Review Mode Set 1 (Dojo) Flashcards
A news agency company plans to migrate its WordPress application to Azure. As a Support Engineer of the company, you have to suggest a service that can monitor your application, automatically detect performance anomalies, diagnose issues, and understand user behavior.
Which Azure service can do this?
A. Azure Application Gateway
B. Azure Application Insights
C. Azure App Service
D. Microsoft Entra Connect
B. Azure Application Insights
Explanation:
Application Insights is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies and includes powerful analytics tools to help you diagnose issues and understand what users actually do with your app.
It’s designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms, including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.
Application Insights is used by installing a small instrumentation package (SDK) in your application or enabling Application Insights using the Application Insights Agent. The instrumentation monitors your app and directs the telemetry data to an Azure Application Insights Resource using a unique GUID that we refer to as an Instrumentation Key.
You can instrument not only the web service application but also any background components and the JavaScript in the web pages themselves. The application and its components can run anywhere – it doesn’t have to be hosted in Azure.
Hence, the correct answer is: Azure Application Insights.
Azure Application Gateway is incorrect because this service is simply a web traffic load balancer that enables you to manage traffic to your web applications, which can be used as an internal application load balancer or as an internet-facing application load balancer. However, this can’t be used to monitor user behavior in your application.
Azure App Service is incorrect because this service just enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It is not capable of collecting application performance anomalies.
Microsoft Entra Connect is incorrect because this is a Microsoft tool designed to meet and accomplish your hybrid identity goals for Active Directory. You cannot use this to diagnose issues with your application.
Your organization has multiple virtual machines in your Azure subscriptions.
You need to be able to monitor the CPU and memory usage of your virtual machines and run log queries when needed.
Which two Azure services/features should you use? (Select TWO.)
Each correct answer presents part of the solution.
A. Azure Monitor
B. Azure Resource Manager templates
C. Microsoft Cost Management
D. Azure Blueprints
E. Azure Service Health
F. Log Analytics
A. Azure Monitor
F. Log Analytics
Explanation:
Azure Monitor is a service in Azure that provides performance and availability monitoring for applications and services in Azure, other cloud environments, or on-premises. Azure Monitor collects data from multiple sources into a common data platform where it can be analyzed for trends and anomalies. Rich features in Azure Monitor assist you in quickly identifying and responding to critical situations that may affect your application.
Azure Monitor starts automatically collecting metric data for your virtual machine host when you create the VM. The Metrics tab for a virtual machine lets you view CPU and memory metrics, adjusting the time period and zooming in on periods of interest. The VM metrics are based on CPU and memory usage data collected from the VM’s guest operating system. Resource usage is sampled once per minute.
Log Analytics is a tool in the Azure portal to edit and run log queries from data collected by Azure Monitor logs and interactively analyze their results. You can use Log Analytics queries to retrieve records that match particular criteria, identify trends, analyze patterns, and provide various insights into your data.
Hence, the correct answers are:
– Azure Monitor
– Log Analytics
Azure Resource Management templates is incorrect because this simply allows you to implement infrastructure as code for your Azure solutions. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project.
Microsoft Cost Management is incorrect because this is just a suite of tools that help organizations monitor, allocate, and optimize the cost of their Microsoft Cloud workloads.
Azure Service Health is incorrect because this is used to help customers to stay informed and take action, with alerts for outages and a personalized dashboard for service issues.
Azure Blueprints is incorrect because it is used by development teams to rapidly build and start up new environments with the trust they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery.
Which cloud computing term represents the ability of a system to recover from failures and continue to function?
A. Reliability
B. Scalability
C. High availability
D. Agility
A. Reliability
Explanation:
A reliable workload is one that is both resilient and available. Resiliency is the ability of the system to recover from failures and continue to function. The goal of resiliency is to return the application to a fully functioning state after a failure occurs. Availability is whether your users can access your workload when they need to.
The cloud, by virtue of its decentralized design, naturally supports a reliable and resilient infrastructure. With a decentralized design, the cloud enables you to have resources deployed in regions around the world. With this global scale, even if one region has a catastrophic event, other regions are still up and running. You can design your applications to automatically take advantage of this increased reliability.
Building a reliable application in the cloud is different from traditional application development. Historically, you may have purchased levels of redundant higher-end hardware to minimize the chance of an entire application platform failing.
In the cloud, we acknowledge that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component.
Therefore, the correct answer is: Reliability.
High availability is incorrect because this simply refers to a set of technologies that minimize IT disruptions by providing business continuity of IT services through redundant, fault-tolerant, or failover-protected components inside the same data center.
Scalability is incorrect because this only refers to the ability to adjust resources to meet demand. If you suddenly experience peak traffic and your systems are overwhelmed, the ability to scale means you can add more resources to better handle the increased demand.
Agility is incorrect because this just refers to the ability to react quickly. Cloud services can allocate and deallocate resources quickly. They are provided on-demand via self-service, so vast amounts of computing resources can be provisioned in minutes. There is no manual intervention in provisioning or de-provisioning services.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Purchase a reserved capacity.
Does the solution meet the goal?
Yes No
No
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
A reserved capacity is different from a reserved instance. A reserved capacity is mainly used for Azure database services such as Azure SQL Database, Azure Cosmos DB, Azure Synapse Analytics, and Azure Cache for Redis. Also, the scenario stated that the company will migrate to a new instance and not to a reserved capacity.
By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same, and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: No.
What service provides security tokens that you can use for the authentication flow of your cloud-based applications?
A. Microsoft Entra ID
B. Azure Storage account
C. Microsoft Defender for Cloud
D. Azure Key Vault
A. Microsoft Entra ID
Explanation:
Microsoft Entra ID is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources in:
– External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications.
– Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.
Microsoft Online business services, such as Office 365 or Microsoft Azure, require Microsoft Entra for sign-in and to help with identity protection. If you subscribe to any Microsoft Online business service, you automatically get Microsoft Entra with access to all the free features.
A centralized identity provider is especially useful for apps that have users located around the globe that don’t necessarily sign in from the enterprise’s network. Microsoft identity platform authenticates users and provides security tokens, such as access token, refresh token, and ID token, that allow a client application to access protected resources on a resource server.
An access token is a security token that is issued by an authorization server as part of an OAuth 2.0 flow. It contains information about the user and the app for which the token is intended, which can be used to access web APIs and other protected resources.
Access tokens are only valid for a short period of time, so authorization servers will sometimes issue a refresh token at the same time the access token is issued. The client application can then exchange this refresh token for a new access token when needed.
Hence, the correct answer is: Microsoft Entra ID.
Azure Storage account is incorrect because this is just a durable, highly available, massively scalable cloud storage solution in Azure.
Microsoft Defender for Cloud is incorrect because this is simply a unified infrastructure security management system that strengthens the security posture of your data centers and provides advanced threat protection across your hybrid workloads in the cloud.
Azure Key Vault is incorrect because this is a service that enables Azure subscribers to safeguard and control cryptographic keys and other secrets used by cloud apps and services.
A company issues MacBooks, Windows laptops, and other types of workstations to its cloud engineers. Which Azure management tools can be used for the following operating systems?
Select the correct answer from the drop-down list of options. Each correct selection is worth one point.
MacOS
(Azure Portal, Azure CLI, and Azure PowerShell)
Linux
(Azure Portal, Azure CLI, and Azure PowerShell)
Windows
(Azure Portal, Azure CLI, and Azure PowerShell)
What service enables you to correlate trace events from multiple Azure VMs and other resources into a centralized repository?
A. Azure Repos
B. Azure Event Hubs
C. Azure Resource Manager
D. Azure Monitor
D. Azure Monitor
Explanation:
Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It works for apps on a wide variety of platforms including .NET, Node.js, Java, and Python hosted on-premises, hybrid, or any public cloud.
Application Insights is aimed at the development team, to help you understand how your app is performing and how it’s being used. It monitors:
– Request rates, response times, and failure rates – Find out which pages are most popular, at what times of day, and where your users are. See which pages perform best. If your response times and failure rates go high when there are more requests, then perhaps you have a resourcing problem.
– Dependency rates, response times, and failure rates – Find out whether external services are slowing you down.
– Exceptions – Analyze the aggregated statistics, or pick specific instances and drill into the stack trace and related requests. Both server and browser exceptions are reported.
– Pageviews and load performance – reported by your users’ browsers.
AJAX calls from web pages – rates, response times, and failure rates.
– User and session count.
– Performance counters from your Windows or Linux server machines, such as CPU, memory, and network usage.
– Host diagnostics from Docker or Azure.
– Diagnostic trace logs from your app – so that you can correlate trace events with requests.
– Custom events and metrics that you write yourself in the client or server code, to track business events such as items sold or games won.
You install a small instrumentation package (SDK) in your application or enable Application Insights using the Application Insights Agent when supported. The instrumentation monitors your app and directs the telemetry data to an Azure Application Insights Resource using a unique GUID that we refer to as an Instrumentation Key.
Hence, the correct answer is Azure Monitor.
Azure Event Hubs is incorrect because this is just a big data streaming platform and event ingestion service. It’s not suitable to be used to correlate trace events from multiple Azure VMs.
Azure Repos is incorrect because this is simply a set of version control tools that you can use to manage your code.
Azure Resource Manager is incorrect because this is only a deployment and management service that enables you to create, update, and delete resources in your Azure account. This service is not suitable for monitoring and correlating trace events from various VMs and resources.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Purchase a reserved instance.
Does the solution meet the goal?
No Yes
Yes
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: Yes.
In the Azure Shared Responsibility Model, whose responsibility is it to maintain the application in an Azure virtual machine?
Customer Both Azure and the customer Azure Neither Azure nor the customer
Customer
Explanation:
As you consider and evaluate public cloud services, it’s critical to understand the shared responsibility model and which security tasks are handled by the cloud provider, and which tasks are handled by you. The workload responsibilities vary depending on whether the workload is hosted on Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), or in an on-premises datacenter
In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.
Azure Virtual Machines are image service instances Azure IaaS uses to deploy persistent VMs with nearly any server workload that you want.
Infrastructure as a service (IaaS) is the most flexible category of cloud services, as it provides you with the maximum amount of control for your cloud resources. In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security.
You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on. With IaaS, you’re essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you.
IaaS places the largest share of responsibility with you. The cloud provider is responsible for maintaining the physical infrastructure and its access to the internet. You’re responsible for installation and configuration, patching and updates, and security.
Hence, the correct answer is Customer.
Customer and Both Azure and the customer is incorrect because under the shared responsibility model for infrastructure as a service offering, the customer is responsible for maintaining the application.
Neither Azure nor the customer is incorrect as this task falls under the responsibilities of the customer.
Which Azure feature enables organizations to manage the access, policies, and compliance of their resources in Azure across multiple subscriptions.
A. Management Groups
B. Resource Groups
C. Azure Support Plans
D. Azure Policies
A. Management Groups
Explanation:
If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group.
For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. This policy would be applied to all management groups, subscriptions, and resources under that management group by only allowing VMs to be created in that region.
Hence, the correct answer is: Management Groups.
Resource groups is incorrect because this simply does not enable organizations to manage the access, policies, and compliance of their Azure resources across multiple subscriptions. A resource group is just a container that holds related resources for an Azure solution.
Azure Support Plans is incorrect because these are just the available support options in Azure that you can choose from to meet your business needs. A support plan doesn’t enable you to manage the policies or the compliance of your Azure resources across multiple subscriptions.
Azure Policies is incorrect. The primary function of an Azure Policy is to evaluate all resources within a specific subscription only and not across multiple subscriptions. Azure Policy doesn’t restrict actions or manage any resource access.
You have a storage account and a virtual network in your Azure subscription.
You must ensure that the data between the storage account and the virtual network must pass through the Azure backbone network.
What should you use?
A. VNet peering
B. Service endpoint
C. VPN gateway
D. ExpressRoute
B. Service endpoint
Explanation:
Virtual Network (VNet) service endpoint provides secure and direct connectivity to Azure services over an optimized route over the Azure backbone network. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Service Endpoints enable private IP addresses in the VNet to reach the endpoint of an Azure service without needing a public IP address on the VNet.
Any routes in your virtual network that force internet traffic to your on-premises and/or virtual appliances also force Azure service traffic to take the same route as the internet traffic. Service endpoints provide optimal routing for Azure traffic.
Endpoints always take service traffic directly from your virtual network to the service on the Microsoft Azure backbone network. Keeping traffic on the Azure backbone network allows you to continue auditing and monitoring outbound Internet traffic from your virtual networks, through forced tunneling, without impacting service traffic.
Hence, the correct answer is: Service endpoint.
VNet peering is incorrect because it only enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. This won’t force your traffic to use the Azure backbone network.
VPN Gateway is incorrect because this is used to send encrypted traffic between an Azure virtual network and on-premises locations over the public Internet.
ExpressRoute is incorrect because this only allows you to extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
A company wants to migrate to the cloud. The requirement is to have a VPN connection to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
What is the most suitable type of VPN connection that you should use?
A. Site-to-Site VPN Connection
B. VNet peering connection
C. Point-to-Site VPN connection
D. ExpressRoute Connection
A. Site-to-Site VPN Connection
Explanation:
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.
A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. Virtual network gateway VMs contain routing tables and run specific gateway services. These VMs are created when you create a virtual network gateway.
There are various configurations available for your VPN gateway connections. You have to determine which configuration meets your requirements. You can set up a Site-to-Site, Multi-Site, Point-to-Site, VNet-to-VNet, and other VPN gateway connections.
Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.
Hence, the correct answer is: Site-to-Site VPN Connection.
Point-to-Site (P2S) VPN gateway connection is incorrect because this only allows you to create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client’s computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a VNet.
VNet peering connection is incorrect because this connection type simply provides a low-latency, high-bandwidth connection between resources in different Azure virtual networks. This is not suitable for connecting your on-premises network to an Azure virtual network.
ExpressRoute connection is incorrect because it is not a VPN connection in the first place. It also doesn’t connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. Using ExpressRoute, the connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a co-location facility. ExpressRoute connections do not go over the public Internet, unlike an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.
Solution: Launch a new Azure Spot Virtual Machine
Does the solution meet the goal?
No Yes
No
Explanation:
Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.
Spot virtual machines are unused compute capacity at deep discounts. If your workload can tolerate interruptions and its execution time is flexible, then using spot VMs can significantly reduce the cost of running your workload in Azure. Take note that it’s stated in the scenario that “the application is processing mission-critical workloads.” This means that the application instance must be uninterruptible.
By purchasing a reserved instance, you can significantly reduce costs by up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same, and you don’t pay any extra fees when you choose to pay monthly.
Hence, the correct answer is: No.
Which service analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability, and security of your Azure resources?
A. Compliance Manager
B. Azure Information Protection
C. Azure Advisor
D. Azure Resource Manager
C. Azure Advisor
Which service enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements?
Compliance Manager Azure Blueprints Azure Monitor Azure Advisor
Azure Blueprints
Explanation:
Azure Blueprints makes it possible for development teams to rapidly build and launch new environments with the reliability that they’re building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery. Just as a blueprint allows an engineer or an architect to sketch a project’s design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as:
– Role Assignments
– Policy Assignments
– Azure Resource Manager templates (ARM templates)
– Resource Groups
The Azure Blueprints service is backed by the globally distributed Azure Cosmos DB. Blueprint objects are replicated to multiple Azure regions. This replication provides low latency, high availability, and consistent access to your blueprint objects, regardless of which region Azure Blueprints deploy your resources to.
Hence, the correct answer is: Azure Blueprints.
Compliance Manager is incorrect because this service doesn’t define a repeatable set of Azure resources. It is simply a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services.
Azure Monitor is incorrect because this service is primarily used to maximize the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Azure Advisor is incorrect because this is a service that analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
