AZ-900 Flashcards

Question 1

Q

Cloud Computing Definition

Answer

A

Computing services provided over the Internet, whereby shared resources, software, and information are provided to computers and other devices on demand.

Question 2

Q

Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution.

Applications can be provisioned and deprovisioned quickly.
Hardware must be purchased.
Organizations only pay for what they use.
The company has complete control over physical resources and security.

Answer

A

Hardware must be purchased.
The company has complete control over physical resources and security.

In a private cloud, hardware must be purchased for start up and maintenance. In a private cloud, organizations control resources and security. Quick provisioning is a characteristic of the public cloud deployment model. Paying only for what is used is a characteristic of the public cloud deployment model.

Question 3

Q

What are two characteristics of a consumption-based model? Each correct answer presents a complete solution.

high capital expenditures
no upfront costs
requires the purchase and management of the physical infrastructure
the ability to stop paying for resources that are no longer needed

Answer

A

no upfront costs
the ability to stop paying for resources that are no longer needed

In a consumption-based model, you do not pay for anything until you start using resources, and you only pay for what you use. If you stop using a resource, you stop paying for it. High expenditures are usually associated with the purchase of the physical infrastructure, which is not needed in a consumption-based model.

Question 4

Q

Which two characteristics are common advantages of cloud computing? Each correct answer presents a complete solution.

elimination of horizontal scaling
geo-distribution
high availability
physical access to servers

Answer

A

geo-distribution
high availability

Cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong. You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. Apps in cloud computing can scale vertically and horizontally. In a public cloud model, you do not get physical access to servers, as they are managed by the cloud provider.

Question 5

Q

Why is cloud computing often less expensive than on-premises datacenters? Each correct answer presents a complete solution.

Cloud service offerings have limited functionality.
Network bandwidth is free.
Services are only offered in a single geographic location.
You are only billed for what you use.

Answer

A

You are only billed for what you use.

Renting compute and storage services and being billed for only what you use often lowers operating expenses. Depending on the service and the type of network bandwidth, charges can be incurred. Cloud service offerings often provide functionality that can be difficult or cost-prohibitive to deploy on-premises, especially for smaller organizations. Major cloud providers offer services around the world. Making it easy and relatively inexpensive to deploy services close to where your users reside.

Question 6

Q

Which cloud deployment model are you using if you have servers physically located at your organization’s on-site datacenter, and you migrate a few of the servers to the cloud?

hybrid cloud
private cloud
public cloud

Answer

A

hybrid cloud

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Question 7

Q

Select the answer that correctly completes the sentence.

Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called [answer choice].

disaster recovery
high availability
horizontal scaling
vertical scaling

Answer

A

vertical scaling

You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Question 8

Q

Select the answer that correctly completes the sentence.

Deploying and configuring cloud-based resources quickly as business requirements change is called [answer choice].

agility
elasticity
high availability
scalability

Answer

A

agility

Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

Question 9

Q

What is high availability in a public cloud environment dependent on?

capital expenditures
cloud-based backup retention limits
the service-level agreement (SLA) that you choose
the vertical scalability of an app

Answer

A

the service-level agreement (SLA) that you choose

Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.

Question 10

Q

Select the answer that correctly completes the sentence.

In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world.

disaster recovery
elasticity
geo-location
high availability

Answer

A

geo-location

You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. This is referred to as geo-distribution.

Question 11

Q

In a platform as a service (PaaS) model, which two components are the responsibility of the cloud service provider? Each correct answer presents a complete solution.

information and data
operating system
physical network
user access

Answer

A

operating system
physical network

In PaaS, the cloud provider is responsible for the operating system, physical datacenter, physical hosts, and physical network. In PaaS, the customer is responsible for accounts and identities.

Question 12

Q

Which type of cloud service model is typically licensed through a monthly or annual subscription?

Infrastructure as a service (IaaS)
platform as a service (PaaS)
software as a service (SaaS)

Answer

A

software as a service (SaaS)

SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.

Question 13

Q

Your organization is building a custom application.

You need to focus on application development rather than configuration and management of servers.

Which cloud service model should you use?

infrastructure as a service (IaaS)
platform as a service (PaaS)
software as a service (SaaS)

Answer

A

platform as a service (PaaS)

With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.

Question 14

Q

Which cloud service model is used by Azure SQL Database?

infrastructure as a service (IaaS)
platform as a service (PaaS)
software as a service (SaaS)

Answer

A

platform as a service (PaaS)

Azure SQL Database is a PaaS database engine.

Question 15

Q

What uses the infrastructure as a service (IaaS) cloud service model?

Azure App Services
Azure Cosmos DB
Azure virtual machines
Microsoft Office 365

Answer

A

Azure virtual machines

Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering.

Question 16

Q

Which two features are available by using Azure Cost Management + Billing? Each correct answer presents a complete solution.

Create and manage budgets.
Estimate the total cost of ownership before resources are deployed.
Generate historical reports and forecast future usage.
Provide discounted prices when you pay in advance.

Answer

A

Create and manage budgets.
Generate historical reports and forecast future usage.

Azure Cost Management allows you to create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. It also allows you to use historical data to generate reports and forecast future usage and expenditures.

Question 17

Q

You need to associate the costs of resources to different groups within an organization without changing the location of the resources.

What should you use?

administrative units
resource groups
resource tags
subscriptions

Answer

A

resource tags

Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

Question 18

Q

What can be applied to a resource to prevent accidental deletion?

a resource lock
a resource tag
a policy
an Azure Reservation

Answer

A

a resource lock

A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.

Question 19

Q

What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?

Azure Advisor
Azure Policy
resource locks
resource tags

Answer

A

Azure Policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.

Question 20

Q

You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription.

What should you implement?

Azure Policy
resource locks
resource tags
Cloud Adoption Framework

Answer

A

Azure Policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources.

Question 21

Q

What can you use to restrict the deployment of a virtual machine to a specific location?

Azure AD
Azure Policy
resource groups
resource locks

Answer

A

Azure Policy

Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.

Question 22

Q

What can you use to define the resources you want to provision in a declarative JSON format?

Azure CLI
Azure PowerShell
Azure Repos
Azure Resource Manager (ARM) templates

Answer

A

Azure Resource Manager (ARM) templates

By using ARM templates, you can describe the resources you want to use in a declarative JSON format.

Question 23

Q

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

Azure CLI
Azure management groups
Azure Resource Manager (ARM)
Azure Sphere

Answer

A

Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.

Question 24

Q

What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent?

Azure CLI
Azure PowerShell
Azure Resource Manager (ARM) templates
Azure REST API

Answer

A

Azure Resource Manager (ARM) templates

ARM templates define an application’s infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.

Question 25

Q

Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? Each correct answer presents complete solution.

PowerShell in Azure Cloud Shell
Remote Desktop
SSH
the Azure portal

Answer

A

PowerShell in Azure Cloud Shell
the Azure portal

The Azure portal can run on devices that have the Android operating system installed. The browser can be any type, such as Internet Explorer 11, Chrome, Firefox, or Safari (all the latest versions). When you visit the portal, you will see Cloud Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can use Bash and PowerShell to create Azure virtual machines.

Question 26

Q

What provides recommendations to reduce the cost of Azure resources?

Azure Advisor
Azure Dashboard
Azure Service Health
Microsoft Defender for Cloud

Answer

A

Azure Advisor

Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules.

Question 27

Q

You need to review the root cause analysis (RCA) report for a service outage that occurred last week.

Where should you look for the report?

Azure Advisor
Azure Monitor
Azure Service Health
Log Analytics

Answer

A

Azure Service Health

After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.

Question 28

Q

You need to be notified when there are new recommendations for reducing Azure costs.

Which tool should you use?

Azure Advisor
Azure Monitor
Azure Service Health
Log Analytics

Answer

A

Azure Advisor

Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Question 29

Q

You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand.

What should you include in the solution?

Application insights
Azure Advisor
Azure Monitor
Azure Service Health

Answer

A

Azure Monitor

Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.

Question 30

Q

What should you proactively review and act on to avoid service interruptions, such as service retirements and breaking changes?

application insights
Azure Monitor
health advisories
service issues

Answer

A

health advisories

Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions.

Question 31

Q

What can you use to automatically detect performance anomalies for web apps?

Azure Advisor
Azure Application Insights
Azure Cognitive Services
Azure DevOps

Answer

A

Azure Application Insights

Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

Question 32

Q

What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource?

a lock
a tag
a user-assigned managed identity
Conditional Access

Answer

A

a lock

Incorrect: A user-assigned managed identity –– Adding an identity will not add the ability to change or delete the resource.

Correct: A lock –– A resource lock will meet both requirements.

Incorrect: A tag –– A tag will not meet the requirements.

Incorrect: Conditional Access –– Conditional Access will not meet the requirements.

Question 33

Q

Select the answer that correctly completes the sentence.

[Answer choice] are physically separate datacenters within an Azure region.

Availability zones
Geographies
Region pairs
Resource groups

Answer

A

Availability zones

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Question 34

Q

Which two components are created in an Azure subscription? Each correct answer presents a complete solution.

Azure AD user accounts
management groups
resource groups
resources

Answer

A

resource groups
resources

Resources can only be associated with a single subscription. Subscriptions may be grouped into management groups. An account may be associated with multiple subscriptions.

Question 35

Q

What is an Azure Storage account named storage001 an example of?

a resource
a resource group
a resource manager
a subscription

Answer

A

a resource

A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.

Question 36

Q

For which resource does Azure generate separate billing reports and invoices by default?

accounts
management groups
resource groups
subscriptions

Answer

A

subscriptions

Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.

Question 37

Q

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

administrative units
management groups
resource groups

Answer

A

management groups

Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions.

Resource groups can be used to organize Azure resources.

Administrative units are used to delegate the administration of Azure AD resources, such as users and groups.

Accounts are used to provide access to resources

Question 38

Q

Which Azure resource is a software emulation of a physical computer that includes a virtual processor, memory, storage, and networking resources?

a container
a function
a virtual machine
an App Service

Answer

A

a virtual machine

Virtual machines are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. Virtual machines host an operating system, and you can install and run software just like on a physical computer.

Question 39

Q

What can you use to execute code in a serverless environment?

Azure Container Instances
Azure Functions
Azure Logic Apps
Azure Virtual Desktop

Answer

A

Azure Functions

Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

Question 40

Q

Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution.

Azure Bastion
Azure Firewall
Azure VPN Gateway
ExpressRoute

Answer

A

Azure VPN Gateway
ExpressRoute

ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.

Question 41

Q

What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications?

Azure Container Instances
Azure Functions
Azure Logic Apps
Azure Virtual Desktop

Answer

A

Azure Virtual Desktop

Azure Virtual Desktop is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.

Question 42

Q

Which storage service should you use to store thousands of files containing text and images?

Azure Blob storage
Azure Disk Storage
Azure Queue Storage
Azure Table storage

Answer

A

Azure Blob storage

Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Question 43

Q

Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data?

Archive
Cool
Hot

Answer

A

Archive

The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data.

Question 44

Q

Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol?

Azure Disk Storage
Azure Files
Azure Queue Storage
Azure Table storage

Answer

A

Azure Files

Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.

Question 45

Q

Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data?

Archive
Cool
Hot

Answer

A

Hot

The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.

Question 46

Q

Which Azure Storage service should you use to store unstructured files, such as images, that will be served on webpages?

Azure Blob storage
Azure Disk Storage
Azure Queue Storage
Azure Table storage

Answer

A

Azure Blob storage

Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Question 47

Q

Which two protocols are used to access Azure file shares? Each correct answer presents a complete solution.

HTTP
FTP
Network File System (NFS)
Server Message Block (SMB)

Answer

A

Network File System (NFS)
Server Message Block (SMB)

Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.

Question 48

Q

What is the purpose of defense in depth?

to enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners
to evaluate resources and make recommendations to help improve reliability and performance
to manage policies that control or audit resources so that the configurations stay compliant with corporate standards
to use several layers of protection to prevent information from being accessed by unauthorized users

Answer

A

to use several layers of protection to prevent information from being accessed by unauthorized users

The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

Question 49

Q

What can you use to allow a user to manage all the resources in a resource group?

Azure Key Vault
Azure role-based access control (RBAC)
resource locks
resource tags

Answer

A

Azure role-based access control (RBAC)

Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location.

Question 50

Q

What Azure AD feature can you use to configure security authentication that requires users to use their mobile phone to sign in?

Azure Information Protection (AIP)
Microsoft Defender for Cloud
Microsoft Entra Verified ID
multi-factor authentication (MFA)

Answer

A

multi-factor authentication (MFA)

MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

Question 51

Q

What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location?

administrative units
Azure role-based access control (RBAC)
Conditional Access
single sign-on (SSO)

Answer

A

Conditional Access

Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.

Question 52

Q

Select the answer that correctly completes the sentence.

[Answer choice] is the logical container used to combine and organize Azure resources.

a management group
a resource group
Azure Resource Manager (ARM)
an Azure region

Answer

A

a resource group

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed.

Question 53

Q

Select the answer that correctly completes the sentence.

In a region pair, a region is paired with another region in the same [answer choice].

availability zone
datacenter
geography
resource group

Answer

A

geography

Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.

Question 54

Q

Which two Azure resources can make use of availability zones? Each correct answer presents a complete solution.

Azure SQL databases
Azure subscriptions
resource groups
virtual machines

Answer

A

Azure SQL databases
virtual machines

Availability zones are primarily for virtual machines, managed disks, load balancers, and SQL databases.

Question 55

Q

You need to allow resources on two different Azure virtual networks to communicate with each other.

What should you configure?

a network security group (NSG)
a point-to-site VPN
peering
service endpoints

Answer

A

peering

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.

Question 56

Q

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

ExpressRoute
network security groups (NSGs)
peering
service endpoints

Answer

A

service endpoints

Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together.

Question 57

Q

What are two services that allow you to run applications in containers? Each correct answer presents a complete solution.

Azure Container Instances
Azure Functions
Azure Logic Apps
Azure Kubernetes Service (AKS)

Answer

A

Azure Container Instances
Azure Kubernetes Service (AKS)

Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.

Question 58

Q

What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers?

Conditional Access
device management
multi-factor authentication (MFA)
single sign-on (SSO)

Answer

A

single sign-on (SSO)

SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals. Azure AD supports the registration of devices.

Question 59

Q

What can you use to ensure that a user can only access applications from compliant devices?

Conditional Access
hybrid identity
multi-factor authentication (MFA)
single sign-on (SSO)

Answer

A

Conditional Access

Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.

Question 60

Q

To which object or level is an Azure role-based access control (RBAC) role applied?

policy
resource lock
resource tag
scope

Answer

A

scope

An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.

Question 61

Q

Which two services are provided by Azure AD? Each correct answer presents a complete solution.

authentication
data encryption
name resolution
single sign-on (SSO)

Answer

A

authentication
single sign-on (SSO)

Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

Question 62

Q

What Azure AD feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications?

Azure role-based access control (RBAC)
Conditional Access
multi-factor authentication (MFA)
single sign-on (SSO)

Answer

A

Conditional Access

Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

Question 63

Q

What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Azure AD?

Azure AD Connect
Azure Key Vault
Azure Resource Manager (ARM)
Conditional Access

Answer

A

Azure AD Connect

Azure AD Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Azure AD. Azure AD Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.

Question 64

Q

What are two basic services provided by all cloud providers? Each correct answer presents a complete solution.

application development
colocation
compute
storage

Answer

A

compute
storage

All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

Answer 65

A

Servers and storage are owned and operated by a third-party cloud service provider.
Services are offered over the internet and are available to anyone who wants to purchase them.

In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.

Answer 66

A

Capital expenditures

Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

Answer 67

A

a disaster recovery plan

Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.

Answer 68

A

horizontal scaling

Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Agility refers to the ability to deploy new applications and services quickly. High availability minimizes downtime when things go wrong.

Answer 69

A

associating costs with different environments
categorizing costs by department

You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production. Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.

Answer 70

A

Azure Pricing calculator

The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Answer 71

A

Azure Arc

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Answer 72

A

Azure CLI

Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.

Answer 73

A

Azure Service Health

Service Health notifies you of Azure-related service issues, such as region-wide downtime.

Answer 74

A

Azure Monitor

Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.

Answer 75

A

Azure Service Health

You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime

Answer 76

A

Data Policy

Incorrect: Data Catalog –– This enables data discovery.

Incorrect: Data Sharing –– This shares data within and between organizations.

Incorrect: Data Estate Insights –– This accesses data estate health.

Correct: Data Policy –– This governs access to data.

Answer 77

A

Deallocate the virtual machine.

If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

Answer 78

A

Azure Policy

Azure Policy enables you to define both individual policies and groups of related policies called initiatives. Azure Policy evaluates your resources and highlights resources that are not compliant with the policies you created. Azure Policy can also prevent noncompliant resources from being created.

Answer 79

A

Azure CLI
Azure PowerShell

Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

Answer 80

A

a web browser

Cloud Shell is an interactive, browser-accessible shell for managing Azure resources.

Answer 81

A

defense in depth

A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application’s resources. The perimeter layer is about protecting an organization’s resources from network-based attacks.

Answer 82

A

horizontal scaling

Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically by adding RAM or CPUs to a virtual machine. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Answer 83

A

elasticity

Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.

Answer 84

A

Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours.

Answer 85

A

Agility refers to the ability to deploy new applications and services quickly.

Answer 86

A

igh availability refers to the ability to ensure that a service or application remains available in the event of a failure.

Answer 87

A

Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration.

The major types are Horizontal scaling (adding/subtracting systems such as VMs) and Vertical scaling (adding/subtracting capabilities such as RAM and CPU on existing resources)

Answer 88

A

infrastructure as a service (IaaS)
on-premises

Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.

Answer 89

A

Infrastructure as a service (IaaS)

IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.

Answer 90

A

infrastructure as a service (IaaS)

IaaS helps you reduce the cost and complexity of maintaining a physical server and its datacenter infrastructure. Virtual networks are part of the IaaS cloud service.

Answer 91

A

Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.

Answer 92

A

connecting an on-premises datacenter to an Azure virtual network

A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.

Answer 93

A

serving images or documents directly to a browser
storing data for backup and restore

Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.

Answer 94

A

Azure Disk Storage provides disks for Azure virtual machines.

Answer 95

A

Azure Files supports mounting file storage shares.

Answer 96

A

Total Cost of Ownership (TCO) Calculator

The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

Answer 97

A

The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Answer 98

A

The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

Answer 99

A

Azure Reservations

Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance.Spending limits can suspend a subscription when the spend limit is reached.

Answer 100

A

Azure Policy

Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.

Answer 101

A

Create new resources.
Review a graphical view of all the services you are using.

The Azure portal provides a GUI to view all the services you are using, create new services, configure your services, and view reports.

Answer 102

A

Azure Advisor

Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Answer 103

A

You can scale more quickly.

Cloud computing allows you to scale more quickly. Owning your own CPUs and having full access in the event of an internet outage are not features of cloud computing. Working from multiple workstations is not specific to cloud computing compared to an on-premises deployment.

Answer 104

A

infrastructure as a service (IaaS)

IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs applications. Users do not control the operating system and do not configure the underlying servers in PaaS. With SaaS, you are using as-is software hosted in the cloud, instead of creating a platform to host a software yourself.

Answer 105

A

software as a service (SaaS)

SaaS allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendaring, and Office tools, such as Office 365.

Answer 106

A

resource location
resource usage

Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.

Answer 107

A

data and access

SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.

Answer 108

A

region pairs

Region pairs allow the replication of Azure resources across geographies to help ensure that a secondary region is available in case of any disaster at the primary region.

Answer 109

A

Azure Virtual Machine Scale Sets

Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.

Answer 110

A

Azure Arc is a set of technologies that helps manage your cloud environment. Azure Arc can help manage your cloud environment, whether it’s a public cloud solely on Azure, a private cloud in your datacenter, a hybrid configuration, or even a multi-cloud environment running on multiple cloud providers at once.

Answer 111

A

Reliability is the ability of a system to recover from failures and disasters and continue to function. It’s also one of the pillars of the Microsoft Azure Well-Architected Framework.

Answer 112

A

Platform as a service (PaaS) is a middle ground between renting space in a datacenter (infrastructure as a service) and paying for a complete and deployed solution (software as a service).

In a PaaS environment, the cloud provider maintains the physical infrastructure, physical security, and connection to the internet. They also maintain the operating systems, middleware, development tools, and business intelligence services that make up a cloud solution.

In a PaaS scenario, you don’t have to worry about the licensing or patching for operating systems and databases.

PaaS is well suited to provide a complete development environment without the headache of maintaining all the development infrastructure.

Answer 113

A

Software as a service (SaaS) is the most complete cloud service model from a product perspective.

With SaaS, you’re essentially renting or using a fully developed application. Email, financial software, messaging applications, and connectivity software are all common examples of a SaaS implementation.

While the SaaS model may be the least flexible, it’s also the easiest to get up and running. It requires the least amount of technical knowledge or expertise to fully employ.

Answer 114

A

Infrastructure as a service (IaaS) is the most flexible category of cloud services, as it provides you the maximum amount of control for your cloud resources.

In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security. You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on.

With IaaS, you’re essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you.

Answer 115

A

Facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure.

Individual datacenters aren’t directly accessible. Datacenters are grouped into Azure Regions or Azure Availability Zones that are designed to help you achieve resiliency and reliability for your business-critical workloads.

Answer 116

A

A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network.

Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

When you deploy a resource in Azure, you’ll often need to choose the region where you want your resource deployed.

Answer 117

A

Availability zones are physically separate datacenters within an Azure region.

Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working.

Availability zones are connected through high-speed, private fiber-optic networks.

Answer 118

A

VMs, managed disks, load balancers, and SQL databases

Answer 119

A

Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses).

Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database).

Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Answer 120

A

Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away.

This approach allows for the replication of resources across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect an entire region.

Answer 121

A

Sovereign regions are instances of Azure that are isolated from the main instance of Azure. You may need to use a sovereign region for compliance or legal purposes.

Azure sovereign regions include:
US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications.
China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn’t directly maintain the datacenters.

Answer 122

A

A resource is the basic building block of Azure. Anything you create, provision, deploy, etc. is a resource.

Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.

Answer 123

A

Resource groups are simply groupings of resources. When you create a resource, you’re required to place it into a resource group.

While a resource group can contain many resources, a single resource can only be in one resource group at a time.

Some resources may be moved between resource groups, but when you move a resource to a new group, it will no longer be associated with the former group.

Additionally, resource groups can’t be nested, meaning you can’t put resource group B inside of resource group A.

Answer 124

A

In Azure, subscriptions are a unit of management, billing, and scale.

Similar to how resource groups are a way to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing.

An Azure subscription links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts.

An account can have multiple subscriptions, but it’s only required to have one.

Answer 125

A

Azure management groups provide a level of scope above subscriptions.

You organize subscriptions into containers called management groups and apply governance conditions to the management groups.

All subscriptions within a management group automatically inherit the conditions applied to the management group, the same way that resource groups inherit settings from subscriptions and resources inherit from resource groups.

Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you might have.

Management groups can be nested.

Answer 126

A

Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs.

Instead, with virtual machine scale sets, Azure automates most of that work.

Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes.

The number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule.

Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently.

With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.

Answer 127

A

Availability sets are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.

Best of all, there’s no additional cost for configuring an availability set. You only pay for the VM instances you create.

Answer 128

A

Update domain: The update domain groups VMs that can be rebooted at the same time. This allows you to apply updates while knowing that only one update domain grouping will be offline at a time. All of the machines in one update domain will be updated. An update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts.

Fault domain: The fault domain groups your VMs by common power source and network switch. By default, an availability set will split your VMs across up to three fault domains. This helps protect against a physical power or networking failure by having VMs in different fault domains (thus being connected to different power and networking resources).

Answer 129

A

During testing and development. VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them.

When running applications in the cloud. The ability to run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. For example, an application might need to handle fluctuations in demand. Shutting down VMs when you don’t need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use.

When extending your datacenter to the cloud: An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally. This arrangement makes it easier or less expensive to deploy than in an on-premises environment.

During disaster recovery: As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant cost savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.

Answer 130

A

Azure Virtual Desktop is a desktop and application virtualization service that runs on the cloud.

It enables you to use a cloud-hosted version of Windows from any location.

Azure Virtual Desktop works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.

Answer 131

A

Containers are a virtualization environment.

Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host.

Unlike virtual machines, you don’t manage the operating system for a container.

Virtual machines appear to be an instance of an operating system that you can connect to and manage.

Containers are lightweight and designed to be created, scaled out, and stopped dynamically.

It’s possible to create and deploy virtual machines as application demand increases, but containers are a lighter weight, more agile method.

Containers are designed to allow you to respond to changes on demand.

With containers, you can quickly restart if there’s a crash or hardware interruption.

One of the most popular container engines is Docker, and Azure supports Docker.

Answer 132

A

Azure Container Instances offer the fastest and simplest way to run a container in Azure; without having to manage any virtual machines or adopt any additional services.

Azure Container Instances are a platform as a service (PaaS) offering.

Azure Container Instances allow you to upload your containers and then the service will run the containers for you.

Answer 133

A

Azure Container Apps are similar in many ways to a container instance.

They allow you to get up and running right away, they remove the container management piece, and they’re a PaaS offering.

Container Apps have extra benefits such as the ability to incorporate load balancing and scaling.

These other functions allow you to be more elastic in your design.

Answer 134

A

Azure Kubernetes Service (AKS) is a container orchestration service.

An orchestration service manages the lifecycle of containers.

When you’re deploying a fleet of containers, AKS can make fleet management simpler and more efficient.

Answer 135

A

Azure Functions is an event-driven, serverless compute option that doesn’t require maintaining virtual machines or containers.

If you build an app using VMs or containers, those resources have to be “running” in order for your app to function.

With Azure Functions, an event wakes the function, alleviating the need to keep resources provisioned when there are no events.

Answer 136

A

App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.

It offers automatic scaling and high availability.

App Service supports Windows and Linux.

It enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model.

Answer 137

A

Azure virtual networks and virtual subnets enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.

You can think of an Azure network as an extension of your on-premises network with resources that link other Azure resources.

Azure virtual networks provide the following key networking capabilities:

Isolation and segmentation
Internet communications
Communicate between Azure resources
Communicate with on-premises resources
Route network traffic
Filter network traffic
Connect virtual networks

Answer 138

A

A virtual private network (VPN) uses an encrypted tunnel within another network.

VPNs are typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet).

Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks.

VPNs can enable networks to safely and securely share sensitive information.

Answer 139

A

A VPN gateway is a type of virtual network gateway.

Azure VPN Gateway instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity:

Connect on-premises datacenters to virtual networks through a site-to-site connection.
Connect individual devices to virtual networks through a point-to-site connection.
Connect virtual networks to other virtual networks through a network-to-network connection.

All data transfer is encrypted inside a private tunnel as it crosses the internet.

You can deploy only one VPN gateway in each virtual network. However, you can use one gateway to connect to multiple locations, which includes other virtual networks or on-premises datacenters.

Answer 140

A

Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection, with the help of a connectivity provider.

Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility.

ExpressRoute connections don’t go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.

Answer 141

A

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.

Answer 142

A

Locally redundant storage (LRS) replicates your data three times within a single data center in the primary region.

LRS provides at least 11 nines of durability (99.999999999%) of objects over a given year.

Answer 143

A

For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region.

ZRS offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year.

Answer 144

A

GRS copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region (the region pair) using LRS.

GRS offers durability for Azure Storage data objects of at least 16 nines (99.99999999999999%) over a given year.

Answer 145

A

GZRS combines the high availability provided by redundancy across availability zones with protection from regional outages provided by geo-replication.

Data in a GZRS storage account is copied across three Azure availability zones in the primary region (similar to ZRS) and is also replicated to a secondary geographic region, using LRS, for protection from regional disasters.

Answer 146

A

A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.

Azure Blob storage is an object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. Azure Blob storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blob storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection.

Blobs aren’t limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you’re developing. One advantage of blob storage over disk storage is that it doesn’t require developers to think about or manage disks. Data is uploaded as blobs, and Azure takes care of the physical storage needs.

Blob storage is ideal for:

Serving images or documents directly to a browser.
Storing files for distributed access.
Streaming video and audio.
Storing data for backup and restore, disaster recovery, and archiving.
Storing data for analysis by an on-premises or Azure-hosted service.

Answer 147

A

Azure File storage offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) or Network File System (NFS) protocols.

Azure Files file shares can be mounted concurrently by cloud or on-premises deployments.

SMB Azure file shares are accessible from Windows, Linux, and macOS clients. Additionally, SMB Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used.

NFS Azure Files shares are accessible from Linux or macOS clients.

Answer 148

A

Azure Queue storage is a service for storing large numbers of messages. Once stored, you can access the messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue can contain as many messages as your storage account has room for (potentially millions). Each individual message can be up to 64 KB in size. Queues are commonly used to create a backlog of work to process asynchronously.

Queue storage can be combined with compute functions like Azure Functions to take an action when a message is received. For example, you want to perform an action after a customer uploads a form to your website. You could have the submit button on the website trigger a message to the Queue storage. Then, you could use Azure Functions to trigger an action once the message was received.

Answer 149

A

Azure Disk storage, or Azure managed disks, are block-level storage volumes managed by Azure for use with Azure VMs. Conceptually, they’re the same as a physical disk, but they’re virtualized – offering greater resiliency and availability than a physical disk. With managed disks, all you have to do is provision the disk, and Azure will take care of the rest.

Answer 150

A

Azure Table storage stores large amounts of structured data. Azure tables are a NoSQL datastore that accepts authenticated calls from inside and outside the Azure cloud. This enables you to use Azure tables to build your hybrid or multi-cloud solution and have your data always available. Azure tables are ideal for storing structured, non-relational data.

Answer 151

A

Optimized for storing data that is accessed frequently (for example, images for your website).

Answer 152

A

Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).

Answer 153

A

Optimized for storing data that is infrequently accessed and stored for at least 90 days.

Answer 154

A

Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

Answer 155

A

Azure Migrate is a service that helps you migrate from an on-premises environment to the cloud. Azure Migrate functions as a hub to help you manage the assessment and migration of your on-premises datacenter to Azure. It provides the following:

Answer 156

A

Azure Data Box is a physical migration service that helps transfer large amounts of data in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device that has a maximum usable storage capacity of 80 terabytes. The Data Box is transported to and from your datacenter via a regional carrier. A rugged case protects and secures the Data Box from damage during transit.

Answer 157

A

AzCopy is a command-line utility that you can use to copy blobs or files to or from your storage account. With AzCopy, you can upload files, download files, copy files between storage accounts, and even synchronize files. AzCopy can even be configured to work with other cloud providers to help move files back and forth between clouds.

Synchronizing blobs or files with AzCopy is one-direction synchronization. When you synchronize, you designated the source and destination, and AzCopy will copy files or blobs in that direction. It doesn’t synchronize bi-directionally based on timestamps or other metadata.

Answer 158

A

Azure Storage Explorer is a standalone app that provides a graphical interface to manage files and blobs in your Azure Storage Account. It works on Windows, macOS, and Linux operating systems and uses AzCopy on the backend to perform all of the file and blob management tasks. With Storage Explorer, you can upload to Azure, download from Azure, or move between storage accounts.

Answer 159

A

Azure File Sync is a tool that lets you centralize your file shares in Azure Files and keep the flexibility, performance, and compatibility of a Windows file server. It’s almost like turning your Windows file server into a miniature content delivery network. Once you install Azure File Sync on your local Windows server, it will automatically stay bi-directionally synced with your files in Azure.

Answer 160

A

Azure Active Directory (Azure AD) is a directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop. Azure AD can also help you maintain your on-premises Active Directory deployment.

Answer 161

A

One method of connecting Azure AD with your on-premises AD is using Azure AD Connect. Azure AD Connect synchronizes user identities between on-premises Active Directory and Azure AD. Azure AD Connect synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.

Answer 162

A

Azure Active Directory Domain Services (Azure AD DS) is a service that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. Just like Azure AD lets you use directory services without having to maintain the infrastructure supporting it, with Azure AD DS, you get the benefit of domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

An Azure AD DS managed domain lets you run legacy applications in the cloud that can’t use modern authentication methods, or where you don’t want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

Answer 163

A

Authentication is the process of establishing the identity of a person, service, or device. It requires the person, service, or device to provide some type of credential to prove who they are. Authentication is like presenting ID when you’re traveling. It doesn’t confirm that you’re ticketed, it just proves that you’re who you say you are. Azure supports multiple authentication methods, including standard passwords, single sign-on (SSO), multifactor authentication (MFA), and passwordless.

Answer 164

A

An external identity is a person, device, service, etc. that is outside your organization. Azure AD External Identities refers to all the ways you can securely interact with users outside of your organization. If you want to collaborate with partners, distributors, suppliers, or vendors, you can share your resources and define how your internal users can access external organizations. If you’re a developer creating consumer-facing apps, you can manage your customers’ identity experiences.

Answer 165

A

Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from.

Conditional Access helps IT administrators:

Empower users to be productive wherever and whenever.
Protect the organization's assets.

Conditional Access also provides a more granular multifactor authentication experience for users. For example, a user might not be challenged for second authentication factor if they’re at a known location. However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they’re at an unexpected location.

Answer 166

A

Defender for Cloud is a monitoring tool for security posture management and threat protection. It monitors your cloud, on-premises, hybrid, and multi-cloud environments to provide guidance and notifications aimed at strengthening your security posture.

Answer 167

A

The pricing calculator is designed to give you an estimated cost for provisioning resources in Azure. You can get an estimate for individual resources, build out a solution, or use an example scenario to see an estimate of the Azure spend. The pricing calculator’s focus is on the cost of provisioned resources in Azure.

With the pricing calculator, you can estimate the cost of any provisioned resources, including compute, storage, and associated network costs. You can even account for different storage options like storage type, access tier, and redundancy.

Answer 168

A

The TCO calculator is designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. With the TCO calculator, you enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic. The TCO calculator then compares the anticipated costs for your current environment with an Azure environment supporting the same infrastructure requirements.

With the TCO calculator, you enter your configuration, add in assumptions like power and IT labor costs, and are presented with an estimation of the cost difference to run the same environment in your current datacenter or in Azure.

Answer 169

A

Cost Management provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources.

Answer 170

A

Microsoft Purview is a family of data governance, risk, and compliance solutions that helps you get a single, unified view into your data. Microsoft Purview brings insights about your on-premises, multicloud, and software-as-a-service data together.

Two main solution areas comprise Microsoft Purview: risk and compliance and unified data governance.

Answer 171

A

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards.

Azure Policy enables you to define both individual policies and groups of related policies, known as initiatives. Azure Policy evaluates your resources and highlights resources that aren’t compliant with the policies you’ve created. Azure Policy can also prevent noncompliant resources from being created.

Azure Policies can be set at each level, enabling you to set policies on a specific resource, resource group, subscription, and so on. Additionally, Azure Policies are inherited, so if you set a policy at a high level, it will automatically be applied to all of the groupings that fall within the parent. For example, if you set an Azure Policy on a resource group, all resources created within that resource group will automatically receive the same policy.

Azure Policy comes with built-in policy and initiative definitions for Storage, Networking, Compute, Security Center, and Monitoring. For example, if you define a policy that allows only a certain size for the virtual machines (VMs) to be used in your environment, that policy is invoked when you create a new VM and whenever you resize existing VMs. Azure Policy also evaluates and monitors all current VMs in your environment, including VMs that were created before the policy was created.

Answer 172

A

An Azure Policy initiative is a way of grouping related policies together. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.

Answer 173

A

A resource lock prevents resources from being accidentally deleted or changed.

Even with Azure role-based access control (Azure RBAC) policies in place, there’s still a risk that people with the right level of access could delete critical cloud resources. Resource locks prevent resources from being deleted or updated, depending on the type of lock. Resource locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.

Answer 174

A

The Microsoft Service Trust Portal is a portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices.

The Service Trust Portal contains details about Microsoft’s implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must sign in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account). You’ll need to review and accept the Microsoft non-disclosure agreement for compliance materials.

Answer 175

A

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface. You can:

Build, manage, and monitor everything from simple web apps to complex cloud deployments
Create custom dashboards for an organized view of resources
Configure accessibility options for an optimal experience

Answer 176

A

Azure Cloud Shell is a browser-based shell tool that allows you to create, configure, and manage Azure resources using a shell. Azure Cloud Shell support both Azure PowerShell and the Azure Command Line Interface (CLI), which is a Bash shell.

Answer 177

A

Azure PowerShell is a shell with which developers, DevOps, and IT professionals can run commands called command-lets (cmdlets). These commands call the Azure REST API to perform management tasks in Azure. Cmdlets can be run independently to handle one-off changes, or they may be combined to help orchestrate complex actions such as:

The routine setup, teardown, and maintenance of a single resource or multiple connected resources.
The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.

Answer 178

A

The Azure CLI is functionally equivalent to Azure PowerShell, with the primary difference being the syntax of commands. While Azure PowerShell uses PowerShell commands, the Azure CLI uses Bash commands.

The Azure CLI provides the same benefits of handling discrete tasks or orchestrating complex operations through code. It’s also installable on Windows, Linux, and Mac platforms, as well as through Azure Cloud Shell.

Due to the similarities in capabilities and access between Azure PowerShell and the Bash based Azure CLI, it mainly comes down to which language you’re most familiar with.

Answer 179

A

In utilizing Azure Resource Manager (ARM), Arc lets you extend your Azure compliance and monitoring to your hybrid and multi-cloud configurations. Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Azure Arc provides a centralized, unified way to:

Manage your entire environment together by projecting your existing non-Azure resources into ARM.
Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are running in Azure.
Continue using traditional ITOps while introducing DevOps practices to support new cloud and native patterns in your environment.
Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Answer 180

A

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. Anytime you do anything with your Azure resources, ARM is involved.

When a user sends a request from any of the Azure tools, APIs, or SDKs, ARM receives the request. ARM authenticates and authorizes the request. Then, ARM sends the request to the Azure service, which takes the requested action. You see consistent results and capabilities in all the different tools because all requests are handled through the same API.

Answer 181

A

By using ARM templates, you can describe the resources you want to use in a declarative JSON format. With an ARM template, the deployment code is verified before any code is run. This ensures that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time.

Answer 182

A

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Azure Advisor is designed to help you save time on cloud optimization. The recommendation service includes suggested actions you can take right away, postpone, or dismiss.

The recommendations are available via the Azure portal and the API, and you can set up notifications to alert you to new recommendations.

Answer 183

A

By using Azure status, Service health, and Resource health, Azure Service Health gives you a complete view of your Azure environment-all the way from the global status of Azure services and regions down to specific resources. Additionally, historical alerts are stored and accessible for later review. Something you initially thought was a simple anomaly that turned into a trend, can readily be reviewed and investigated thanks to the historical alerts.

Finally, in the event that a workload you’re running is impacted by an event, Azure Service Health provides links to support.

Answer 184

A

Azure Status is a broad picture of the status of Azure globally. Azure status informs you of service outages in Azure on the Azure Status page. The page is a global view of the health of all Azure services across all Azure regions. It’s a good reference for incidents with widespread impact.

Answer 185

A

Service Health provides a narrower view of Azure services and regions. It focuses on the Azure services and regions you’re using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use. You can even set up Service Health alerts to notify you when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.

Answer 186

A

Resource Health is a tailored view of your actual Azure resources. It provides information about the health of your individual cloud resources, such as a specific virtual machine instance. Using Azure Monitor, you can also configure alerts to notify you of availability changes to your cloud resources.

Answer 187

A

Azure Monitor is a platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results. Azure Monitor can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.

Answer 188

A

Azure Log Analytics is the tool in the Azure portal where you’ll write and run log queries on the data gathered by Azure Monitor. Log Analytics is a robust tool that supports both simple, complex queries, and data analysis.

You can write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze the records.

You can write an advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend.

Whether you work with the results of your queries interactively or use them with other Azure Monitor features such as log query alerts or workbooks, Log Analytics is the tool that you’re going to use to write and test those queries.

Answer 189

A

Application Insights, an Azure Monitor feature, monitors your web applications. Application Insights is capable of monitoring applications that are running in Azure, on-premises, or in a different cloud environment.

There are two ways to configure Application Insights to help monitor your application. You can either install an SDK in your application, or you can use the Application Insights agent. The Application Insights agent is supported in C#.NET, VB.NET, Java, JavaScript, Node.js, and Python.

Not only does Application Insights help you monitor the performance of your application, but you can also configure it to periodically send synthetic requests to your application, allowing you to check the status and monitor your application even during periods of low activity.

Answer 190

A

Predictability

Predictability is knowing that your application will perform at a consistent level. This is achieved through a combination of autoscaling, high availability, and load balancing. Though not noted in the question, it also describes transparency in costs.

Answer 191

A

Predictability

Predictability is knowing that your application will always perform as expected regardless of load. While there is some overlap with the concepts of scalability and high availability to achieve this outcome, the concept of being confident of consistent performance is Predictability.

Answer 192

A

Azure Logic Apps

Azure Logic Apps provides no-code solutions for connecting and automating workflows between different services and applications.

Answer 193

A

Create a virtual network in each region, and connect both networks with network peering.

Network peering allows you to connect multiple virtual networks over the private Azure network for a private network connection.

Answer 194

A

Security

Like its name implies, the security cloud attribute describes having full control, or even choosing how much control you want, over your cloud resources’ security configuration.

Answer 195

A

Private Endpoints allow you to completely disable public access to a managed PaaS service.

Private Endpoints allow private access from connected non-Azure locations, therefore allowing full removal of public PaaS access and still allowing on-premises connectivity.

Service Endpoints only provide private PaaS connectivity to a subnet in a virtual network. Private Endpoints extend private PaaS connectivity to connected networks, including on-premises.

Service Endpoints only work with Azure Virtual Networks at a subnet-level scope. It does not extend to non-Azure networks.

Answer 196

A

Deploy additional virtual machines to host the application in another zone.

Zones within a region are separate locations or datacenters in the same geographical area. Deploying additional machines to another zone will increase the reliability of the solution in case one of the datacenters is unavailable.

Answer 197

A

Configure an Azure VM with Windows Server and operate as an Active Directory domain controller. Configure the application to authenticate with your VM-hosted AD server.

This is referred to as self-managed AD, where you are in charge of configuring and maintaining a Windows Server acting as a domain controller. Self-managed AD on an Azure VM can use an existing domain namespace.

Answer 198

A

Within a single region, replicate your infrastructure across multiple availability zones in that region.

Availability zones provide a level of fault tolerance within a single region (or general location). Each availability zone is a self-contained datacenter. By replicating resources across multiple availability zones, if 1 zone (or datacenter) goes offline, the other availability zones in the same region can continue to host your application.

Answer 199

A

Gateway subnet

This scenario calls for a VPN connection over a virtual network gateway. A gateway requires its own gateway subnet on an Azure virtual network.

VPN device

This scenario calls for a VPN connection over a virtual network gateway. Site-to-Site connections to an on-premises network require a VPN device.

Virtual network gateway

This scenario calls for a VPN connection over a virtual network gateway. A gateway component is one of the components needed to create this connection.

Answer 200

A

Premium Page Blobs

Premium page blobs support the fastest possible performance for page blob storage types (e.g., IaaS disks).

Answer 201

A

General-Purpose v2

General-purpose v2 is the standard performance option which supports all storage types. It provides an acceptable level of performance for most workloads; however, does not include high performance low-latency operations. It also costs less than the premium performance options.

Answer 202

A

How you interact with and implement different cloud-based resources

Manageability has two aspects: 1. How you create and manage resources, which includes autoscaling, template-based deployments, and monitoring/alerts. 2. How you interact with your cloud environments, including via the web portal, command line, and programmatic APIs.

Answer 203

A

Availability set

An availability set consists of 2 or more virtual machines in the same physical location within an Azure datacenter. This configuration ensures that only a subset of the virtual machines in an availability set will be affected in the event of hardware failure, OS update, or a fault domain issue, since the VMs would reside on different racks. Availability zones protect applications from complete Azure datacenter failures, which affect all VMs within the Availability set, however datacenter failures were not a requirement in this scenario.

Answer 204

A

The client is responsible for all guest VM application updates and guest VM OS updates.

In IaaS, clients manage their virtual machines’ applications and operating systems (“guest VM OS”). While the cloud provider oversees physical hardware, clients must keep their VM software, including the guest OS, updated.

Services can be scaled automatically to support system load.

IaaS host services often feature the ability to scale automatically to combat increased system load and scaled back during periods of inactivity.

Answer 205

A

Ultra

Ultra disks are the most expensive, yet highest-performing disk types available for Azure virtual machines. They support up to 64TB on a single disk.

Answer 206

A

Azure has many redundancy options to choose from when identifying which storage option to select. The following are all valid Azure Storage redundancy options
- Locally redundant storage
- Zone-redundant storage
- Geo-redundant storage
- Read-access geo-redundant storage
- Geo-zone-redundant storage
- Read-access geo-zone-redundant storage.

Answer 207

A

Azure’s native Infrastructure-as-Code (IaC) solution

ARM templates are Azure’s native Infrastructure-as-Code (IaC) solution that can consistently and automatically deploy the same environments that are defined in code format.

Answer 208

A

Monitors and analyzes the cost of your current Azure resources

Cost Management is part of subscription billing tools, which breaks down current cost via a variety of filters and can also set budgets and alerts.

Answer 209

A

Metrics and logs

All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs. Metrics are numerical values that describe some aspect of a system at a particular point in time. They are lightweight and capable of supporting near real-time scenarios. Logs contain different kinds of data organized into records with different sets of properties for each type. Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis.

Subscription monitoring data

Azure Monitor collects two broad types of data: metrics and logs. Within these data types sits subscription monitoring data.

Answer 210

A

Automated and repeatable environment setup in Azure.

Azure Blueprints provides automated and repeatable environment setup in Azure. It is able to implement: - Role assignments - Policy assignments - Azure Resource Manager templates (ARM templates) - Resource groups

Answer 211

A

Azure Policy

Azure Policy is used to enforce different rules and effects over your resources, such as limiting what actions different administrators can perform within your RG-RG resource group. The other answers are incorrect: Access Control can be used to prevent the creation of Azure resources, but improper use could prevent required system access from other administrators, so this is not the best selection. Locks can be used on a resource to prevent accidental deletion or modification of a resource group, for example. Properties are typically read-only values for an Azure resource, such as its resource ID, subscription, resource group, and other information.

Answer 212

A

Azure Information Protection (sometimes referred to as AIP) helps protect: Email messages, Office documents and PDF documents. AIP is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Azure Information Protection is not used to protect data in Azure Blob Storage nor can it help protect virtual hard disks.

Answer 213

A

Azure App Service

Azure App Service is a platform-as-a-service (PaaS) offering for web services and is a common solution for the migration of IIS.

Azure SQL Database

Azure SQL Database is a platform-as-a-service (PaaS) offering for relational database management and is a common solution for the migration of SQL.

Answer 214

A

Azure Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization.

Answer 215

A

Devices and accounts

All cloud models, including SaaS, require you to manage the devices and accounts that access your application.

Information and data

All cloud models, including SaaS, require you to be responsible for the data that is migrated or created by your PaaS service.

Answer 216

A

You can secure a subnet individually from the entire virtual network.

You can logically group services on the same Virtual Network.

IP address allocation on the subnet is more efficient.

Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet. This makes address allocation more efficient, you can have a separate network security group for the subnet, and you can logically group services as well.

Answer 217

A

Use an Application Gateway to route URLs containing the “/image/” path.

An Application Gateway is used specifically for routing traffic based on parameters in the traffic itself. This could be all requests to the “/images/” path of the URL being sent to a specific VM. A VPN Gateway is used to securely connect an Azure Virtual Network with an on-premises network. A CDN does not route traffic. A Load Balancer routes all traffic without looking at it.

Answer 218

A

Azure Storage Explorer

Azure Storage Explorer is a drag-and-drop GUI interface for all storage types.

Answer 219

A

All Azure subscriptions have access to the Cost Management tool.

The Cost Management tool in Azure is supported by all subscriptions on Azure.

Answer 220

A

Microsoft Office 365

Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet such as email or Microsoft Office 365. SaaS provides a complete software solution that you rent on a pay-as-you-go basis.

Answer 221

A

Select the icon (>_) in the top menu of the Azure Portal.

CORRECT (‘Select the icon (>) in the top menu of the Azure Portal’) - The Azure Cloud Shell is accessible by selecting the (>) button in the top menu of the Azure Portal.

Answer 222

A

Platform as a Service (PaaS)

PaaS solutions provide managed services to develop your own applications without the need to manage the underlying operating system.

Answer 223

A

Availability Zones exist within regions.

Availability Zones protect your instances from the failure of a single datacenter.

Each zone has its own isolated power, cooling, and networking.

An Azure Availability Zones are groups of datacenters within a region which have their own isolated power, cooling, and networking. This is to ensure if one part of a local power grid fails, or a major internet outage occurs in a city that it should not impact multiple datacenters. This exists to protect your instances from the failure of entire datacenters. Each availability zone will share part of the load for running every Azure service in a region. Many resource types can benefit from Availability Zones, such as Storage Accounts, Virtual Machines, and Databases Azure Availability Zones

Answer 224

A

Availability Zones

Using Azure Site Recovery, you can migrate Azure VMs to other Availability Zones. Move Azure VMs into Availability Zones | Microsoft Docs Enable Azure VM disaster recovery between availability zones

Resource Groups

Azure virtual machines can be moved between resource groups with either Azure PowerShell or the Azure portal. Move virtual machines to resource group or subscription

Regions

Using Azure Site Recovery, you can migrate Azure VMs to other regions.

Subscriptions

Azure virtual machines can be moved between subscriptions with either Azure PowerShell or the Azure portal.

Answer 225

A

Each availability zone has its own power, cooling, and networking capabilities.

Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Azure regions that support Availability Zones have a minimum of three.

To ensure resiliency, there’s a minimum of three separate zones in supported regions.

Answer 226

A

High availability

While there is some overlap between many of the core cloud concepts, high availability is specifically defined by making sure IT disruptions are minimized as much as possible, which is carried out by using clusters of identical servers, automatically replacing failed servers, redundant, fault-tolerant, or failover-protected components, etc.

Answer 227

A

Deleted virtual machines will still incur charges for storage.

When a virtual machine is deleted, its managed disk remains in the Azure portal and can be used to create a new virtual machine. Until this disk is manually removed, you will incur charges for the disk whether it is in use or not.

Answer 228

A

Configure the application to authenticate using Azure AD credentials over single sign-on (SSO).

Azure AD supports modern authentication protocols (e.g., OAuth 2.0) and is already present in your Azure environment.

Answer 229

A

Virtual Machines

The simplest migration approach would be to use Azure Migrate and target Virtual Machines - virtual machines have the closest similarity to the on-premises platform where the application resides.

Answer 230

A

Geo-zone-redundant storage (GZRS)

Geo-zone-redundant storage (GZRS) satisfies the requirements of replicating data to a secondary region and replicating data across zones in the primary region.

Answer 231

A

Three

Azure creates three copies of data per region. All single-region options create three copies. All multi-region options create six copies, with three copies in each region.

Answer 232

A

Managed network interface in a virtual network that provides a private connection to Azure-managed (PaaS) services

Private endpoints are managed network interfaces that provide private connectivity to Azure PaaS services that do not use the public internet. A virtual network can share a private endpoint connection with other connected networks, such as VPN networks, to also connect to managed services over a private connection.

Answer 233

A

Single Sign On (SSO)

Single Sign On allows you to use your Azure AD credentials as the authentication source for other applications.

Answer 234

A

Zone-redundant storage (ZRS)

Zone-redundant storage (ZRS) copies data across three zones in a single region. Of the redundancy options that meet the requirements, it is the least expensive.

Answer 235

A

Utilize Azure Active Directory Domain Services (Azure AD DS) to create a fully managed Active Directory environment. Assign a unique namespace to the Azure AD DS instance and configure the application to authenticate using Azure AD DS on the instance.

Azure AD DS provides a fully managed instance of classic Active Directory, supporting protocols and features like NTLM, LDAP, Kerberos, and Group Policy which are required by the applications as mentioned in the scenario. By using Azure AD DS, the administrative effort is reduced compared to self-managing a VM acting as a domain controller. The unique namespace ensures a distinct domain environment in Azure while facilitating the transition from on-premises resources to the cloud.

Answer 236

A

High scalability

Private clouds often offer more scalability compared to on-premises infrastructure. Azure Documentation: What is a private cloud?

Improved security

Because resources are not shared with others, private clouds provide higher levels of control, privacy and security.

Answer 237

A

GRS provides protection if an entire region becomes unavailable.

GRS creates six copies of replicated data in Azure Storage.

All of the single region redundancy options create three copies of data in a single region. The multi-region redundancy options create six copies: three in the primary region and three in the secondary region.

Answer 238

A

Provides insights such as customer behavior, performance bottlenecks, and web application errors

Application Insights provides website performance monitoring.

Answer 239

A

Azure Files

Azure Files uses SMB shares within a storage account to act as a cloud-based network file server.

Answer 240

A

Azure Resource Manager (ARM) templates

ARM templates are Azure’s native Infrastructure-as-Code (IaC) solution that can consistently and automatically deploy the same environments that are defined in code format.

Answer 241

A

Scope

Scope determines which set of resources (subscription, resource group, individual VM, etc.) a user or other identity has access to.

Security principal

Security principal is the identity, or the “who,” that needs access.

Role definition

Role definition defines what level of access is granted to an identity (security principal).

Answer 242

A

Alert Rule

The alert rule provides the conditions that must be met before triggering an alert.

Action Group

After an alert is triggered via an alert rule, the action group designates who is informed of the triggered alert.

Answer 243

A

Azure VPN Gateway

Azure VPN Gateway allows you to establish an IPsec tunnel from an on-premises network to an Azure virtual network over the public internet.

Answer 244

A

Send the CPU utilization metrics to a Log Analytics workspace. Within Log Analytics, run a query on the metrics to view trends over time.

Log Analytics acts as both a storage container for logs/metrics as well as a query service to analyze the same logs/metrics data.

Answer 245

A

Check Azure Service Health for any outages.

Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.

Answer 246

A

Azure AD Identity Protection

Azure AD Identity Protection is specifically tailored for Azure. It helps organizations in detecting, investigating, and remediating identity-based risks within Azure. With its capability to provide real-time risk detections during sign-ins and various remediation options, it addresses the requirements of the question.

Answer 247

A

Authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources.

Azure RBAC provides fine-grained control to Azure resources. It is defined by a role definition assigned to a security principal at a specific scope of access.

Answer 248

A

Reliability

There is overlap between high availability and reliability (the correct answer). High availability is more focused on replacing individual failed servers and maintaining clusters (or groups) of identical resources to ensure they are available. Reliability is more focused on plans to recover from more wide-scale disasters.

Answer 249

A

Apply only the necessary RBAC permissions to the external account according to the needed scope of access.

External guest accounts are subject to the same RBAC permissions as any internal account.
Selected

Apply Conditional Access policies to secure the external account’s access to Azure resources.

Though not required, Conditional Access provides an additional layer of protection for any account to prevent unauthorized access.

Answer 250

A

Managed network interface in a virtual network that provides a private connection to Azure-managed (PaaS) services

Private endpoints are managed network interfaces that provide private connectivity to Azure PaaS services that do not use the public internet. A virtual network can share a private endpoint connection with other connected networks, such as VPN networks, to also connect to managed services over a private connection.

Answer 251

A

Use Azure Blueprints.

CORRECT (Use Azure Blueprints) Azure Blueprints are templates for creating compliant Azure infrastructure projects. You can use them to comply with standards and regulations that apply to your company. You can get architecture help using a support plan too, but it is much more laborious.

Answer 252

A

Availability Zones

Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking within an Azure region. Configuring your Virtual Machines in distinct Availability Zones ensures that only a subset of the virtual machines in an availability zone will be affected in the event of hardware failure, OS update, or a complete data center outage. This configuration offers 99.99% SLA.

Answer 253

A

Read the secure score in Microsoft Defender for Cloud.

Microsoft Defender for Cloud constantly reviews your active recommendations and calculates your secure score based on them.

Answer 254

A

Azure Virtual Machines

Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. More broadly, a virtual machine behaves like a server: It’s a computer within a computer that provides the user the same experience that they would have on the host operating system itself. In general, virtual machines are sandboxed from the rest of the system, meaning that the software inside a virtual machine can’t escape or tamper with the underlying server itself. Each virtual machine provides its own virtual hardware including CPUs, memory, hard drives, network interfaces and other devices.

Answer 255

A

Apply role-based access control (RBAC) polices on non-Azure servers.

Azure Arc can extend Azure RBAC controls to non-Azure resources.
Selected

Protect Amazon EC2 instances with Microsoft Defender for Cloud.

Azure Arc can extend the features and monitoring of Microsoft Defender for Cloud to non-Azure resources.

Enable running Azure serverless services (e.g., Azure Functions) in containerized form on on-premises servers.

Azure Arc can run some Azure serverless services on local/on-premises servers.

Answer 256

A

Access Decisions

Once the signal condition of a policy is met, an access decision is applied such as grant, block, or grant with restrictions (requires MFA/managed device).

Signals

Signals are the conditions that must be met to trigger a Conditional Access policy. They include the affected users/groups, applications being signed into, locations, and more.

Answer 257

A

Use Azure AD Connect in your on-premises environment to synchronize on-premises and Azure AD accounts.

Azure AD Connect in an on-premises environment is capable of synchronizing on-premises and Azure AD accounts, so users can be signed in and be managed in both locations without having to maintain 2 separate Active Directory environments.

Answer 258

A

Reliability

Reliability describes the ability to continue business operations in the case of an outage or disaster.

Answer 259

A

Azure Cloud Shell via the Azure portal

Cloud Shell contains both the Azure CLI and PowerShell environments. You can run Azure PowerShell scripts in Azure Cloud Shell using the PowerShell environment.

Azure PowerShell

PowerShell can, unsurprisingly, run PowerShell scripts.

Answer 260

A

Configure an Azure VM with Windows Server, and operate as an Active Directory domain controller. Configure the application to authenticate with your VM-hosted AD server.

This is referred to as self-managed AD, where you are in charge of configuring and maintaining a Windows Server acting as a domain controller.
Selected

Continue using your on-premises AD server, and synchronize the server with Azure AD over Azure AD Connect. Configure the application to authenticate with your on-premises AD server.

One option is to simply continue hosting an on-premises AD server, if you are not removing all existing on-premises infrastructure.

Answer 261

A

Premium block blobs

Premium block blobs provide fast performance for block blob storage types (e.g., blob objects).

Answer 262

A

Azure portal

CORRECT ( Azure portal ) - Azure portal is a web application that is accessible on all modern desktop, tablet devices, and browsers. As long as your device can run a modern web browser, you can generally use the Azure Portal.

Azure Cloud Shell

CORRECT ( Azure Cloud Shell ) - Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell. At this time, there is no native PowerShell Core distribution for Google OS, and the current version of the CLI cannot be installed on Google OS.

Answer 263

A

Office 365

Office 365 is considered as SaaS due to the level of provider responsibility.

Azure Active Directory

Azure Active Directory is considered as SaaS due to the level of provider responsibility.

Answer 264

A

Collect and analyze telemetry data from your Azure resource to make sure everything is running as it should be

Azure Monitor is responsible for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments to ensure proper operation and alert you to problems when they occur.

Answer 265

A

Knowing what your application will cost with real-time tracking of rescource usage as well as knowing that your application will perform consistently regardless of customer load.

Brainscape's Knowledge GenomeTM

AZ-900 Flashcards

Brainscape's Knowledge Genome^TM