Tutorial Dojo Test 2 Flashcards
Serverless computing enables developers
to focus on building applications by eliminating infrastructure management tasks such as server patching and capacity provisioning.
to minimize the time and resources invested in infrastructure and code management
to focus on infrastructure management tasks like capacity provisioning and patching
to run applications with less effort and fewer server resources by providing easy-to-use capacity provisioning tools
The correct answer is: to focus on building applications by eliminating infrastructure management tasks such as server patching and capacity provisioning.
The other choices are incorrect because serverless computing does not focus on minimizing code management—it removes the need to manage infrastructure but developers are still responsible for writing and managing their code. It also does not encourage a focus on infrastructure tasks like patching or provisioning, as those are handled by the cloud provider. Lastly, while serverless reduces resource usage, it doesn’t work by offering provisioning tools—it works by automatically scaling resources without requiring user input.
Your company plans on migrating its application named TDojoApp1 to Azure.
TDojoApp1 has a high usage during the first and third weeks of the month and low usage during the 2nd and 4th weeks.
Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?
High availability
Fault tolerance
Elasticity
Load balancing
The correct answer is Elasticity, because it allows resources to automatically scale up or down based on demand. Since TDojoApp1 experiences high usage during specific weeks and low usage during others, elasticity ensures you’re only paying for the resources you actually need at any given time.
The other choices are incorrect because high availability ensures uptime but doesn’t manage costs based on usage. Fault tolerance helps an application continue running during failures, but it’s not related to usage-based scaling. Load balancing distributes traffic across multiple resources for performance and reliability, but it doesn’t scale resources up or down based on demand.
You have several hundreds of servers in a single Azure region.
You need to recommend an Azure service that will automatically deploy the same set of servers to another region.
What Azure service should you use?
Azure availability set
Azure scale set
Azure Policy
Azure Resource Manager Templates
The correct answer is Azure Resource Manager Templates, because they allow you to define your infrastructure as code and deploy identical environments—including hundreds of servers—across multiple regions automatically and consistently.
The other options are incorrect because Azure availability sets are used for high availability within a single datacenter, not for cross-region deployment. Azure scale sets help you manage and auto-scale identical VMs, but they’re region-specific. Azure Policy helps enforce compliance rules, not deploy infrastructure.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Azure Advisor improves the security of your Microsoft Entra ID environment by calculating user risk levels, providing custom recommendations, and highlighting vulnerabilities.
Your secure score in Microsoft Defender for Cloud will increase if you remediate all of the security recommendations provided by Azure Advisor.
Azure Advisor provides a list of Azure virtual machines that are backed up by the Azure Backup service.
The first statement is No, because Azure Advisor does not evaluate Microsoft Entra ID risk levels or provide identity-specific recommendations. Those tasks are handled by Microsoft Entra ID Protection.
The second statement is Yes, because remediating security recommendations that come from Azure Advisor and align with Microsoft Defender for Cloud best practices can contribute to increasing your secure score.
The third statement is No, because Azure Advisor does not track or display which virtual machines are backed up. That information is managed through Azure Backup and the Recovery Services Vault.
You are migrating all of the data from your on-premises data center to Azure. You have to ensure that your Azure environment adheres to the regional compliance requirements of the company.
What service should you use?
Azure Advisor
Microsoft Entra ID
Service Trust Portal
Azure Marketplace
The correct answer is Service Trust Portal, because it provides access to various compliance resources, audit reports, and regional regulatory information that help you ensure your Azure environment meets specific compliance requirements.
The other answers are incorrect because Azure Advisor gives performance, cost, and security recommendations but doesn’t handle compliance. Microsoft Entra ID is used for identity and access management, not compliance tracking. Azure Marketplace is a catalog of third-party apps and services, not a tool for managing or checking compliance.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
All Azure customers have access to an Azure service in private preview
Only a subset of Azure customers has access to an Azure service in general availability
All Azure customers have access to an Azure service in public preview
All Azure customers have access to an Azure service in private preview: No. Private preview features are available only to selected customers who are part of a limited program and typically under NDA.
Only a subset of Azure customers has access to an Azure service in general availability: No. When a service reaches general availability (GA), it is fully supported and open to all Azure customers.
All Azure customers have access to an Azure service in public preview: Yes. Public previews are open for all customers to test and provide feedback before a service reaches GA.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Data transfer to Azure is free.
Data transfer between Azure regions is free.
Data transfer within the same Availability Zone is free
Data transfer to Azure is free: Yes. Inbound data transfers (data going into Azure) are generally free across all regions.
Data transfer between Azure regions is free: No. Transferring data between different Azure regions incurs a cost, even if the regions are within the same geographic area.
Data transfer within the same Availability Zone is free: Yes. Data transferred within the same Availability Zone, such as between virtual machines in the same zone, is typically free of charge.
A company has multiple virtual machines in a virtual machine scale set named TDScale1 in its Azure environment. You need to recommend a solution that will evenly distribute Internet traffic to your virtual machines.
What Azure service should you use to satisfy this requirement?
Azure Front Door
Azure Traffic Manager
Private Load Balancer
Public Load Balancer
The correct answer is Public Load Balancer, because it distributes inbound Internet traffic evenly across virtual machines in a scale set, providing high availability and performance for your applications.
The other answers are incorrect because Azure Front Door works at the application layer and is best for global routing and web application acceleration, not simple traffic distribution to VMs. Azure Traffic Manager uses DNS-based routing, which directs clients to endpoints but does not directly balance traffic across VMs. Private Load Balancer only handles internal traffic, not traffic from the Internet.
Which Azure service is designed for the offline transfer of large volumes of data to Azure storage services by shipping physical devices?
Azure File Sync
AzCopy
Azure Data Box
Azure Storage Explorer
The correct answer is Azure Data Box, as it is designed specifically for the offline transfer of large volumes of data to Azure storage services. It involves shipping physical devices to the data center, allowing you to load your data onto the device and then ship it to Azure for upload.
The other options are incorrect because Azure File Sync is used for syncing files between on-premises servers and Azure File shares. AzCopy is a command-line tool for transferring data to and from Azure Storage over the network, not physically. Azure Storage Explorer is a desktop application for managing Azure Storage resources, but it doesn’t support offline data transfer.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Azure services in general availability are subject to Microsoft’s Service Level Agreement (SLA).
An Azure service in private preview has no formal support.
An Azure service in public preview is subject to a Service Level Agreement (SLA).
The first statement is Yes. Azure services in general availability are indeed subject to Microsoft’s Service Level Agreement (SLA), which provides commitments for service uptime and reliability.
The second statement is Yes. An Azure service in private preview typically has no formal support, as these services are being tested and may not be fully developed or feature-complete.
The third statement is No. An Azure service in public preview is not typically subject to a formal Service Level Agreement (SLA). While public preview services are available for use, they might not yet offer the same level of service guarantees as those in general availability.
Your company is planning to migrate some of its servers to Azure. You need to recommend a solution wherein users can work remotely by having a secure connection to your Azure virtual machines.
What should you include in the recommendation?
ExpressRoute
Site-to-Site VPN Connection
Point-to-Site VPN Connection
Traffic Manager
The correct answer is Point-to-Site VPN Connection. This solution enables users to establish a secure connection from their remote devices directly to your Azure virtual machines, allowing them to work remotely.
The other options are incorrect for the following reasons:
- ExpressRoute provides a private, dedicated connection to Azure from your on-premises network, but it’s typically used for larger, site-to-site connectivity and not for remote individual users.
- Site-to-Site VPN Connection is used for securely connecting entire on-premises networks to Azure, not individual remote users.
- Traffic Manager is used for managing the distribution of incoming traffic across multiple locations or services, but it does not provide a secure VPN connection.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
When you assign a tag to a resource group, the resources within that group will inherit the tag.
A resource group’s permission will be inherited by the resources inside it.
A resource group is a container that holds related resources for an Azure solution.
The first statement is No. When you assign a tag to a resource group, the resources within that group do not automatically inherit the tag. Tags need to be applied individually to each resource, even if they belong to the same resource group.
The second statement is Yes. A resource group’s permissions will indeed be inherited by the resources within it. If permissions are granted at the resource group level, the resources within that group will follow those permissions unless overridden.
The third statement is Yes. A resource group is a container that holds related resources for an Azure solution. It helps in organizing and managing resources such as virtual machines, databases, and storage accounts within a common boundary.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Azure network security groups can encrypt all the network traffic between your Azure resources and on-premises network via the public Internet.
Azure Firewall uses Internet Protocol Security (IPsec) to encrypt all the network traffic between your Azure resources and on-premises network via the public Internet.
You can set up a Point-to-Site VPN connection that uses Internet Protocol Security (IPsec) to connect to your Azure virtual network using your home computer via the public Internet.
The first statement is No. Azure Network Security Groups (NSGs) do not provide encryption for network traffic. They are used to filter network traffic to and from Azure resources by controlling inbound and outbound traffic based on rules, but they do not encrypt traffic.
The second statement is No. Azure Firewall does not use IPsec to encrypt traffic between Azure resources and on-premises networks. Azure Firewall is a managed, cloud-based network security service that provides filtering, monitoring, and threat protection. For encryption, Azure uses other services like VPN Gateway with IPsec.
The third statement is Yes. You can set up a Point-to-Site VPN connection using IPsec to securely connect your home computer to your Azure virtual network via the public Internet. This provides encrypted communication between your local computer and Azure.
Your company stores its media assets in a storage account located in the Singapore region.
You need to recommend a solution to ensure that if the Singapore region fails, the data can still be accessed. The solution should also be cost-effective.
Solution: Configure your storage account to use Geo-zone-redundant storage (GZRS) option.
Does this meet the goal?
Yes
No
The correct answer is No.
Geo-zone-redundant storage (GZRS) replicates data within multiple availability zones in the same region, not across regions. If the Singapore region fails, GZRS will not provide access to the data because it does not replicate to another region. For your requirement, to ensure the data can still be accessed if the Singapore region fails, you would need to use Geo-redundant storage (GRS) or Geo-zone-redundant storage (GZRS) with paired regions. GRS or GZRS with paired regions replicates data to a secondary region, ensuring data is accessible even if the primary region becomes unavailable.
Your company stores its media assets in a storage account located in the Singapore region.
You need to recommend a solution to ensure that if the Singapore region fails, the data can still be accessed. The solution should also be cost-effective.
Solution: Configure your storage account to use zone-redundant storage (ZRS) option.
Does this meet the goal?
Yes
No
The correct answer is No.
Zone-redundant storage (ZRS) replicates data within multiple availability zones in the same region. However, if the Singapore region fails, ZRS would not provide access to the data because it is limited to the same region. To meet the requirement of ensuring data is still accessible if the Singapore region fails, you should use Geo-redundant storage (GRS) or Geo-zone-redundant storage (GZRS). These options replicate data across regions, ensuring that if a region fails, the data can still be accessed from a paired region.
Which of the following is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure?
Azure Logic Apps
Azure Virtual Machines
Azure Functions
Azure Container Instances
The correct answer is Azure Functions.
Azure Functions is a serverless compute service that allows you to run event-driven code without the need to explicitly manage infrastructure. You can focus on writing the code for your event or trigger, and Azure automatically scales the resources needed to execute that code based on demand.
The other options are incorrect because:
- Azure Logic Apps is a service for building workflows and automating tasks, not for running serverless code.
- Azure Virtual Machines requires provisioning and managing infrastructure, so it’s not serverless.
- Azure Container Instances provides a way to run containers but requires some level of management, unlike serverless computing where infrastructure management is abstracted.
You need to configure a network security group in your Azure subscription that restricts Remote Desktop Protocol access to your virtual machines.
Which resources can be attached to your network security group? (Select TWO.)
DNS servers
Network interface
Route Table
Subnet
Virtual Network
The correct answers are Network interface and Subnet.
A Network security group (NSG) in Azure can be associated with either a network interface or a subnet to control inbound and outbound traffic to and from virtual machines (VMs).
- Network interface: You can attach an NSG to a network interface (NIC) to control traffic for a specific VM. This allows for granular control over network traffic to individual VMs.
- Subnet: You can also attach an NSG to a subnet, which controls traffic for all VMs within that subnet, making it easier to manage security at a larger scale.
The other options are incorrect because:
- DNS servers: NSGs are not attached to DNS servers. DNS servers are used for name resolution, not for controlling network traffic.
- Route Table: NSGs are not associated with route tables. Route tables are used for directing traffic to different destinations, but NSGs control access based on IP addresses, ports, and protocols.
- Virtual Network: While an NSG can be associated with a subnet within a virtual network, it is not directly attached to the entire virtual network itself.
Match each Azure network service to its corresponding description.
It is a logical isolation of the Azure cloud dedicated to your subscription.
Connects your on-premises network to Azure virtual network.
Filter network traffic to and from Azure resources in an Azure virtual network.
Distribute traffic to your web applications.
Azure VPN Gateway
Azure Network Security Group
Azure Virtual Network (VNet)
Azure Application Gateway
Here are the correct matches for each Azure network service:
- Azure Virtual Network (VNet): It is a logical isolation of the Azure cloud dedicated to your subscription. A VNet allows you to create a private network within Azure and is the fundamental building block for your private network in Azure.
- Azure VPN Gateway: Connects your on-premises network to Azure virtual network. The Azure VPN Gateway is used to establish secure, encrypted connections between your on-premises environment and Azure over the public internet.
- Azure Network Security Group: Filter network traffic to and from Azure resources in an Azure virtual network. NSGs allow you to define rules to control both inbound and outbound traffic at the subnet or network interface level.
- Azure Application Gateway: Distribute traffic to your web applications. The Azure Application Gateway is a load balancer that manages and distributes traffic to web applications in a highly available and scalable way.
Which of the following allows you to group virtual machines that are hosted in the same virtual network and define network security policies based on those groups without manual maintenance of explicit IP addresses?
Azure virtual network TAP (Terminal Access Point)
Azure Firewall
Network Security Groups
Application Security Groups
The correct answer is Application Security Groups.
Application Security Groups allow you to group virtual machines hosted within the same virtual network and define network security policies based on those groups. They help manage security policies more effectively by eliminating the need to manually maintain explicit IP addresses. Instead, you can define rules based on the application or role of the VM, simplifying network security management.
Why the other answers are incorrect:
- Azure virtual network TAP (Terminal Access Point): This is used for capturing and monitoring network traffic, not for grouping VMs or managing security policies.
- Azure Firewall: This is a centralized network security service used to control and filter traffic across a network, but it doesn’t group VMs or provide role-based security policies.
- Network Security Groups (NSGs): While NSGs are used to control inbound and outbound traffic to Azure resources, they are typically defined at the network interface or subnet level, not based on application-specific groupings of VMs.
You have an Azure subscription that contains multiple virtual machines.
You have been tasked with connecting your virtual network containing the virtual machines to your on-premises data center. Traffic must not pass through the public internet.
Solution: Create an ExpressRoute circuit.
Yes
No
Yes, creating an ExpressRoute circuit meets the goal.
Why it’s correct: ExpressRoute is designed to establish a private, dedicated connection between your on-premises data center and Azure. This connection does not pass through the public internet, which aligns with the requirement for private traffic routing between your on-premises network and Azure.
Why the other options might be incorrect:
- A VPN or other public internet-based solutions would not meet the requirement of avoiding the public internet, as they rely on the internet for connectivity.
Match the Azure services to the correct description.
Serverless compute option that doesn’t require maintaining virtual machines or containers.
Microservice architecture.
Allows you to build and host web apps without managing infrastructure.
Total control over the operating system.
Azure Functions
Azure App Service
Azure Container Instances
Azure VM’s
Azure Functions: Serverless compute option that doesn’t require maintaining virtual machines or containers.
Azure Container Instances: Microservice architecture.
Azure App Service: Allows you to build and host web apps without managing infrastructure.
Azure VMs: Total control over the operating system.
Azure Blob storage allows you to ____
store unstructured data such as logs, images and video files.
create a file share that can be mounted to on-premises machines
store non-relational structured data is
implement asynchronous message queueing for communication between application components
Azure Blob storage allows you to store unstructured data such as logs, images, and video files.
The other options are incorrect because:
- Creating a file share that can be mounted to on-premises machines is done using Azure Files, not Blob storage.
- Storing non-relational structured data is handled by Azure Table storage, not Blob storage.
- Implementing asynchronous message queuing is done with Azure Queue storage, not Blob storage.
You have an Azure subscription that contains multiple virtual machines.
You have been tasked with connecting your virtual network containing the virtual machines to your on-premises data center. Traffic must not pass through the public internet.
Solution: Create a site-to-Site VPN gateway connection.
No
Yes
The correct answer is No.
A Site-to-Site VPN connection will route traffic over the public internet, which does not meet the requirement of ensuring that traffic does not pass through the public internet.
To meet the requirement of avoiding the public internet, you should use ExpressRoute, which establishes a private, dedicated connection between your on-premises data center and Azure, ensuring that traffic does not traverse the public internet.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Multiple resource groups in an Azure subscription will incur additional costs.
Data outbound from Azure to an on-premises network over a VPN connection is free.
Data inbound to Azure from an on-premises network over ExpressRoute will be charged at standard data transfer rates.
The statement that says: Multiple resource groups in an Azure subscription will incur additional costs is incorrect because resource groups are free, but the resources within it will have their corresponding costs.
The statement that says: Data inbound to Azure from an on-premises network over ExpressRoute will be charged at standard data transfer rates is incorrect because all bandwidth inbound to Azure is always free.
The statement that says: Data outbound from Azure to an on-premises network over a VPN connection is free is incorrect because bandwidth going out of Azure will be charged at standard data transfer rates other than those explicitly covered by the Content Delivery Network or ExpressRoute pricing.
