its resource group, the feature blocks the whole delete operation. Even if the resource group or other resources in the resource group are unlocked, the deletion doesn’t happen. You never have a partial deletion.
When you cancel an Azure subscription:
A resource lock doesn't block the subscription cancellation. Azure preserves your resources by deactivating them instead of immediately deleting them. Azure only deletes your resources permanently after a waiting period.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
All resources in a VNet can communicate outbound to the internet, by default.
A. No
B. yes
B. Yes
Explanation:
From the Official Azure Documentation:
Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
All resources in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to manage your outbound connections. To learn more about outbound connections in Azure, see Outbound connections, Public IP addresses, and Load Balancer.
You have managed a Web App that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?
A. DaaS
B. SaaS
C. PaaS
D. IaaS
C. PaaS
Explanation:
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services.
When a blob is in the archive access tier, what must you do first before accessing it?
A. Add it to new resource group
B. Move it to File Storage
C. Rehydrate it
D. Modify its Policy
C. Rehydrate it
Explanation:
Is it possible for you to run BOTH Bash and Powershell based scripts from the Azure Cloud shell?
A. No
B. Yes
B. Yes
Explanation:
From the Official Azure Documentation:
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.
Select Cloud Shell.
Select Bash or PowerShell.
Reference : https://docs.microsoft.com/en-us/azure/cloud-shell/overview
______________ is a security framework that uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.
A. No Trust
B. Zero Trust
C. Less Trust
D. Least Trust
B. Zero Trust
Explanation:
From the Official Azure Documentation:
Zero Trust is a security framework that does not rely on the implicit trust afforded to interactions behind a secure network perimeter. Instead, it uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.
App developers can improve app security, minimize the impact of breaches, and ensure that their applications meet their customers’ security requirements by adopting Zero Trust principles.
_______________ service is available to transfer on-premises data to Blob storage when large datasets or network constraints make uploading data over the wire unrealistic.
A. Azure FileSync
B. Azure Data Box
C. Azure Blob Storage
D. Azure Data Factory
B. Azure Data Box
Explanation:
From the Official Azure Documentation:
Azure Blob storage is Microsoft’s object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn’t adhere to a particular data model or definition, such as text or binary data.
Blob storage is designed for:
Serving images or documents directly to a browser. Storing files for distributed access. Streaming video and audio. Writing to log files. Storing data for backup and restore, disaster recovery, and archiving. Storing data for analysis by an on-premises or Azure-hosted service.
A number of solutions exist for migrating existing data to Blob storage:
*Azure Data Box* service is available to transfer on-premises data to Blob storage when large datasets or network constraints make uploading data over the wire unrealistic. Depending on your data size, you can request Azure Data Box Disk, Azure Data Box, or Azure Data Box Heavy devices from Microsoft. You can then copy your data to those devices and ship them back to Microsoft to be uploaded into Blob storage. AzCopy is an easy-to-use command-line tool for Windows and Linux that copies data to and from Blob storage, across containers, or across storage accounts. For more information about AzCopy, see Transfer data with the AzCopy v10.
and more..
Which of the following can repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner?
A. The Azure API Management Service
B. Azure Resource Manager templates
C. Management Groups
D. Azure Templates
B. Azure Resource Manager templates
Explanation:
Azure Resource Manager Templates is correct since templates are idempotent (Same), which means you can deploy the same template many times and get the same resource types in the same state.
A(n) ________________ in Azure Monitor monitors your telemetry and captures a signal to see if the signal meets the criteria of a preset condition. If the conditions are met, an alert is triggered, which initiates the associated action group.
A. preset condition
B. preset rule
C. alert condition
D.alert rule
D.alert rule
Explanation:
Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates that there may be a problem with your infrastructure or application.
You can alert on any metric or log data source in the Azure Monitor data platform.
An alert rule monitors your telemetry and captures a signal that indicates that something is happening on a specified target. The alert rule captures the signal and checks to see if the signal meets the criteria of the condition. If the conditions are met, an alert is triggered, which initiates the associated action group and updates the state of the alert.
________________ asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.
A. Auto Region Replicas
B. Cross Region Replication
C. Auto Region Replication
D. Across Region Replication
B. Cross Region Replication
Explanation:
From the Official Azure Documentation:
To ensure customers are supported across the world, Azure maintains multiple geographies. These discrete demarcations define a disaster recovery and data residency boundary across one or multiple Azure regions.
Cross-region replication is one of several important pillars in the Azure business continuity and disaster recovery strategy. Cross-region replication builds on the synchronous replication of your applications and data that exists by using availability zones within your primary Azure region for high availability. Cross-region replication asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.
Some Azure services take advantage of cross-region replication to ensure business continuity and protect against data loss. Azure provides several storage solutions that make use of cross-region replication to ensure data availability. For example, Azure geo-redundant storage (GRS) replicates data to a secondary region automatically. This approach ensures that data is durable even if the primary region isn’t recoverable.
Each zone is made up of one or more datacentres equipped with common power, cooling, and networking.
A. True
B. False
B. False
Explanation:
Azure Availability Zones are unique physical locations within an Azure region and offer high availability to protect your applications and data from datacentre failures. Each zone is made up of one or more datacentres equipped with independent power, cooling, and networking.
You are the lead architect of your organization. One of the teams has a requirement to copy hundreds of TBs of data to Azure storage in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios.
Which of the following would be a good solution for this use case?
A. Azure Data Lake Storage
B. Azure Data Box
C. Azure Cosmos DB
D. Azure File Sync
B. Azure Data Box
Explanation:
From the Official Azure Documentation:
Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device.
Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.
Use cases -
Data Box Gateway can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale. Here are the various scenarios where Data Box Gateway can be used for data transfer.
Cloud archival - Copy hundreds of TBs of data to Azure storage using Data Box Gateway in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios. Continuous data ingestion - Continuously ingest data into the device to copy to the cloud, regardless of the data size. As the data is written to the gateway device, the device uploads the data to Azure Storage. Initial bulk transfer followed by incremental transfer - Use Data Box for the bulk transfer in an offline mode (initial seed) and Data Box Gateway for incremental transfers (ongoing feed) over the network.
