Dumps Flashcards

Question 1

Q

Your company intends to subscribe to an Azure support plan.The support plan must allow for new support requests to be opened.Which of the following are support plans that will allow this? Answer by dragging the correct option from the list to the answer area.Select and Place: Basic, DEVELOPER, STANDARD, PROFESSIONAL DIRECT

Answer

A

Professional Direct, Standard, and Developer only. (Premier?)

Question 2

Q

Your company has datacenters in Los Angeles and New York. The company has a Microsoft Azure subscription.You are configuring the two datacenters as geo-clustered sites for site resiliency.You need to recommend an Azure storage redundancy option.You have the following data storage requirements:
✑ Data must be stored on multiple nodes.
✑ Data must be stored on nodes in separate geographic locations.
✑ Data can be read from the secondary location as well as from the primary location. Which of the following Azure stored redundancy options should you recommend?

A. Geo-redundant storage
B. Read-only geo-redundant storage
C. Zone-redundant storage
D. Locally redundant storage

Answer

A

Read-only geo-redundant storage

Question 3

Q

Your company’s Azure subscription includes a Basic support plan.They would like to request an assessment of an Azure environment’s design from Microsoft. This is, however, not supported by the existing plan.You want to make sure that the company subscribes to a support plan that allows this functionality, while keeping expenses to a minimum.Solution: You recommend that the company subscribes to the Professional Direct support plan.Does the solution meet the goal?

Answer

A

No (Premier is)

Question 4

Q

You are tasked with deploying Azure virtual machines for your company.You need to make use of the appropriate cloud deployment solution.Solution: You should make use of Software as a Service (SaaS).Does the solution meet the goal?

Answer

A

No (Virtual Machines is IaaS)

Question 5

Q

You are tasked with deploying Azure virtual machines for your company.You need to make use of the appropriate cloud deployment solution.Solution: You should make use of Platform as a Service (PaaS).Does the solution meet the goal?

Answer

A

No (Virtual Machines is IaaS)

Question 6

Q

You are tasked with deploying Azure virtual machines for your company.You need to make use of the appropriate cloud deployment solution.Solution: You should make use of Infrastructure as a Service (IaaS).Does the solution meet the goal?

Question 7

Q

Your developers have created 10 web applications that must be host on Azure.
You need to determine which Azure web tier plan to host the web apps. The web tier plan must meet the following requirements:
✑ The web apps will use custom domains.
✑ The web apps each require 10 GB of storage.
✑ The web apps must each run in dedicated compute instances.
✑ Load balancing between instances must be included.
✑ Costs must be minimized.
Which web tier plan should you use?

Question 8

Q

You are planning to migrate a company to Azure. Each of the company’s numerous divisions will have an administrator in place to manage the Azure resources used by their respective division.
You want to make sure that the Azure deployment you employ allows for Azure to be segmented for the divisions, while keeping administrative effort to a minimum.
Solution: You plan to make use of several Azure Active Directory (Azure AD) directories.
Does the solution meet the goal?

Answer

A

No (it either needs only one aad, or arm can be used)

Question 9

Q

Your developers have created a portal web app for users in the Miami branch office. The web app will be publicly accessible and used by the Miami users to retrieve customer and product information. The web app is currently running in an on-premises test environment.
You plan to host the web app on Azure.
You need to determine which Azure web tier plan to host the web app. The web tier plan must meet the following requirements:
✑ The website will use the miami.weyland.com URL.
✑ The website will be deployed to two instances.
✑ SSL support must be included.
✑ The website requires 12 GB of storage.
✑ Costs must be minimized.
Which web tier plan should you use?

Question 10

Q

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center.
You are required make sure that the intended Azure solution uses the correct expenditure model.
Solution: You should recommend the use of the elastic expenditure model.
Does the solution meet the goal?

Answer

A

No (the operational expenditure model)

Question 11

Q

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center.
You are required make sure that the intended Azure solution uses the correct expenditure model.
Solution: You should recommend the use of the scalable expenditure model.
Does the solution meet the goal?

Answer

A

No (the operational expenditure model)

Question 12

Q

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center.
You are required make sure that the intended Azure solution uses the correct expenditure model.
Solution: You should recommend the use of the operational expenditure model.
Does the solution meet the goal?

Question 13

Q

You are required to deploy an Artificial Intelligence (AI) solution in Azure.
You want to make sure that you are able to build, test, and deploy predictive analytics for the solution.
Solution: You should make use of Azure Cosmos DB.
Does the solution meet the goal?

Answer

A

No (Azure Machine Learning Studio)

Question 14

Q

Your company’s Active Directory forest includes thousands of user accounts.
You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired.
You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed.
Solution: You plan to sync all the Active Directory user accounts to Azure Active Directory (Azure AD).
Does the solution meet the goal?

Question 15

Q

You are required to deploy an Artificial Intelligence (AI) solution in Azure.
You want to make sure that you are able to build, test, and deploy predictive analytics for the solution.
Solution: You should make use of Azure Machine Learning Studio.
Does the solution meet the goal?

Question 16

Q

Your company’s infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation.
The resources required by each business unit are identical.
You are required to sanction a strategy to create Azure resources automatically.
Solution: You recommend that the Azure API Management service be included in the strategy.
Does the solution meet the goal?

Answer

A

No (ARM does)

Question 17

Q

Your company’s infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation.
The resources required by each business unit are identical.
You are required to sanction a strategy to create Azure resources automatically.
Solution: You recommend that management groups be included in the strategy.
Does the solution meet the goal?

Question 18

Q

Your company’s infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation.
The resources required by each business unit are identical.
You are required to sanction a strategy to create Azure resources automatically.
Solution: You recommend that the Azure Resource Manager templates be included in the strategy.
Does the solution meet the goal?

Question 19

Q

You are tasked with deploying a critical LOB application, which will be installed on a virtual machine, to Azure.
You are informed that the application deployment strategy should allow for a guaranteed availability of 99.99 percent. You need to make sure that the strategy requires as little virtual machines and availability zones as possible.
Solution: You include two virtual machines and one availability zone in your strategy.
Does the solution meet the goal?

Answer

A

No (two of one, and two of second)

Question 20

Q

You are tasked with deploying a critical LOB application, which will be installed on a virtual machine, to Azure.
You are informed that the application deployment strategy should allow for a guaranteed availability of 99.99 percent. You need to make sure that the strategy requires as little virtual machines and availability zones as possible.
Solution: You include one virtual machine and two availability zones in your strategy.
Does the solution meet the goal?

Answer

A

No (two and two)

Question 21

Q

You are tasked with deploying a critical LOB application, which will be installed on a virtual machine, to Azure.
You are informed that the application deployment strategy should allow for a guaranteed availability of 99.99 percent. You need to make sure that the strategy requires as little virtual machines and availability zones as possible.
Solution: You include two virtual machines and two availability zones in your strategy.
Does the solution meet the goal?

Question 22

Q

Your company’s developers intend to deploy a large number of custom virtual machines on a weekly basis. They will also be removing these virtual machines during the same week it was deployed. Sixty percent of the virtual machines have Windows Server 2016 installed, while the other forty percent has Ubuntu Linux installed.
You are required to make sure that the administrative effort, needed for this process, is reduced by employing a suitable Azure service.
Solution: You recommend the use of Microsoft Managed Desktop.
Does the solution meet the goal?

Answer

A

No (Azure DevTest Lab)

Question 23

Q

Your company’s developers intend to deploy a large number of custom virtual machines on a weekly basis. They will also be removing these virtual machines during the same week it was deployed. Sixty percent of the virtual machines have Windows Server 2016 installed, while the other forty percent has Ubuntu Linux installed.
You are required to make sure that the administrative effort, needed for this process, is reduced by employing a suitable Azure service.
Solution: You recommend the use of Azure Reserved Virtual Machines (VM) Instances.
Does the solution meet the goal?

Answer

A

No (Azure DevTest Lab)

Question 24

Q

Your company’s developers intend to deploy a large number of custom virtual machines on a weekly basis. They will also be removing these virtual machines during the same week it was deployed. Sixty percent of the virtual machines have Windows Server 2016 installed, while the other forty percent has Ubuntu Linux installed.
You are required to make sure that the administrative effort, needed for this process, is reduced by employing a suitable Azure service.
Solution: You recommend the use of Azure DevTest Labs.
Does the solution meet the goal?

Question 25

Q

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1.
The company has users that work remotely. The remote workers require access to the VMs on VNet1.
You need to provide access for the remote workers.
What should you do?

A. Configure a Site-to-Site (S2S) VPN.
B. Configure a VNet-toVNet VPN.
C. Configure a Point-to-Site (P2S) VPN
D. Configure DirectAccess on a Windows Server 2012 server VM.
E. Configure a Multi-Site VPN
Hide Solution

Answer

A

Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer.

Question 26

Q

You have been informed by your superiors of the company’s intentions to automate server deployment to Azure. There is, however, some concern that administrative credentials could be uncovered during this process.
You are required to make sure that during the deployment, the administrative credentials are encrypted using a suitable Azure solution.
Solution: You recommend the use of Azure Information Protection.
Does the solution meet the goal?

Answer

A

No (Azure Key Vault)

Question 27

Q

You have been informed by your superiors of the company’s intentions to automate server deployment to Azure. There is, however, some concern that administrative credentials could be uncovered during this process.
You are required to make sure that during the deployment, the administrative credentials are encrypted using a suitable Azure solution.
Solution: You recommend the use of Azure Multi-Factor Authentication (MFA).
Does the solution meet the goal?

Answer

A

No (Azure Key Vault)

Question 28

Q

The company would like to develop a cloud solution by making use of Azure Government. Azure Government can only be used by certain types of clients to develop cloud solutions.
Which of the following are the types of customers that can make use of Azure Government in this situation? Answer by dragging the correct option from the list to the answer area.
Select and Place:
A government contractor from any country.
A government entity from any country.
A European government contractor.
A European government entity.
A United States
government contractor.
A United States government entity.

Answer

A

A United States
government contractor.
A United States government entity.

Question 29

Q

Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Identity Protection.
Does the solution meet the goal?

Question 30

Q

Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Privileged Identity Management.
Does the solution meet the goal?

Answer

A

No (Azure AD Identity Protection)

Question 31

Q

You are planning a strategy to deploy numerous web servers and database servers to Azure.
This strategy should allow for connection types between the web servers and database servers to be controlled.
Solution: You include network security groups (NSGs) in your strategy.
Does the solution meet the goal?

Question 32

Q

You are planning a strategy to deploy numerous web servers and database servers to Azure.
This strategy should allow for connection types between the web servers and database servers to be controlled.
Solution: You include a local network gateway in your strategy.
Does the solution meet the goal?

Answer

A

No (Network Security Groups NSGs)

Question 33

Q

Your company’s Active Directory forest includes thousands of user accounts.
You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired.
You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed.
Solution: You plan to require Azure Multi-Factor Authentication (MFA).
Does the solution meet the goal?

Answer

A

No (Azure Active Directory)

Question 34

Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

A platform as a service (PaaS) solution that hosts web apps in Azure provides full control of the operating systems that host applications.
О
A platform as a service (PaaS) solution that hosts web apps in Azure provides the ability to scale the platform automatically.
C
A platform as a service (PaaS) solution that hosts web apps in Azure provides professional development services to continuously add features to custom applications.

Answer

A

Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to the virtual machine, the operating system or
IIS.

Box 2: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling means adding more load balanced virtual machines to host the web apps.

Box 3: Yes -
PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. PaaS development tools can cut the time it takes to code new apps with pre-coded application components built into the platform, such as workflow, directory services, security features, search and so on.

Question 35

Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Azure provides flexibility between capital expenditure (CapE) and operational exponditure (OpEx).
If you create two Azure virtual machines that use the B2S size, each virtual machine will always generate the same monthly costs.
When an Azure virtual machine is stopped, you continue to pay storage costs associated to the virtual machine.

Answer

A

Box 1: Yes -
Traditionally, IT expenses have been considered a Capital Expenditure (CapEx). Today, with the move to the cloud and the pay-as-you-go model, organizations have the ability to stretch their budgets and are shifting their IT CapEx costs to Operating Expenditures (OpEx) instead. This flexibility, in accounting terms, is now an option due to the ג€as a Serviceג€ model of purchasing software, cloud storage and other IT related resources.

Box 2: No -
Two virtual machines using the same size could have different disk configurations. Therefore, the monthly costs could be different.

Box 3: Yes -
When an Azure virtual machine is stopped, you don’t pay for the virtual machine. However, you do still pay for the storage costs associated to the virtual machine.
The most common storage costs are for the disks attached to the virtual machines. There are also other storage costs associated with a virtual machine such as storage for diagnostic data and virtual machine backups.

Question 36

Q

To complete the sentence, select the appropriate option in the answer area.

When you are implementing a Software as a Service (SaaS) solution, you are responsible for
- configuring high availability.
- defining scalability rules.
- installing the SaaS solution.
- configuring the SaaS solution.

Answer

A

Configuring the SaaS solution.

When you are implementing a Software as a Service (SaaS) solution, you are responsible for configuring the SaaS solution. Everything else is managed by the cloud provider.
SaaS requires the least amount of management. The cloud provider is responsible for managing everything, and the end user just uses the software.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools
(such as Microsoft Office 365).
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software and app data are located in the service provider’s data center. The service provider manages the hardware and software and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well.

Question 37

Q

You have an on-premises network that contains several servers.
You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period.
What should you include in the recommendation?

A. fault tolerance
B. elasticity
C. scalability
D. low latency

Answer

A

Fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components.

Question 38

Q

To complete the sentence, select the appropriate option in the answer area.

An organization that hosts its infrastructure … no longer requires a data center.
in a private cloud
in a hybrid cloud
in the public cloud
on a Hyper-V host

Answer

A

In the public cloud

Question 39

Q

What are two characteristics of the public cloud? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. dedicated hardware
B. unsecured connections
C. limited storage
D. metered pricing
E. self-service management

Answer

A

D. metered pricing Most Voted
E. self-service management

With the public cloud, you get pay-as-you-go pricing ג€” you pay only for what you use, no CapEx costs.
With the public cloud, you have self-service management. You are responsible for the deployment and configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the cloud resources is managed by the cloud provider.

A: You don’t have dedicated hardware. The underlying hardware is shared so you could have multiple customers using cloud resources hosted on the same physical hardware.
B: Connections to the public cloud are secure.
C: Storage is not limited. You can have as much storage as you like.

Question 40

Q

To complete the sentence, select the appropriate option in the answer area.

When planning to migrate a public website to Azure, you must plan to deploy a VPN.
pay monthly usage costs.
pay to transfer all the website data to Azure.
reduce the number of connections to the website.

Answer

A

Pay monthly usage costs.
When planning to migrate a public website to Azure, you must plan to pay monthly usage costs. This is because Azure uses the pay-as-you-go model.

Question 41

Q

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure SQL databases.
Does this meet the goal?

Answer

A

Yes. Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does meet the goal.

Question 42

Q

Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.
Does this meet the goal?

Answer

A

No. The question say you create a virtual machine as a part of the solution. However, you cannot create a vm in PaaS…Vm runs underneath of PaaS solution…user can only use Paas to create the application not infrastructure such as vm. An Azure VM with SQL server installed in it falls under IaaS.

Question 43

Q

Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure Storage accounts.
Does this meet the goal?

Answer

A

No
Azure App Service is a PaaS (Platform as a Service) service. However, Azure Storage accounts are an IaaS (Infrastructure as a Service) service. Therefore, this solution does not meet the goal.

Question 44

Q

Your company hosts an accounting application named App1 that is used by all the customers of the company.
App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.
Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?

A. high availability
B. high latency
C. elasticity
D. load balancing

Answer

A

Elasticity in this case is the ability to provide additional compute resource when needed and reduce the compute resource when not needed to reduce costs.
Autoscaling is an example of elasticity.

Question 45

Q

You plan to migrate a web application to Azure. The web application is accessed by external users.
You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.
What should you include in the recommendation?

A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (IaaS)
D. Database as a Service (DaaS)

Answer

A

Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services.

Question 46

Q

Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? To answer, select the appropriate options in the answer area.

Azure virtual machines:
Azure SQL databases:
Infrastructure as a service (laas)
Platform as a service (Paas)
Software as a service (Saas)

Answer

A

Box 1:
Azure virtual machines are Infrastructure as a Service (IaaS).
Infrastructure as a Service is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs your application (IT infrastructure servers and virtual machines (VMs), storage, networks, and operating systems). Instead of buying hardware, with IaaS, you rent it.
Box 2:
Azure SQL databases are Platform as a Service (Paas).
Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. Azure SQL Database is always running on the latest stable version of SQL Server
Database Engine and patched OS with 99.99% availability. PaaS capabilities that are built-in into Azure SQL database enable you to focus on the domain specific database administration and optimization activities that are critical for your business.

Question 47

Q

You have an on-premises network that contains 100 servers.
You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.
What should you include in the recommendation?

A. a complete migration to the public cloud
B. an additional data center
C. a private cloud
D. a hybrid cloud

Answer

A

A hybrid cloud is a combination of a private cloud and a public cloud.
Capital expenditure is the spending of money up-front for infrastructure such as new servers.
With a hybrid cloud, you can continue to use the on-premises servers while adding new servers in the public cloud (Azure for example). Adding new servers in
Azure minimizes the capital expenditure costs as you are not paying for new servers as you would if you deployed new server on-premises.
Incorrect Answers:
A: A complete migration of 100 servers to the public cloud would involve a lot of operational expenditure (the cost of migrating all the servers).
B: An additional data center would involve a lot of capital expenditure (the cost of the new infrastructure).
C: A private cloud is hosted on on-premises servers to this would involve a lot of capital expenditure (the cost of the new infrastructure to host the private cloud).

Question 48

Q

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

To achieve a hybrid cloud model, a company must always migrate from a private cloud
model.
A company can extend the capacity of its internal network by using the public cloud.
In a public cloud model, only guest users at your company can access the resources in the cloud.

Answer

A

Box 1: No -
It is not true that a company must always migrate from a private cloud model to implement a hybrid cloud. You could start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid cloud.

Box 2: Yes -
A company can extend the capacity of its internal network by using the public cloud. This is very common. When you need more capacity, rather than pay out for new on-premises infrastructure, you can configure a cloud environment and connect your on-premises network to the cloud environment by using a VPN.

Box 3: No -
It is not true that only guest users can access cloud resources. You can give anyone with an account in Azure Active Directory access to the cloud resources.
There are many authentication scenarios but a common one is to replicate your on-premises Active Directory accounts to Azure Active Directory and provide access to the Azure Active Directory accounts. Another commonly used authentication method is ‘Federation’ where authentication for access to cloud resources is passed to another authentication provider such as an on-premises Active Directory.

Question 49

Q

You plan to migrate several servers from an on-premises network to Azure.
What is an advantage of using a public cloud service for the servers over an on-premises network?

A. The public cloud is owned by the public, NOT a private corporation
B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud
C. All public cloud resources can be freely accessed by every member of the public
D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

Answer

A

D
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies create resources such as virtual machines and virtual networks on the hardware resources.
Incorrect Answers:
A: The public cloud is not owned by the public. In the case of Microsoft Azure, the cloud is owned by Microsoft.
B: The public cloud is a not crowd-sourcing solution. In the case of Microsoft Azure, the cloud is owned by Microsoft.
C: It is not true that public cloud resources can be freely accessed by every member of the public. You pay for a cloud subscription and create accounts for your users to access your cloud resources. No one can access your cloud resources until you create user accounts and provide the appropriate access permissions.

Question 50

Q

Azure Site Recovery provides … for virtual machines.
fault tolerance
disaster recovery
elasticity
high availability

Answer

A

disaster recovery

Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview

Question 51

Q

In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple tenants?

A. private
B. hybrid
C. public

Answer

A

public
Microsoft Azure, Amazon Web Services and Google Cloud are three examples of public cloud services.
Microsoft, Amazon and Google own the hardware. The tenants are the customers who use the public cloud services.

Question 52

Q

An Azure web app that queries an on-premises Microsoft SQL server is an example of a cloud.
hybrid
multi-vendor
private
public

Question 53

Q

You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.
You need to identify which expenditure model to use for the planned Azure solution.
Which expenditure model should you identify?

A. operational
B. elastic
C. capital
D. scalable

Answer

A

operational
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it). This switch also requires more careful management of your costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it’s not needed.

Question 54

Q

Disaster recovery
Fault tolerance
Low latency
Dynamic scalabilty

A cloud service that remains available after a failure occurs
A cloud service that can be recovered after a failure occurs
A cloud service that performs quickly when demand increases
A cloud service that can be accessed quickly from the Internet.

Answer

A

Box 1:
Fault tolerance is the ability of a service to remain available after a failure of one of the components of the service. For example, a service running on multiple servers can withstand the failure of one of the servers.
Box 2:
Disaster recovery is the recovery of a service after a failure. For example, restoring a virtual machine from backup after a virtual machine failure.
Box 3:
Dynamic scalability is the ability for compute resources to be added to a service when the service is under heavy load. For example, in a virtual machine scale set, additional instances of the virtual machine are added when the existing virtual machines are under heavy load.
Box 4:
Latency is the time a service to respond to requests. For example, the time it takes for a web page to be returned from a web server. Low latency means low response time which means a quicker response.

Question 55

Q

To implement a hybrid cloud model, a company must have an internal network.

A company can extend the computing resources of its internal network by using a hybrid cloud.

In a public cloud model, only quest users at your company can access the resources in the cloud.

Answer

A

Box 1: No -
It is not true that a company must always migrate from an internal network to implement a hybrid cloud. You could start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid cloud.

Box 2: Yes -
A company can extend the computing resources of its internal network by using the public cloud. This is very common. When you need more resources, rather than pay out for new on-premises infrastructure, you can configure a cloud environment and connect your on-premises network to the cloud environment by using a VPN.

Box 3: No -
It is not true that only guest users can access cloud resources. You can give anyone with an account in Azure Active Directory access to the cloud resources.
There are many authentication scenarios but a common one is to replicate your on-premises Active Directory accounts to Azure Active Directory and provide access to the Azure Active Directory accounts. Another commonly used authentication method is ‘Federation’ where authentication for access to cloud resources is passed to another authentication provider such as an on-premises Active Directory.

Question 56

Q

A Platform as a Service (PaaS) solution provides full control of operating systems that host applications.
A Platform as a Service (PaaS) solution provides additional memory to apps by changing pricing tiers.
A Platform as a Service (PaaS) solution can automatically scale the number of instances.

Answer

A

No
No
Yes

Question 57

Q

Your company has an on-premises network that contains multiple servers.
The company plans to reduce the following administrative responsibilities:
✑ Backing up application data
✑ Replacing failed server hardware
✑ Managing physical server security
✑ Updating server operating systems
✑ Managing permissions to shared documents
The company plans to migrate servers to Azure virtual machines.
You need to identify which administrative responsibilities will be eliminated after the planned migration.
Which two responsibilities should you identify? Each correct answer presents a complete solution.

A. Replacing failed server hardware
B. Backing up application data
C. Managing physical server security
D. Updating server operating systems
E. Managing permissions to shared documents

Answer

A

A. Replacing failed server hardware
C. Managing physical server security

Azure virtual machines run on Hyper-V physical servers. The physical servers are owned and managed by Microsoft. As an Azure customer, you have no access to the physical servers. Microsoft manage the replacement of failed server hardware and the security of the physical servers so you don’t need to.
Incorrect Answers:
B: Microsoft have no control over the applications you run on the virtual machines. Therefore, it is your responsibility to ensure that application data is backed up.
D: Microsoft do not manage the operating systems you run on the virtual machines. Therefore, it is your responsibility to ensure that the operating systems are updated.
E: Microsoft have no control over the shared folders you host on the virtual machines. Therefore, it is your responsibility to ensure that folder permissions are configured appropriately.

Question 58

Q

Azure Pay-As-You-Go pricing is an example of CapEx.
Paying electricity for your datacenter is an example of OpEx.
Deploying your own datacenter is an example of CapEx.

Answer

A

No
Yes
Yes

Operating expenses (OpEx) are the funds that support your day-to-day business. OpEx items are generally used up within the year they are purchased. Examples include: Consumables such as printer cartridges, paper, electricity, and other supplies.

Question 59

Q

You plan to provision Infrastructure as a Service (IaaS) resources in Azure.
Which resource is an example of IaaS?
A. an Azure web app
B. an Azure virtual machine
C. an Azure logic app
D. an Azure SQL database

Answer

A

an Azure virtual machine

An Azure virtual machine is an example of Infrastructure as a Service (IaaS).
Azure web app, Azure logic app and Azure SQL database are all examples of Platform as a Service (Paas).

Question 60

Q

To which cloud models can you deploy physical servers?
A. private cloud and hybrid cloud only
B. private cloud only
C. private cloud, hybrid cloud and public cloud
D. hybrid cloud only

Answer

A

private cloud and hybrid cloud only

A private cloud is on-premises so you can deploy physical servers.
A hybrid cloud is a mix of on-premise and public cloud resources. You can deploy physical servers on-premises.

Question 61

Q

No required capital expenditure.
Provides complete control over security.
Provides a choice to use on-premises or cloud-based resources.

Hybrid Cloud
Private Cloud
Public Cloud

Answer

A

Box 1: Public Cloud -
With a public cloud, there is no capital expenditure on server hardware etc. You only pay for cloud resources that you use as you use them.

Box 2: Private Cloud -
A private cloud exists on premises, so you have complete control over security.

Box 3: Hybrid Cloud -
A hybrid cloud is a mix of public cloud resources and on-premises resources. Therefore, you have a choice to use either.

Question 62

Q

A company can extend a private cloud by adding its own physical servers to the public cloud.
To build a hybrid cloud, you must deploy resources to the public cloud.
A private cloud must be disconnected from the internet.

Answer

A

Box 1: No -
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.

Box 2: Yes -
A hybrid cloud is a combination of a private cloud and public cloud. Therefore, to create a hybrid cloud, you must deploy resources to a public cloud.

Box 3: No.
It is not true that a private cloud must be disconnected from the Internet. Private clouds can be and most commonly are connected to the Internet. Private cloud means that the physical servers are managed by you. It does not mean that it is disconnected from the Internet.

Question 63

Q

You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The on-premises virtual machines and the Azure virtual machines connect to each other.
Which type of cloud model is this?
A. hybrid
B. private
C. public

Question 64

Q

A platform as a service (PaaS) solution that hosts web apps in Azure provides full control of the operating systems that host applications.
A Platform as a Service (PaaS) solution that hosts web apps in Azure can be provided with additional memory by changing the pricing tier.
A Platform as a Service (PaaS) solution that hosts web apps in Azure can be configured to automatically scale the number of instances based on demand.

Answer

A

Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to the virtual machine, the operating system or
IIS.

Box 2: Yes -

Box 3: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling means adding more load balanced virtual machines to host the web apps.

Answer 51

A

No.
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure “servers, storage, and networking” but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.
However, virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant computing infrastructure, provisioned and managed over the internet.

Answer 52

A

C. Infrastructure as a Service (laaS) is an instant computing infrastructure, provisioned and managed over the internet. The IaaS service provider manages the infrastructure, while you purchase, install, configure, and manage your own software
Incorrect Answers:
A: Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools. In this scenario, you need to run your own apps, and therefore require an infrastructure.
B:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure “servers, storage, and networking”but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

Answer 53

A

Box 1: No -
Building a data center infrastructure is capital expenditure, not operation expenditure.

Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as staff salaries.

Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as leasing software. If you purchased software as a one-off purchase, that would be CapEx, but leasing software is ongoing so it’s OpEx.

Answer 54

A

Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.
Azure Cosmos DB is a fully managed platform-as-a-service (PaaS)

Answer 55

A

No
Yes
Yes

Answer 56

A

Box 1: No
Box 2: No
Each resource can exist in only one resource group.
Box 3: Yes
Resources from multiple different regions can be placed in a resource group. The resource group only contains metadata about the resources it contains.

Answer 57

A

No
Yes
No

Answer 58

A

Platform as a service (PaaS).

Answer 59

A

C
Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does meet the goal.

Answer 60

A

A
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software and app data are located in the service provider’s data center. The service provider manages the hardware and software and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well.

Answer 61

A

Yes
Yes
Yes

Answer 62

A

Yes
Yes
Yes

Answer 63

A

D. Define your strategy.

Answer 64

A

Box 1: No -
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.
Box 2: No -
A private cloud exists in cyberspace and is accessed via the internet.
Box 3: Yes.

Answer 65

A

Box 1: No -
Virtual Machines works.

Box 2: Yes -
Simply put, cloud computing is the delivery of computing servicesג€”including servers, storage, databases, networking, software, analytics, and intelligenceג€”over the Internet (the cloud) to offer faster innovation, flexible resources, and economies of scale.

Box 3: Yes

Answer 66

A

Scalability
Geo-distribution
Agility

Answer 67

A

You set up disaster recovery for Azure VMs using Azure Site Recovery.

Answer 68

A

Box 1: Azure Platform as a service (PaaS)
Organizations typically use PaaS for these scenarios:
Development framework. PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. Similar to the way you create an Excel macro, PaaS lets developers create applications using built-in software components. Cloud features such as scalability, high-availability, and multi-tenant capability are included, reducing the amount of coding that developers must do.
Box 2:
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools
(such as Microsoft Office 365).
SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider’s data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well. SaaS allows your organization to get quickly up and running with an app at minimal upfront cost.

Answer 69

A

B
Cloud Infrastructure-based Applications. It moves your existing on-premises apps to the Infrastructure as a Service (IaaS) platform or re-hosts them. Lift & Shift is a common term for this type of relocation. The programs will be nearly identical to what they were before, but they will now be able to run on cloud VMs.

Answer 70

A

Box: configuring the Saas Solution
Software as a service (or SaaS) is a way of delivering applications over the Internet as a service. Instead of installing and maintaining software, you simply access it via the Internet, freeing yourself from complex software and hardware management.
SaaS applications are sometimes called Web-based software, on-demand software, or hosted software. Whatever the name, SaaS applications run on a SaaS provider’s servers. The provider manages access to the application, including security, availability, and performance.

Answer 71

A

Box: hybrid -
You can deploy hybrid app with on-premises data that scales cross-cloud.

Answer 72

A

Box: Platform as a service (PaaS)
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. You purchase the resources you need from a cloud service provider on a pay- as-you-go basis and access them over a secure Internet connection.
Like IaaS, PaaS includes infrastructure servers, storage, and networking, but also middleware, development tools, business intelligence (BI) services, database management systems, and more.

Answer 73

A

A
A hybrid cloud sometimes called a cloud hybrid is a computing environment that combines an on-premises datacenter (also called a private cloud) with a public cloud, allowing data and applications to be shared between them. Some people define hybrid cloud to include multicloud configurations where an organization uses more than one public cloud in addition to their on-premises datacenter.

Answer 74

A

Elasticity
An Azure virtual machine scale set can automatically increase or decrease the number of VM instances that run your application. This automated and elastic behavior reduces the management overhead to monitor and optimize the performance of your application.
Also: Azure elasticity as a service is referred to a cloud service that enables in automatically scaling Azure hosted resources in par with the demand and configured parameters. It provides Azure Administrators with the ability to auto scale Azure infrastructure and resources as and when needed.

Answer 75

A

Box 1: No -
You would need to setup the VNET connections, for example with peering.
Note: You can connect virtual networks to each other with virtual network peering. These virtual networks can be in the same region or different regions (also known as Global VNet peering). Once virtual networks are peered, resources in both virtual networks can communicate with each other.

Box 2: Yes -
All Azure resource types have a scope that defines the level that resource names must be unique. A resource must have a unique name within its scope.
For example, a virtual network has a resource group scope, which means that there can be only one network named vnet-prod-westus-001 in a given resource group.

Box 3: Yes -
As you build your network in Azure, it is important to keep in mind the following universal design principles:
Ensure non-overlapping address spaces. Make sure your VNet address space (CIDR block) does not overlap with your organization’s other network ranges.

Answer 76

A

B
Vertical scaling, also known as scale up and scale down, means increasing or decreasing virtual machine (VM) sizes in response to a workload. Compare this behavior with horizontal scaling, also referred to as scale out and scale in, where the number of VMs is altered depending on the workload.

Answer 77

A

A. enables the rapid provisioning of resources
D. shifts capital expenditures (CAPEX) to operating expenditures (OPEX)

Azure allows you to build, deploy, and manage apps more quickly and easily without having to buy and/or maintain the underlying infrastructure.
Azure provides flexibility between CapEx and OpEx
Capital expenditures generate benefits over a long period. These expenditures are generally nonrecurring and result in the acquisition of permanent assets.
Building an application could qualify as a capital expenditure. Example, Azure Reserved Instances (Azure RI) help Azure’s most active customers save on long- term VM usage reserving VMs in advance at a discounted price by committing to a one or three-year benefits.
Operating expenditures are ongoing costs of doing business. Consuming cloud services in a pay-as-you-go model could qualify as an operating expenditure.
Example, you pay for a service or product as you use it i.e. pay-as-you-go pricing.

Answer 78

A

D. isolation and segmentation
Implement network segmentation patterns on Azure.
A unified enterprise segmentation strategy guides technical teams to consistently segment access using networking, applications, identity, and any other access controls. Create segmentation in your network footprint by defining perimeters.
The main reasons for segmentation are:
The ability to group related assets that are a part of (or support) workload operations.
Isolation of resources.
Governance policies set by the organization.

Answer 79

A

Because of geo-distribution you can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.

Answer 80

A

Scalability
High availability
Geo-distribution

Answer 81

A

D. high availability

Answer 82

A

D. an Azure data center failure
Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

Answer 83

A

A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of the
VPN. A ‘connection’ is what connects the Local Network Gateway and the Virtual Network Gateway to bring up the VPN.
The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

Answer 84

A

No (two or more AZs will help)
A resource group is a logical container for Azure resources. When you create a resource group, you specify which location to create the resource group in.
However, when you create a virtual machine and place it in the resource group, the virtual machine can still be in a different location (different datacenter).
Therefore, creating multiple resource groups, even if they are in separate datacenters does not ensure that the services running on the virtual machines are available if a single data center fails.

Answer 85

A

No (two or more AZs will help)
This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Answer 86

A

Box 1: No -
An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one Azure AD tenant.
Box 2: Yes
Box 3: No -
If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure subscription.

Answer 87

A

B. Management groups

Answer 88

A

A. multiple subscriptions
D. multiple resource groups
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription.

Answer 89

A

Box 1: Yes -
You can use the same account to manage multiple subscriptions. You can create an additional subscription for your account in the Azure portal. You may want an additional subscription to avoid hitting subscription limits, to create separate environments for security, or to isolate data for compliance reasons.
Box 2: No -
You cannot merge two subscriptions into a single subscription. However, you can move some Azure resources from one subscription to another. You can also transfer ownership of a subscription and change the billing type for a subscription.
Box 3: Yes -
A company can have multiple subscriptions and store resources in the different subscriptions. However, a resource instance can exist in only one subscription.

Answer 90

A

The virtual machines can be moved to the new subscription.
You can move a VM and its associated resources to a different subscription by using the Azure portal.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.

Answer 91

A

A. a virtual network gateway
E. a gateway subnet
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named ‘GatewaySubnet’.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.

Answer 92

A

D. Create a new support request.
Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request, select ‘Service and subscription limits (quotas)’ for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select ‘SQL Database Managed Instance’ as the quote type.

Answer 93

A

Box 1: No -
You can assign service administrators and co-administrators in the Azure Portal but there can only be one account administrator.
Box 2: No -
You need an Azure Active Directory account to manage a subscription, not a Microsoft account.
An account is created in the Azure Active Directory when you create the subscription. Further accounts can be created in the Azure Active Directory to manage the subscription.
Box 3: No -
Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups.

Answer 94

A

Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Availability zones can be used with many Azure services, not just VMs.
Box 3: No -
Availability Zones are unique physical locations within a single Azure region.

Answer 95

A

Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS and data disks are implemented as virtual disks where data is durably persisted in the Azure Storage platform and then delivered to the virtual machines for maximum performance. Azure Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.

Answer 96

A

B. a virtual network for FinServer and another virtual network for all the other servers
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.

Answer 97

A

C. a File service in a storage account
Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on.
Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you’re accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.

Answer 98

A

Azure Cosmos DB
Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.
Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure Functions, Cosmos DB makes storing data quick and easy with much less code than required for storing data in a relational database.

Answer 99

A

A. a subscription
The first thing you create in Azure is a subscription. You can think of an Azure subscription as an ‘Azure account’. You get billed per subscription.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption.
✑ Microsoft’s Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and Dynamics 365) charge per-user license fees.
✑ Microsoft’s Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption.
You can also use a trial subscription, but the subscription expires after a specific amount of time or consumption charges. You can convert a trial subscription to a paid subscription.
Organizations can have multiple subscriptions for Microsoft’s cloud offerings.

Answer 100

A

Box 1: No -
Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may be wondering, “Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the resource group location matter at all?” The resource group stores metadata about the resources. When you specify a location for the resource group, you’re specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
Box 2: No -
Tags for Resources are not inherited by default from their Resource Group
Box 3: Yes -
A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group.

Answer 101

A

must be rehydrated before the data can be accessed.
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or modified. To read or download a blob in archive, you must first rehydrate it to an online tier.
Example usage scenarios for the archive access tier include:
✑ Long-term backup, secondary backup, and archival datasets
✑ Original (raw) data that must be preserved, even after it has been processed into final usable form.
✑ Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.

Answer 102

A

2, 2
You need a minimum of two virtual machines with each one located in a different availability zone.
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability
Zones, Azure offers industry best 99.99% VM uptime SLA.

Answer 103

A

A. Azure Event Hubs
Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters.
Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to get actionable insights. Event Hubs uses a partitioned consumer model, enabling multiple applications to process the stream concurrently and letting you control the speed of processing.
Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or Azure Data Lake Storage for long-term retention or micro-batch processing.

Answer 104

A

within a single Azure region
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region.

Answer 105

A

Box 1: Yes -
There are different replication options available with a storage account. The ‘minimum’ replication option is Locally Redundant Storage (LRS). With LRS, data is replicated synchronously three times within the primary region.
Box 2: No -
Data is not backed up automatically to another Azure Data Center although it can be depending on the replication option configured for the account. Locally
Redundant Storage (LRS) is the default which maintains three copies of the data in the data center.
Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.
Box 3: No -
The limits are much higher than that. The current storage limit is 2 PB for US and Europe, and 500 TB for all other regions (including the UK) with no limit on the number of files.

Answer 106

A

Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Regions that support availability zones support Linux virtual machines.
Box 3: No -
AZs are within the same region - thus replicating data across regions is incorrect

Answer 107

A

Box 1: No -
North America has several Azure regions, including West US, Central US, South Central US, East Us, and Canada East.
Box 2: Yes -
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
Box 3: No -
Outbound data transfer is charged at the normal rate and inbound data transfer is free.

Answer 108

A

B. Azure Service Health
Azure Service Health provides a personalized view of the health of the Azure services and regions you’re using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use.

Answer 109

A

IoT Hub - A managed service that provides bidirectional communication between IoT devices and Azure

IoT Central - A fully managed software as a service (SaaS) solution to connect, monitor, and manage IoT devices at scale

Azure Sphere - A software and hardware solution that provides communication and security features for IoT devices

Answer 110

A

Box 1: No
A Windows Virtual Desktop session host can run Windows 10 only
Box 2: No
A Windows Virtual Desktop host pool that includes 20 session hosts supports a maximum of 20 simultaneous user connections
Box 3: Yes
Windows Virtual Desktop supports desktop and app virtualization

Answer 111

A

The Azure Total Cost of Ownership (TCO) calculator can calculate cost savings due to reduced electricity consumption as a result of migrating on-premises Microsoft SQL servers to Azure.

Answer 112

A

Box 1: Yes
You can use Availability Zones in Azure to protect Azure virtual machines from a datacenter failure.
Box 2: No
You can use Availability Zones in Azure to protect Azure virtual machines from a region failure.
Box 3: Yes
You can use Availability Zones in Azure to protect Azure managed disks from a datacenter failure.

Answer 113

A

Box 1: No -
A subscription can have multiple administrators, but there can only be one account administrator.
Box 2: Yes -
An Azure subscription can be managed by using a Microsoft account only
Box 3: No -
A subscription can contain multiple resource groups but a resource group can only belong to one subscription. Resource groups can contain multiple resources.

Answer 114

A

contains one or more data centers that are connected by using a low-latency network.
A region is a set of data centres deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

Answer 115

A

Box 1: Yes
To use Azure Active Directory (Azure AD) credentials to sign in to a computer that runs Windows 10, the computer must be joined to Azure AD.
Box 2: No
Users in Azure Active Directory (Azure AD) are organized by using resource groups.
Box 3: Yes
Azure Active Directory (Azure AD) groups support dynamic membership rules.

Answer 116

A

A. Deploy the virtual machines to two or more availability zones.
D. Deploy the virtual machines to two or more regions.

Answer 117

A

be deployed to a separate virtual network.

Answer 118

A

Azure Cosmos DB
A globally distributed database that supports NoSQL.
Azure HDInsight
Managed Apache Hadoop clusters in the cloud that enable you to process massive amounts of data.
Azure Synapse Analytics
A fully managed data warehouse that has integral security at every level of scale at no extra cost.

Answer 119

A

Box 1: No
The Archive access tier is set at the storage account level.
Box 2: Yes
The Hot access tier is recommended for data that is accessed and modified frequently.
Usage scenarios for the hot access tier include:
✑ Data that is in active use or is expected to be read from and written to frequently
✑ Data that is staged for processing and eventual migration to the cool access tier

Box 3: No
The Cool access tier is recommended for long term backups.
Usage scenarios for the cool access tier include:
✑ Short-term backup and disaster recovery
✑ Older data not used frequently but expected to be available immediately when accessed
Large data sets that need to be stored cost effectively, while more data is being gathered for future processing

Answer 120

A

D. an Azure data center failure
Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

Answer 121

A

C. Azure Marketplace

Answer 122

A

Azure Functions - Executes code, Is always stateful
Azure Logic Apps - Azure Logic Apps

Box 1: Azure Functions -
Azure Functions allows you to implement your system’s logic into readily available blocks of code called “functions”. Different functions can run anytime you need to respond to critical events.

Box 2: Azure Functions -
Azure Logic Apps can have multiple stateful and stateless workflows.

Box 3: Azure Logic Apps -
Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and system

Answer 123

A

Azure Policy - Restrict which virtual machine types can be created in a subscription.

Azure tags - Identify Azure resources that are associated with specific cost centers.

Azure Blueprints - Deploy a complete Azure application environment
including resources configuration and role assignments.

Answer 124

A

Box: within a single Azure region
Azure availability zones are physically separate locations within each Azure region that are tolerant to local failures.

Answer 125

A

Azure Functions - Provide a platform for serverless code.
is a cloud-based serverless service that allows running event-triggered code in a scalable way without providing or managing infrastructure.

Azure App Service - Used to build, deploy, and scale web apps.
is a fully managed platform for building web applications.
Applications run and scale with ease on both Windows and Linux-based environments.

Azure virtual machines - Provide operating system virtualization.

Azure Container Instances - Provide portable environment for virtualized applications.
is a managed service that allows you to run containers directly on the Microsoft Azure public cloud, without requiring the use of virtual machines (VMs).
Develop apps fast without managing virtual machines or having to learn new toolsג€”it’s just your application, in a container, running in the cloud.

Answer 126

A

Box: The virtual machines can be moved to the new subscription.

Answer 127

A

Azure Sphere is a highly secure loT solution that includes a microcontroller unit (MCU) and a customized Linux operating system.

Microsoft’s Azure Sphere hardware and service designed to better secure Internet of Things (IoT) devices.
Azure Sphere consists of Microsoft-certified microcontrollers “single-chip computers with processors, storage, memory and IoT capabilities” plus the Azure Sphere Linux-based OS and the Azure Sphere cloud security service.

Answer 128

A

D. availability zones

Answer 129

A

B. an Azure policy

Answer 130

A

You can use the Azure File Sync agent to sync on-premises data to an Azure file share.

Answer 131

A

C
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.
This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.

Answer 132

A

Azure App Service - Platform as a service (PaaS)
Azure virtual machines - Infrastructure as a service (laaS)
Microsoft Dynamics 365 - Software as a service (SaaS)

Answer 133

A

A cloud-based file server (Azure Files) - Infrastructure-as-a-Service (laaS)
A cloud-based accounting system (Dynamics 365) - Software-as-a-Service (SaaS)
A cloud-based service for custom apps - Platform-as-a-Service (PaaS)

Answer 134

A

D. Azure Container Instances
E. Azure Kubernetes Service (AKS)

Run Docker containers on-demand in a managed, serverless Azure environment. Azure Container Instances is a solution for any scenario that can operate in isolated containers, without orchestration.
Azure Kubernetes Service is a robust and cost-effective container orchestration service that helps you to deploy and manage containerized applications in seconds where additional resources are assigned automatically without the headache of managing additional servers.

Answer 135

A

When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same resource group.

A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.

Answer 136

A

Yes (>2 Regions also)

Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

Answer 137

A

A. No change is needed
Azure Data Warehouse (now known as Azure Synapse Analytics) is a PaaS offering from Microsoft. As with all PaaS services from Microsoft, SQL Data Warehouse offers an availability SLA of 99.9%. Microsoft can offer 99.9% availability because it has high availability features built into the platform.

Answer 138

A

Yes (>2 AZs also)

By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple datacenters. This will ensure that the services running on the virtual machines are available if a single data center fails.
Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions, giving you flexibility in choosing where to build your applications.
You create Azure resources in defined geographic regions like ‘West US’, ‘North Europe’, or ‘Southeast Asia’. You can review the list of regions and their locations.
Within each region, multiple datacenters exist to provide for redundancy and availability.

Answer 139

A

An Azure container instance is an example of an Azure compute service.

The term compute refers to the hosting model for the computing resources that your application runs on. For Azure this include:
Azure Container Instances. The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service.

Answer 140

A

B. ExpressRoute OSI Layer 3

Answer 141

A

Application Insights is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps.

Answer 142

A

Box 1: No -
A resource can interact with resources in other resource groups.

Box 2: Yes -
Deleting the resource group will remove the resource group as well as all the resources in that resource group. This can be useful for the management of resources. For example, a virtual machine has several components (the VM itself, virtual disks, network adapter etc.). By placing the VM in its own resource group, you can delete the VM along with all its associated components by deleting the resource group.

Box 3: Yes -
Resources from multiple different regions can be placed in a resource group. The resource group only contains metadata about the resources it contains.

Answer 143

A

A. Azure Data Lake
C. Azure SQL Data Warehouse

You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL Data Warehouse.

Answer 144

A

https://portal.azure.com.

The Azure portal is a web-based management interface where you can view and manage all your Azure resources in one unified hub, including web apps, databases, virtual machines, virtual networks, storage and Visual Studio team projects.

Answer 145

A

Locally-redundant storage (LRS)
Zone-redundant storage (ZRS)
Geo-redundant storage (GRS)

Answer 146

A

Azure Blob Storage is a - storage service optimized for very large objects, such as video files and bitmaps.

Answer 147

A

B. No

A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.
PowerShell can now be installed on Linux. However, the question states that the computer has Azure CLI tools, not PowerShell installed. Therefore, this solution does not meet the goal.

Answer 148

A

Yes

A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.
With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You log in to the Azure Portal and select the Azure Cloud Shell option.
This will open a PowerShell session in the Web browser. The Azure Cloud Shell has the necessary Azure PowerShell module installed.
Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory where the PowerShell script is stored.

Answer 149

A

Box 1: Yes -
Azure Service Health consists of three components: Azure Status, Azure Service Heath and Azure Resource Health.
Azure service health provides a personalized view of the health of the Azure services and regions you’re using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Azure Service Health experience knows which services and resources you currently use.

Box 2: Yes -
The best way to use Service Health is to set up Service Health alerts to notify you via your preferred communication channels when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.

Box 3: No -
You can use Resource Health to view the health of a virtual machine. However, you cannot use Resource Health to prevent a service failure affecting the virtual machine.
Azure resource health provides information about the health of your individual cloud resources such as a specific virtual machine instance.

Answer 150

A

Dashboard

On the Help and Support blade, there is a Service Health option. If you click Service Health, a new blade opens. The Service Health blade contains the Planned
Maintenance link which opens a blade where you can view a list of planned maintenance events that can affect the availability of an Azure subscription.

Answer 151

A

Azure Advisor - A tool that provides guidance and recommendations to improve an Azure environment

Azure Cognitive Services - A simplified tool to build intelligent Artificial Intelligence (AI) applications

Azure Application Insights - Monitors web applications

Azure DevOps - An integrated solution for the deployment of code

Answer 152

A

Azure HDInsight - An open-source framework for the distributed processing and analysis of big data sets in clusters

Azure Data Lake Analytics - Can run massively parallel data transformation and processing programs across petabytes of data

Azure SQL Synapse Analytics - A cloud-based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database.

Azure SQL Database - A managed relational cloud database service

Answer 153

A

✑ View security recommendations - Advisor
✑ Monitor the health of Azure services - Monitor
✑ Browse available virtual machine images - Marketplace

Answer 154

A

Yes

With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Answer 155

A

C. a logic app

Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.
For example, here are just a few workloads you can automate with logic apps:
✑ Process and route orders across on-premises systems and cloud services.
✑ Send email notifications with Office 365 when events happen in various systems, apps, and services.
✑ Move uploaded files from an SFTP or FTP server to Azure Storage.
✑ Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.

Answer 156

A

C. a content delivery network (CDN)

The question states that users are located worldwide and will be downloading large video files. The video playback experience would be improved if they can download the video from servers in the same region as the users. We can achieve this by using a content deliver network.
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).
The benefits of using Azure CDN to deliver web site assets include:
✑ Better performance and improved user experience for end users, especially when using applications in which multiple round-trips are required to load content.
✑ Large scaling to better handle instantaneous high loads, such as the start of a product launch event.
✑ Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

Answer 157

A

A. Azure Data Lake
D. Azure IoT Hub

IoT Hub (Internet of things Hub) provides data from millions of sensors.
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud- hosted solution backend. You can connect virtually any device to IoT Hub.
There are two storage services IoT Hub can route messages to – Azure Blob Storage and Azure Data Lake Storage Gen2 (ADLS Gen2) accounts. Azure Data
Lake Storage accounts are hierarchical namespace-enabled storage accounts built on top of blob storage. Both of these use blobs for their storage.

Answer 158

A

B. the Azure portal
C. Azure Cloud Shell

The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the Azure portal on an iPhone.
Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure Cloud Shell from the Azure portal. Being web-based, you can use the
Azure Cloud Shell on an iPhone.

Answer 159

A

B. Azure Machine Learning Designer

Azure Machine Learning designer lets you visually connect datasets and modules on an interactive canvas to create machine learning models.

Answer 160

A

Box 1: No -
Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup. Azure Advisor does however, generate a list of virtual that ARE NOT protected by Azure Backup. You can view a list of virtual machines that are protected by Azure Backup by viewing the Protected Items in the Azure Recovery Services Vault.

Box 2: No -
If you implement the security recommendations, you company’s score will increase, not decrease.

Box 3: No -
There is no requirement to implement the security recommendations provided by Azure Advisor. The recommendations are just that, ‘recommendations’. They are not ‘requirements’.

Answer 161

A

C. Azure Monitor

Answer 162

A

Azure Machine Learning - Uses past trainings to provide predictions that have high probability.
Azure Synapse Analytics - Provides a cloud-based Enterprise Data Warehouse (EDW).
Azure IoT Hub - Processes data from millions of sensors.
Azure Functions - Provides serverless computing functionalities.

Answer 163

A

A. Use Bash in Azure Cloud Shell.
B. Use PowerShell in Azure Cloud Shell.
E. Use the Azure portal.

The Android tablet device will have a web browser (Chrome). That’s enough to connect to the Azure portal.
The Azure portal offers three ways to create a VM:
✑ Using the graphical portal.
✑ Using the Azure Cloud Shell using Bash.
✑ Using the Azure Cloud Shell using PowerShell.

Answer 164

A

B. Azure DevTest Labs

DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:
✑ Quickly provision Windows and Linux environments by using reusable templates and artifacts.
✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.

Answer 165

A

Box 1: No -
Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations.
However, Azure Advisor does not provide recommendations on how to improve the security of an Azure AD environment.

Box 2: Yes -
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

Box 3: No.
Azure Advisor does not provide recommendations on how to configure network settings on Azure virtual machines.

Answer 166

A

A. Yes

The command can be run in the Azure Cloud Shell. Although this question says you select PowerShell rather than Bash, the Az commands will work in PowerShell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.

Answer 167

A

A. Yes

The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.

Answer 168

A

A. Yes

The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.

Answer 169

A

Computer - Windows 10 - - The Azure CLI, the Azure portal, and Azure PowerShell
Computer2 - Ubuntu - The Azure CLI, the Azure portal, and Azure PowerShell
Computer3 - MacOS Mojave - The Azure CLI, the Azure portal, and Azure PowerShell

Answer 170

A

You can access Compliance Manager from the Azure portal

Answer 171

A

Azure Resource Manager templates provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.

Azure policies are used to define rules for what can be deployed and how it should be deployed. Whilst this can help in ensuring consistency, Azure policies do not provide the common platform for deploying objects to a cloud infrastructure.

Answer 172

A

A. Yes

A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.
In this question, the computer has the Azure PowerShell module installed. Therefore, this solution does meet the goal.

Answer 173

A

B. Azure Functions

Azure Functions provide a platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.

Answer 174

A

A. a computer that runs macOS and has PowerShell Core 6.0 installed.
B. a computer that runs Windows 10 and has the Azure PowerShell module installed.
E. a computer that runs Chrome OS and uses Azure Cloud Shell.

(Azure PowerShell is available for Windows, Linux, and Mac, Chrome OS and can be accessed in a web browser via the Cloud Shell.)

Answer 175

A

A. Yes

The command can be run in the Azure Cloud Shell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.

Answer 176

A

A. Azure Resource Manager templates

You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resource through templates is known as ‘Infrastructure as code’.

Answer 177

A

No (Yes?) - You can use Azure Cost Management to view costs associated to management groups.

Yes - You can use Azure Cost Management to view costs associated to resource groups.

Yes - You can use Azure Cost Management to view the usage of virtual machines during the last three months.

Answer 178

A

A. Azure Advisor

Azure Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

Answer 179

A

Box 1: Overview -
When you assign roles, you must specify a scope. Scope is the set of resources the access applies to. In Azure, you can specify a scope at four levels from broad to narrow: management group, subscription, resource group, and resource.

Box 2: Access control (IAM)
Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources. It’s also known as identity and access management
(IAM) and appears in several locations in the Azure portal.

Answer 180

A

Azure Databricks is an Apache Spark-based analytics service

Answer 181

A

Yes
No (portal.azure is online, don’t have to install)
Yes

Answer 182

A

Azure Databricks - A big data analysis service for machine learning
Azure Functions - Provides the platform for serverless code
Azure App Service - Hosts web apps
Azure Application Insights - Detects and diagnoses anomalies in web apps

Answer 183

A

C. Azure DevTest Labs

DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
✑ Quickly provision Windows and Linux environments by using reusable templates and artifacts.
✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.

Answer 184

A

Yes
Yes
No
You can install the Az PowerShell module locally on Windows, macOS, and Linux. It can also be used from a browser through Azure Cloud Shell or inside a Docker container.

Answer 185

A

A. Command Prompt
C. Windows PowerShell

For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through the Windows Command Prompt (CMD) or PowerShell.

Answer 186

A

A. Yes
Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.
Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the overhead of installing, versioning, and maintaining a machine yourself.
Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the Android operating system.

Answer 187

A

B. No
PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual machines. Therefore, this solution does not meet the goal.

Answer 188

A

A. Yes
The Azure portal is a web-based, unified console that provides an alternative to command-line tools.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android operating system.

Answer 189

A

The Microsoft 365 Compliance admin center provides in-depth information about security, privacy, compliance offerings, policies, and features across Microsoft cloud products.
Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded.

Answer 190

A

You can manage an on-premises Windows server as an Azure resource by using Azure Arc.
Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Azure Arc provides a centralized, unified way to:
Manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager.
Manage virtual machines, Kubernetes clusters, and databases as if they are running in Azure.

Answer 191

A

Box 1: No -
Easily manage your Azure storage accounts in the cloud, from Windows, macOS, or Linux, using Azure Storage Explorer.
Box 2: Yes -
Azure cloud services can be managed in Azure Automation by using the PowerShell cmdlets that are available in the Azure PowerShell tools.
Box 3: Yes

Answer 192

A

Box 1: Yes -
Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
Box 2: Yes -
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action.
Box 3: Yes -
Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A target can be any Azure resource.

Answer 193

A

Azure Repos is a set of version control tools that you can use to manage your code.
Incorrect Answers:
B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments.
D: Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service.

Answer 194

A

You can access Azure Cloud Shell in the Azure portal by clicking the icon >_

Answer 195

A

B. Azure Monitor
In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status.

Answer 196

A

B. No
Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a network security group or Azure Firewall.

Answer 197

A

A. network security groups (NSGs)
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.

Answer 198

A

From Azure Activity Log you can view which user turned off a specific virtual machine during the last 14 days.
You would use the Azure Activity Log, not Access Control to view which user turned off a specific virtual machine during the last 14 days.
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.
In this question, we would create a filter to display shutdown operations on the virtual machine in the last 14 days.

Answer 199

A

A. Azure Firewall
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Answer 200

A

C. Azure Key Vault
Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.

Answer 201

A

B. Azure Sentinel

Answer 202

A

Yes - Azure Sentinel stores collected events in an Azure
Storage account.

Yes - Azure Sentinel can remediate incidents
automatically.

Yes - Azure Sentinel can collect Windows Defender Firewall logs from Azure virtual machines.

Answer 203

A

Box 1: Azure Sentinel - Analyze security log files from Azure virtual machines
Box 2: Azure Security Center - Display the secure score for an Azure subscription
Box 3: Azure Key Vault -
✑ Azure Active Directory (Azure AD)
Azure AD is an identity and access management service, which helps your employees sign in and access resources
✑ Azure Lighthouse
Azure Lighthouse is used for cross- and multi-tenant management.
Store passwords for use by Azure Function applications.

Answer 204

A

Box 1: No -
Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol.

Box 2: No -
A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/ destination IP address, source/destination ports and protocol.

Box 3: No -
The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was configured to require or accept the encryption.

Answer 205

A

Box 1: Yes -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they’re in Azure or not - as well as on premises.

Box 2: No -
Only two features: Continuous assessment and security recommendations, and Azure secure score, are free.

Box 3: Yes -
The advanced monitoring capabilities in Security Center also let you track and manage compliance and governance over time. The overall compliance provides you with a measure of how much your subscriptions are compliant with policies associated with your workload.

Answer 206

A

✑ Data
✑ Application
✑ Compute
✑ Networking
✑ Perimeter
✑ Identity and access
✑ Physical security

Answer 207

A

B. an Azure Key Vault

Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets.

Answer 208

A

B. IP Addresses, Service tags and Application security groups

Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag, or application security group.

Answer 209

A

Azure Sentinel uses playbooks to automatically respond to threats.

Answer 210

A

Network Address Translation (NAT) rules in Azure Firewall enables users on the internet to access a server on a virtual network.

Answer 211

A

Azure distributed denial of service (DDoS) protection is an example of protection that is implemented at the networking layer.

Answer 212

A

C. Azure Monitor workbooks

Answer 213

A

Box 1: Microsoft Sentinel -
Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.

Box 2: Microsoft Defender for Cloud
You can find your overall secure score, as well as your score per subscription, through the Azure portal. Defender for Cloud displays your secure score prominently in the portal.

Box 3: Azure Key Vault -
A favored approach to store the credentials or keys in the Azure Key Vault as secrets and reference the secrets as environment variables in our Azure functions apps

Answer 214

A

B. Microsoft Sentinel

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Answer 215

A

An Azure Policy initiative definition is a collection of policy definitions.

An Azure Policy initiative is a collection of Azure Policy definitions, or rules, that are grouped together towards a specific goal or purpose. Azure initiatives simplify management of your policies by grouping a set of policies together, logically, as a single item.

Answer 216

A

D. Microsoft Defender for Cloud
The central feature in Defender for Cloud that enables you to achieve those goals is secure score.

Answer 217

A

You can enable just in time (JIT) VM access by using Microsoft Defender for Cloud.

Lock down inbound traffic to your Azure Virtual Machines with Microsoft Defender for Cloud’s just-in-time (JIT) virtual machine (VM) access feature. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

Answer 218

A

You can view your company’s regulatory compliance report from Microsoft Defender for Cloud.
helps streamline the process for meeting regulatory compliance requirements, using the regulatory compliance dashboard. You can download PDF/CSV reports as well as certification reports of your compliance status.

Answer 219

A

A. Microsoft Sentinel
is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution.
Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response.

Answer 220

A

Azure Active Directory (Azure AD) enables users to authenticate to multiple applications by using single sign-on (SSO).

Incorrect:
Application security groups enable you to configure network security as a natural extension of an application’s structure, allowing you to group virtual machines and define network security policies based on those groups.

Answer 221

A

Box 1: No -
Azure creates the default rules in each network security group that you create. These rules allow some traffic.

Box 2: Yes -
A network security group contains zero, or as many rules as desired. These rules can refer to application security groups.

Box 3: Yes -
Azure creates the Inbound and OutBound default rules in each network security group that you create.

Answer 222

A

single sign-on (SSO) - The ability to use the same credentials to access multiple resources and applications from different providers.
authorization - The process of identifying the access level of a user or service.
multi-factor authentication (MFA) - Requires several elements to identify a user or a service.

Answer 223

A

A. Azure Key Vault
Azure Key Vault protects cryptographic keys, certificates (and the private keys associated with the certificates), and secrets (such as connection strings and passwords) in the cloud.

Answer 224

A

After you create a virtual machine, you need to modify the to allow connections to TCP port 8080 on the virtual machine network security group (NSG).

You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Answer 225

A

Azure distributed denial of service (DDoS) protection is an example of protection that is implemented at the networking layer.

Answer 226

A

Microsoft Sentinel uses playbooks to automatically respond to threats.

Playbooks are collections of procedures that can be run from Microsoft Sentinel in response to an alert or incident. A playbook can help automate and orchestrate your response, and can be set to run automatically when specific alerts or incidents are generated, by being attached to an analytics rule or an automation rule, respectively.

Answer 227

A

D. DDoS protection

DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application’s availability and its ability to handle legitimate requests.
DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.

Answer 228

A

✑ Monitor threats by using sensors - Azure Advanced Threat Protection (ATP)
✑ Enforce Azure Multi-Factor Authentication (MFA) based on a condition - Azure Active Directory (Azure AD) Identity Protection

Answer 229

A

B. Modify a network security group (NSG) Most Voted
D. Modify an Azure firewall

A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).

Brainscape's Knowledge GenomeTM

Dumps Flashcards

Brainscape's Knowledge Genome^TM