AZ-900 Flashcards

Question

Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? Each correct answer presents complete solution. PowerShell in Azure Cloud Shell Remote Desktop SSH the Azure portal

Answer 1

PowerShell in Azure Cloud Shell the Azure portal The Azure portal can run on devices that have the Android operating system installed. The browser can be any type, such as Internet Explorer 11, Chrome, Firefox, or Safari (all the latest versions). When you visit the portal, you will see Cloud Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can use Bash and PowerShell to create Azure virtual machines.

Answer 2

Azure Advisor Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules.

Answer 3

Azure Service Health After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.

Answer 4

Azure Advisor Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Answer 5

Azure Monitor Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.

Answer 6

health advisories Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions.

Answer 7

Azure Application Insights Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

Answer 8

a lock Incorrect: A user-assigned managed identity –– Adding an identity will not add the ability to change or delete the resource. Correct: A lock –– A resource lock will meet both requirements. Incorrect: A tag –– A tag will not meet the requirements. Incorrect: Conditional Access –– Conditional Access will not meet the requirements.

Answer 9

Availability zones Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Answer 10

resource groups resources Resources can only be associated with a single subscription. Subscriptions may be grouped into management groups. An account may be associated with multiple subscriptions.

Answer 11

a resource A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.

Answer 12

subscriptions Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.

Answer 13

management groups Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Azure AD resources, such as users and groups. Accounts are used to provide access to resources

Answer 14

a virtual machine Virtual machines are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. Virtual machines host an operating system, and you can install and run software just like on a physical computer.

Answer 15

Azure Functions Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

Answer 16

Azure VPN Gateway ExpressRoute ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.

Answer 17

Azure Virtual Desktop Azure Virtual Desktop is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.

Answer 18

Azure Blob storage Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Answer 19

Archive The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data.

Answer 20

Azure Files Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.

Answer 21

Hot The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.

Answer 22

Azure Blob storage Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Answer 23

Network File System (NFS) Server Message Block (SMB) Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.

Answer 24

to use several layers of protection to prevent information from being accessed by unauthorized users The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

Answer 25

Azure role-based access control (RBAC) Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location.

Answer 26

multi-factor authentication (MFA) MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

Answer 27

Conditional Access Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.

Answer 28

a resource group Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed.

Answer 29

geography Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.

Answer 30

Azure SQL databases virtual machines Availability zones are primarily for virtual machines, managed disks, load balancers, and SQL databases.

Answer 31

peering You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.

Answer 32

service endpoints Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together.

Answer 33

Azure Container Instances Azure Kubernetes Service (AKS) Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.

Answer 34

single sign-on (SSO) SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals. Azure AD supports the registration of devices.

Answer 35

Conditional Access Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.

Answer 36

scope An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.

Answer 37

authentication single sign-on (SSO) Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

Answer 38

Conditional Access Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

Answer 39

Azure AD Connect Azure AD Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Azure AD. Azure AD Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.

Answer 40

compute storage All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

Answer 41

Servers and storage are owned and operated by a third-party cloud service provider. Services are offered over the internet and are available to anyone who wants to purchase them. In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.

Answer 42

Capital expenditures Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

Answer 43

a disaster recovery plan Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.

Answer 44

horizontal scaling Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Agility refers to the ability to deploy new applications and services quickly. High availability minimizes downtime when things go wrong.

Answer 45

associating costs with different environments categorizing costs by department You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production. Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.

Answer 46

Azure Pricing calculator The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Answer 47

Azure Arc Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Answer 48

Azure CLI Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.

Answer 49

Azure Service Health Service Health notifies you of Azure-related service issues, such as region-wide downtime.

Answer 50

Azure Monitor Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.

Answer 51

Azure Service Health You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime

Answer 52

Data Policy Incorrect: Data Catalog –– This enables data discovery. Incorrect: Data Sharing –– This shares data within and between organizations. Incorrect: Data Estate Insights –– This accesses data estate health. Correct: Data Policy –– This governs access to data.

Answer 53

Deallocate the virtual machine. If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

Answer 54

Azure Policy Azure Policy enables you to define both individual policies and groups of related policies called initiatives. Azure Policy evaluates your resources and highlights resources that are not compliant with the policies you created. Azure Policy can also prevent noncompliant resources from being created.

Answer 55

Azure CLI Azure PowerShell Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

Answer 56

a web browser Cloud Shell is an interactive, browser-accessible shell for managing Azure resources.

Answer 57

defense in depth A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application's resources. The perimeter layer is about protecting an organization's resources from network-based attacks.

Answer 58

horizontal scaling Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically by adding RAM or CPUs to a virtual machine. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Answer 59

elasticity Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.

Answer 60

Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours.

Answer 61

Agility refers to the ability to deploy new applications and services quickly.

Answer 62

igh availability refers to the ability to ensure that a service or application remains available in the event of a failure.

Answer 63

Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. The major types are Horizontal scaling (adding/subtracting systems such as VMs) and Vertical scaling (adding/subtracting capabilities such as RAM and CPU on existing resources)

Answer 64

infrastructure as a service (IaaS) on-premises Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.

Answer 65

Infrastructure as a service (IaaS) IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.

Answer 66

infrastructure as a service (IaaS) IaaS helps you reduce the cost and complexity of maintaining a physical server and its datacenter infrastructure. Virtual networks are part of the IaaS cloud service.

Answer 67

Azure Resource Manager (ARM) ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.

Answer 68

connecting an on-premises datacenter to an Azure virtual network A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.

Answer 69

serving images or documents directly to a browser storing data for backup and restore Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.

Answer 70

Azure Disk Storage provides disks for Azure virtual machines.

Answer 71

Azure Files supports mounting file storage shares.

Answer 72

Total Cost of Ownership (TCO) Calculator The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

Answer 73

The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Answer 74

The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

Answer 75

Azure Reservations Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance.Spending limits can suspend a subscription when the spend limit is reached.

Answer 76

Azure Policy Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.

Answer 77

Create new resources. Review a graphical view of all the services you are using. The Azure portal provides a GUI to view all the services you are using, create new services, configure your services, and view reports.

Answer 78

Azure Advisor Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Answer 79

You can scale more quickly. Cloud computing allows you to scale more quickly. Owning your own CPUs and having full access in the event of an internet outage are not features of cloud computing. Working from multiple workstations is not specific to cloud computing compared to an on-premises deployment.

Answer 80

infrastructure as a service (IaaS) IaaS is the most flexible category of cloud services. It aims to give you complete control over the hardware that runs applications. Users do not control the operating system and do not configure the underlying servers in PaaS. With SaaS, you are using as-is software hosted in the cloud, instead of creating a platform to host a software yourself.

Answer 81

software as a service (SaaS) SaaS allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendaring, and Office tools, such as Office 365.

Answer 82

resource location resource usage Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.

Answer 83

data and access SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.

Answer 84

region pairs Region pairs allow the replication of Azure resources across geographies to help ensure that a secondary region is available in case of any disaster at the primary region.

Answer 85

Azure Virtual Machine Scale Sets Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.

Answer 86

Azure Arc is a set of technologies that helps manage your cloud environment. Azure Arc can help manage your cloud environment, whether it's a public cloud solely on Azure, a private cloud in your datacenter, a hybrid configuration, or even a multi-cloud environment running on multiple cloud providers at once.

Answer 87

Reliability is the ability of a system to recover from failures and disasters and continue to function. It's also one of the pillars of the Microsoft Azure Well-Architected Framework.

Answer 88

Platform as a service (PaaS) is a middle ground between renting space in a datacenter (infrastructure as a service) and paying for a complete and deployed solution (software as a service). In a PaaS environment, the cloud provider maintains the physical infrastructure, physical security, and connection to the internet. They also maintain the operating systems, middleware, development tools, and business intelligence services that make up a cloud solution. In a PaaS scenario, you don't have to worry about the licensing or patching for operating systems and databases. PaaS is well suited to provide a complete development environment without the headache of maintaining all the development infrastructure.

Answer 89

Software as a service (SaaS) is the most complete cloud service model from a product perspective. With SaaS, you’re essentially renting or using a fully developed application. Email, financial software, messaging applications, and connectivity software are all common examples of a SaaS implementation. While the SaaS model may be the least flexible, it’s also the easiest to get up and running. It requires the least amount of technical knowledge or expertise to fully employ.

Answer 90

Infrastructure as a service (IaaS) is the most flexible category of cloud services, as it provides you the maximum amount of control for your cloud resources. In an IaaS model, the cloud provider is responsible for maintaining the hardware, network connectivity (to the internet), and physical security. You’re responsible for everything else: operating system installation, configuration, and maintenance; network configuration; database and storage configuration; and so on. With IaaS, you’re essentially renting the hardware in a cloud datacenter, but what you do with that hardware is up to you.

Answer 91

Facilities with resources arranged in racks, with dedicated power, cooling, and networking infrastructure. Individual datacenters aren’t directly accessible. Datacenters are grouped into Azure Regions or Azure Availability Zones that are designed to help you achieve resiliency and reliability for your business-critical workloads.

Answer 92

A region is a geographical area on the planet that contains at least one, but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced. When you deploy a resource in Azure, you'll often need to choose the region where you want your resource deployed.

Answer 93

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks.

Answer 94

VMs, managed disks, load balancers, and SQL databases

Answer 95

Zonal services: You pin the resource to a specific zone (for example, VMs, managed disks, IP addresses). Zone-redundant services: The platform replicates automatically across zones (for example, zone-redundant storage, SQL Database). Non-regional services: Services are always available from Azure geographies and are resilient to zone-wide outages as well as region-wide outages.

Answer 96

Most Azure regions are paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect an entire region.

Answer 97

Sovereign regions are instances of Azure that are isolated from the main instance of Azure. You may need to use a sovereign region for compliance or legal purposes. Azure sovereign regions include: US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications. China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters.

Answer 98

A resource is the basic building block of Azure. Anything you create, provision, deploy, etc. is a resource. Virtual Machines (VMs), virtual networks, databases, cognitive services, etc. are all considered resources within Azure.

Answer 99

Resource groups are simply groupings of resources. When you create a resource, you’re required to place it into a resource group. While a resource group can contain many resources, a single resource can only be in one resource group at a time. Some resources may be moved between resource groups, but when you move a resource to a new group, it will no longer be associated with the former group. Additionally, resource groups can't be nested, meaning you can’t put resource group B inside of resource group A.

Answer 100

In Azure, subscriptions are a unit of management, billing, and scale. Similar to how resource groups are a way to logically organize resources, subscriptions allow you to logically organize your resource groups and facilitate billing. An Azure subscription links to an Azure account, which is an identity in Azure Active Directory (Azure AD) or in a directory that Azure AD trusts. An account can have multiple subscriptions, but it’s only required to have one.

Answer 101

Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group, the same way that resource groups inherit settings from subscriptions and resources inherit from resource groups. Management groups give you enterprise-grade management at a large scale, no matter what type of subscriptions you might have. Management groups can be nested.

Answer 102

Virtual machine scale sets let you create and manage a group of identical, load-balanced VMs. Instead, with virtual machine scale sets, Azure automates most of that work. Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes. The number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule. Virtual machine scale sets also automatically deploy a load balancer to make sure that your resources are being used efficiently. With virtual machine scale sets, you can build large-scale services for areas such as compute, big data, and container workloads.

Answer 103

Availability sets are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure. Best of all, there’s no additional cost for configuring an availability set. You only pay for the VM instances you create.

Answer 104

Update domain: The update domain groups VMs that can be rebooted at the same time. This allows you to apply updates while knowing that only one update domain grouping will be offline at a time. All of the machines in one update domain will be updated. An update group going through the update process is given a 30-minute time to recover before maintenance on the next update domain starts. Fault domain: The fault domain groups your VMs by common power source and network switch. By default, an availability set will split your VMs across up to three fault domains. This helps protect against a physical power or networking failure by having VMs in different fault domains (thus being connected to different power and networking resources).

Answer 105

During testing and development. VMs provide a quick and easy way to create different OS and application configurations. Test and development personnel can then easily delete the VMs when they no longer need them. When running applications in the cloud. The ability to run certain applications in the public cloud as opposed to creating a traditional infrastructure to run them can provide substantial economic benefits. For example, an application might need to handle fluctuations in demand. Shutting down VMs when you don't need them or quickly starting them up to meet a sudden increase in demand means you pay only for the resources you use. When extending your datacenter to the cloud: An organization can extend the capabilities of its own on-premises network by creating a virtual network in Azure and adding VMs to that virtual network. Applications like SharePoint can then run on an Azure VM instead of running locally. This arrangement makes it easier or less expensive to deploy than in an on-premises environment. During disaster recovery: As with running certain types of applications in the cloud and extending an on-premises network to the cloud, you can get significant cost savings by using an IaaS-based approach to disaster recovery. If a primary datacenter fails, you can create VMs running on Azure to run your critical applications and then shut them down when the primary datacenter becomes operational again.

Answer 106

Azure Virtual Desktop is a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.

Answer 107

Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you don't manage the operating system for a container. Virtual machines appear to be an instance of an operating system that you can connect to and manage. Containers are lightweight and designed to be created, scaled out, and stopped dynamically. It's possible to create and deploy virtual machines as application demand increases, but containers are a lighter weight, more agile method. Containers are designed to allow you to respond to changes on demand. With containers, you can quickly restart if there's a crash or hardware interruption. One of the most popular container engines is Docker, and Azure supports Docker.

Answer 108

Azure Container Instances offer the fastest and simplest way to run a container in Azure; without having to manage any virtual machines or adopt any additional services. Azure Container Instances are a platform as a service (PaaS) offering. Azure Container Instances allow you to upload your containers and then the service will run the containers for you.

Answer 109

Azure Container Apps are similar in many ways to a container instance. They allow you to get up and running right away, they remove the container management piece, and they're a PaaS offering. Container Apps have extra benefits such as the ability to incorporate load balancing and scaling. These other functions allow you to be more elastic in your design.

Answer 110

Azure Kubernetes Service (AKS) is a container orchestration service. An orchestration service manages the lifecycle of containers. When you're deploying a fleet of containers, AKS can make fleet management simpler and more efficient.

Answer 111

Azure Functions is an event-driven, serverless compute option that doesn’t require maintaining virtual machines or containers. If you build an app using VMs or containers, those resources have to be “running” in order for your app to function. With Azure Functions, an event wakes the function, alleviating the need to keep resources provisioned when there are no events.

Answer 112

App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux. It enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model.

Answer 113

Azure virtual networks and virtual subnets enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as an extension of your on-premises network with resources that link other Azure resources. Azure virtual networks provide the following key networking capabilities: Isolation and segmentation Internet communications Communicate between Azure resources Communicate with on-premises resources Route network traffic Filter network traffic Connect virtual networks

Answer 114

A virtual private network (VPN) uses an encrypted tunnel within another network. VPNs are typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet). Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks. VPNs can enable networks to safely and securely share sensitive information.

Answer 115

A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed in a dedicated subnet of the virtual network and enable the following connectivity: Connect on-premises datacenters to virtual networks through a site-to-site connection. Connect individual devices to virtual networks through a point-to-site connection. Connect virtual networks to other virtual networks through a network-to-network connection. All data transfer is encrypted inside a private tunnel as it crosses the internet. You can deploy only one VPN gateway in each virtual network. However, you can use one gateway to connect to multiple locations, which includes other virtual networks or on-premises datacenters.

Answer 116

Azure ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection, with the help of a connectivity provider. Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility. ExpressRoute connections don't go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.

Answer 117

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.

Answer 118

Locally redundant storage (LRS) replicates your data three times within a single data center in the primary region. LRS provides at least 11 nines of durability (99.999999999%) of objects over a given year.

Answer 119

For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region. ZRS offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year.

Answer 120

GRS copies your data synchronously three times within a single physical location in the primary region using LRS. It then copies your data asynchronously to a single physical location in the secondary region (the region pair) using LRS. GRS offers durability for Azure Storage data objects of at least 16 nines (99.99999999999999%) over a given year.

Answer 121

GZRS combines the high availability provided by redundancy across availability zones with protection from regional outages provided by geo-replication. Data in a GZRS storage account is copied across three Azure availability zones in the primary region (similar to ZRS) and is also replicated to a secondary geographic region, using LRS, for protection from regional disasters.

Answer 122

A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2. Azure Blob storage is an object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. Azure Blob storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blob storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection. Blobs aren't limited to common file formats. A blob could contain gigabytes of binary data streamed from a scientific instrument, an encrypted message for another application, or data in a custom format for an app you're developing. One advantage of blob storage over disk storage is that it doesn't require developers to think about or manage disks. Data is uploaded as blobs, and Azure takes care of the physical storage needs. Blob storage is ideal for: Serving images or documents directly to a browser. Storing files for distributed access. Streaming video and audio. Storing data for backup and restore, disaster recovery, and archiving. Storing data for analysis by an on-premises or Azure-hosted service.

Answer 123

Azure File storage offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) or Network File System (NFS) protocols. Azure Files file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. Additionally, SMB Azure file shares can be cached on Windows Servers with Azure File Sync for fast access near where the data is being used. NFS Azure Files shares are accessible from Linux or macOS clients.

Answer 124

Azure Queue storage is a service for storing large numbers of messages. Once stored, you can access the messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue can contain as many messages as your storage account has room for (potentially millions). Each individual message can be up to 64 KB in size. Queues are commonly used to create a backlog of work to process asynchronously. Queue storage can be combined with compute functions like Azure Functions to take an action when a message is received. For example, you want to perform an action after a customer uploads a form to your website. You could have the submit button on the website trigger a message to the Queue storage. Then, you could use Azure Functions to trigger an action once the message was received.

Answer 125

Azure Disk storage, or Azure managed disks, are block-level storage volumes managed by Azure for use with Azure VMs. Conceptually, they’re the same as a physical disk, but they’re virtualized – offering greater resiliency and availability than a physical disk. With managed disks, all you have to do is provision the disk, and Azure will take care of the rest.

Answer 126

Azure Table storage stores large amounts of structured data. Azure tables are a NoSQL datastore that accepts authenticated calls from inside and outside the Azure cloud. This enables you to use Azure tables to build your hybrid or multi-cloud solution and have your data always available. Azure tables are ideal for storing structured, non-relational data.

Answer 127

Optimized for storing data that is accessed frequently (for example, images for your website).

Answer 128

Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers).

Answer 129

Optimized for storing data that is infrequently accessed and stored for at least 90 days.

Answer 130

Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

Answer 131

Azure Migrate is a service that helps you migrate from an on-premises environment to the cloud. Azure Migrate functions as a hub to help you manage the assessment and migration of your on-premises datacenter to Azure. It provides the following:

Answer 132

Azure Data Box is a physical migration service that helps transfer large amounts of data in a quick, inexpensive, and reliable way. The secure data transfer is accelerated by shipping you a proprietary Data Box storage device that has a maximum usable storage capacity of 80 terabytes. The Data Box is transported to and from your datacenter via a regional carrier. A rugged case protects and secures the Data Box from damage during transit.

Answer 133

AzCopy is a command-line utility that you can use to copy blobs or files to or from your storage account. With AzCopy, you can upload files, download files, copy files between storage accounts, and even synchronize files. AzCopy can even be configured to work with other cloud providers to help move files back and forth between clouds. Synchronizing blobs or files with AzCopy is one-direction synchronization. When you synchronize, you designated the source and destination, and AzCopy will copy files or blobs in that direction. It doesn't synchronize bi-directionally based on timestamps or other metadata.

Answer 134

Azure Storage Explorer is a standalone app that provides a graphical interface to manage files and blobs in your Azure Storage Account. It works on Windows, macOS, and Linux operating systems and uses AzCopy on the backend to perform all of the file and blob management tasks. With Storage Explorer, you can upload to Azure, download from Azure, or move between storage accounts.

Answer 135

Azure File Sync is a tool that lets you centralize your file shares in Azure Files and keep the flexibility, performance, and compatibility of a Windows file server. It’s almost like turning your Windows file server into a miniature content delivery network. Once you install Azure File Sync on your local Windows server, it will automatically stay bi-directionally synced with your files in Azure.

Answer 136

Azure Active Directory (Azure AD) is a directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that you develop. Azure AD can also help you maintain your on-premises Active Directory deployment.

Answer 137

One method of connecting Azure AD with your on-premises AD is using Azure AD Connect. Azure AD Connect synchronizes user identities between on-premises Active Directory and Azure AD. Azure AD Connect synchronizes changes between both identity systems, so you can use features like SSO, multifactor authentication, and self-service password reset under both systems.

Answer 138

Azure Active Directory Domain Services (Azure AD DS) is a service that provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. Just like Azure AD lets you use directory services without having to maintain the infrastructure supporting it, with Azure AD DS, you get the benefit of domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud. An Azure AD DS managed domain lets you run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud.

Answer 139

Authentication is the process of establishing the identity of a person, service, or device. It requires the person, service, or device to provide some type of credential to prove who they are. Authentication is like presenting ID when you’re traveling. It doesn’t confirm that you’re ticketed, it just proves that you're who you say you are. Azure supports multiple authentication methods, including standard passwords, single sign-on (SSO), multifactor authentication (MFA), and passwordless.

Answer 140

An external identity is a person, device, service, etc. that is outside your organization. Azure AD External Identities refers to all the ways you can securely interact with users outside of your organization. If you want to collaborate with partners, distributors, suppliers, or vendors, you can share your resources and define how your internal users can access external organizations. If you're a developer creating consumer-facing apps, you can manage your customers' identity experiences.

Answer 141

Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from. Conditional Access helps IT administrators: Empower users to be productive wherever and whenever. Protect the organization's assets. Conditional Access also provides a more granular multifactor authentication experience for users. For example, a user might not be challenged for second authentication factor if they're at a known location. However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they're at an unexpected location.

Answer 142

Defender for Cloud is a monitoring tool for security posture management and threat protection. It monitors your cloud, on-premises, hybrid, and multi-cloud environments to provide guidance and notifications aimed at strengthening your security posture.

Answer 143

The pricing calculator is designed to give you an estimated cost for provisioning resources in Azure. You can get an estimate for individual resources, build out a solution, or use an example scenario to see an estimate of the Azure spend. The pricing calculator’s focus is on the cost of provisioned resources in Azure. With the pricing calculator, you can estimate the cost of any provisioned resources, including compute, storage, and associated network costs. You can even account for different storage options like storage type, access tier, and redundancy.

Answer 144

The TCO calculator is designed to help you compare the costs for running an on-premises infrastructure compared to an Azure Cloud infrastructure. With the TCO calculator, you enter your current infrastructure configuration, including servers, databases, storage, and outbound network traffic. The TCO calculator then compares the anticipated costs for your current environment with an Azure environment supporting the same infrastructure requirements. With the TCO calculator, you enter your configuration, add in assumptions like power and IT labor costs, and are presented with an estimation of the cost difference to run the same environment in your current datacenter or in Azure.

Answer 145

Cost Management provides the ability to quickly check Azure resource costs, create alerts based on resource spend, and create budgets that can be used to automate management of resources.

Answer 146

Microsoft Purview is a family of data governance, risk, and compliance solutions that helps you get a single, unified view into your data. Microsoft Purview brings insights about your on-premises, multicloud, and software-as-a-service data together. Two main solution areas comprise Microsoft Purview: risk and compliance and unified data governance.

Answer 147

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules across your resource configurations so that those configurations stay compliant with corporate standards. Azure Policy enables you to define both individual policies and groups of related policies, known as initiatives. Azure Policy evaluates your resources and highlights resources that aren't compliant with the policies you've created. Azure Policy can also prevent noncompliant resources from being created. Azure Policies can be set at each level, enabling you to set policies on a specific resource, resource group, subscription, and so on. Additionally, Azure Policies are inherited, so if you set a policy at a high level, it will automatically be applied to all of the groupings that fall within the parent. For example, if you set an Azure Policy on a resource group, all resources created within that resource group will automatically receive the same policy. Azure Policy comes with built-in policy and initiative definitions for Storage, Networking, Compute, Security Center, and Monitoring. For example, if you define a policy that allows only a certain size for the virtual machines (VMs) to be used in your environment, that policy is invoked when you create a new VM and whenever you resize existing VMs. Azure Policy also evaluates and monitors all current VMs in your environment, including VMs that were created before the policy was created.

Answer 148

An Azure Policy initiative is a way of grouping related policies together. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.

Answer 149

A resource lock prevents resources from being accidentally deleted or changed. Even with Azure role-based access control (Azure RBAC) policies in place, there's still a risk that people with the right level of access could delete critical cloud resources. Resource locks prevent resources from being deleted or updated, depending on the type of lock. Resource locks can be applied to individual resources, resource groups, or even an entire subscription. Resource locks are inherited, meaning that if you place a resource lock on a resource group, all of the resources within the resource group will also have the resource lock applied.

Answer 150

The Microsoft Service Trust Portal is a portal that provides access to various content, tools, and other resources about Microsoft security, privacy, and compliance practices. The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must sign in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account). You'll need to review and accept the Microsoft non-disclosure agreement for compliance materials.

Answer 151

The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription by using a graphical user interface. You can: Build, manage, and monitor everything from simple web apps to complex cloud deployments Create custom dashboards for an organized view of resources Configure accessibility options for an optimal experience

Answer 152

Azure Cloud Shell is a browser-based shell tool that allows you to create, configure, and manage Azure resources using a shell. Azure Cloud Shell support both Azure PowerShell and the Azure Command Line Interface (CLI), which is a Bash shell.

Answer 153

Azure PowerShell is a shell with which developers, DevOps, and IT professionals can run commands called command-lets (cmdlets). These commands call the Azure REST API to perform management tasks in Azure. Cmdlets can be run independently to handle one-off changes, or they may be combined to help orchestrate complex actions such as: The routine setup, teardown, and maintenance of a single resource or multiple connected resources. The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code.

Answer 154

The Azure CLI is functionally equivalent to Azure PowerShell, with the primary difference being the syntax of commands. While Azure PowerShell uses PowerShell commands, the Azure CLI uses Bash commands. The Azure CLI provides the same benefits of handling discrete tasks or orchestrating complex operations through code. It’s also installable on Windows, Linux, and Mac platforms, as well as through Azure Cloud Shell. Due to the similarities in capabilities and access between Azure PowerShell and the Bash based Azure CLI, it mainly comes down to which language you’re most familiar with.

Answer 155

In utilizing Azure Resource Manager (ARM), Arc lets you extend your Azure compliance and monitoring to your hybrid and multi-cloud configurations. Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Azure Arc provides a centralized, unified way to: Manage your entire environment together by projecting your existing non-Azure resources into ARM. Manage multi-cloud and hybrid virtual machines, Kubernetes clusters, and databases as if they are running in Azure. Continue using traditional ITOps while introducing DevOps practices to support new cloud and native patterns in your environment. Configure custom locations as an abstraction layer on top of Azure Arc-enabled Kubernetes clusters and cluster extensions.

Answer 156

Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. Anytime you do anything with your Azure resources, ARM is involved. When a user sends a request from any of the Azure tools, APIs, or SDKs, ARM receives the request. ARM authenticates and authorizes the request. Then, ARM sends the request to the Azure service, which takes the requested action. You see consistent results and capabilities in all the different tools because all requests are handled through the same API.

Answer 157

By using ARM templates, you can describe the resources you want to use in a declarative JSON format. With an ARM template, the deployment code is verified before any code is run. This ensures that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time.

Answer 158

Azure Advisor evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Azure Advisor is designed to help you save time on cloud optimization. The recommendation service includes suggested actions you can take right away, postpone, or dismiss. The recommendations are available via the Azure portal and the API, and you can set up notifications to alert you to new recommendations.

Answer 159

By using Azure status, Service health, and Resource health, Azure Service Health gives you a complete view of your Azure environment-all the way from the global status of Azure services and regions down to specific resources. Additionally, historical alerts are stored and accessible for later review. Something you initially thought was a simple anomaly that turned into a trend, can readily be reviewed and investigated thanks to the historical alerts. Finally, in the event that a workload you’re running is impacted by an event, Azure Service Health provides links to support.

Answer 160

Azure Status is a broad picture of the status of Azure globally. Azure status informs you of service outages in Azure on the Azure Status page. The page is a global view of the health of all Azure services across all Azure regions. It’s a good reference for incidents with widespread impact.

Answer 161

Service Health provides a narrower view of Azure services and regions. It focuses on the Azure services and regions you're using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Service Health experience knows which services and resources you currently use. You can even set up Service Health alerts to notify you when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.

Answer 162

Resource Health is a tailored view of your actual Azure resources. It provides information about the health of your individual cloud resources, such as a specific virtual machine instance. Using Azure Monitor, you can also configure alerts to notify you of availability changes to your cloud resources.

Answer 163

Azure Monitor is a platform for collecting data on your resources, analyzing that data, visualizing the information, and even acting on the results. Azure Monitor can monitor Azure resources, your on-premises resources, and even multi-cloud resources like virtual machines hosted with a different cloud provider.

Answer 164

Azure Log Analytics is the tool in the Azure portal where you’ll write and run log queries on the data gathered by Azure Monitor. Log Analytics is a robust tool that supports both simple, complex queries, and data analysis. You can write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze the records. You can write an advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend. Whether you work with the results of your queries interactively or use them with other Azure Monitor features such as log query alerts or workbooks, Log Analytics is the tool that you're going to use to write and test those queries.

Answer 165

Application Insights, an Azure Monitor feature, monitors your web applications. Application Insights is capable of monitoring applications that are running in Azure, on-premises, or in a different cloud environment. There are two ways to configure Application Insights to help monitor your application. You can either install an SDK in your application, or you can use the Application Insights agent. The Application Insights agent is supported in C#.NET, VB.NET, Java, JavaScript, Node.js, and Python. Not only does Application Insights help you monitor the performance of your application, but you can also configure it to periodically send synthetic requests to your application, allowing you to check the status and monitor your application even during periods of low activity.

Answer 166

Predictability Predictability is knowing that your application will perform at a consistent level. This is achieved through a combination of autoscaling, high availability, and load balancing. Though not noted in the question, it also describes transparency in costs.

Answer 167

Predictability Predictability is knowing that your application will always perform as expected regardless of load. While there is some overlap with the concepts of scalability and high availability to achieve this outcome, the concept of being confident of consistent performance is Predictability.

Answer 168

Azure Logic Apps Azure Logic Apps provides no-code solutions for connecting and automating workflows between different services and applications.

Answer 169

Create a virtual network in each region, and connect both networks with network peering. Network peering allows you to connect multiple virtual networks over the private Azure network for a private network connection.

Answer 170

Security Like its name implies, the security cloud attribute describes having full control, or even choosing how much control you want, over your cloud resources' security configuration.

Answer 171

Private Endpoints allow you to completely disable public access to a managed PaaS service. Private Endpoints allow private access from connected non-Azure locations, therefore allowing full removal of public PaaS access and still allowing on-premises connectivity. Service Endpoints only provide private PaaS connectivity to a subnet in a virtual network. Private Endpoints extend private PaaS connectivity to connected networks, including on-premises. Service Endpoints only work with Azure Virtual Networks at a subnet-level scope. It does not extend to non-Azure networks.

Answer 172

Deploy additional virtual machines to host the application in another zone. Zones within a region are separate locations or datacenters in the same geographical area. Deploying additional machines to another zone will increase the reliability of the solution in case one of the datacenters is unavailable.

Answer 173

Configure an Azure VM with Windows Server and operate as an Active Directory domain controller. Configure the application to authenticate with your VM-hosted AD server. This is referred to as self-managed AD, where you are in charge of configuring and maintaining a Windows Server acting as a domain controller. Self-managed AD on an Azure VM can use an existing domain namespace.

Answer 174

Within a single region, replicate your infrastructure across multiple availability zones in that region. Availability zones provide a level of fault tolerance within a single region (or general location). Each availability zone is a self-contained datacenter. By replicating resources across multiple availability zones, if 1 zone (or datacenter) goes offline, the other availability zones in the same region can continue to host your application.

Answer 175

Gateway subnet This scenario calls for a VPN connection over a virtual network gateway. A gateway requires its own gateway subnet on an Azure virtual network. VPN device This scenario calls for a VPN connection over a virtual network gateway. Site-to-Site connections to an on-premises network require a VPN device. Virtual network gateway This scenario calls for a VPN connection over a virtual network gateway. A gateway component is one of the components needed to create this connection.

Answer 176

Premium Page Blobs Premium page blobs support the fastest possible performance for page blob storage types (e.g., IaaS disks).

Answer 177

General-Purpose v2 General-purpose v2 is the standard performance option which supports all storage types. It provides an acceptable level of performance for most workloads; however, does not include high performance low-latency operations. It also costs less than the premium performance options.

Answer 178

How you interact with and implement different cloud-based resources Manageability has two aspects: 1. How you create and manage resources, which includes autoscaling, template-based deployments, and monitoring/alerts. 2. How you interact with your cloud environments, including via the web portal, command line, and programmatic APIs.

Answer 179

Availability set An availability set consists of 2 or more virtual machines in the same physical location within an Azure datacenter. This configuration ensures that only a subset of the virtual machines in an availability set will be affected in the event of hardware failure, OS update, or a fault domain issue, since the VMs would reside on different racks. Availability zones protect applications from complete Azure datacenter failures, which affect all VMs within the Availability set, however datacenter failures were not a requirement in this scenario.

Answer 180

The client is responsible for all guest VM application updates and guest VM OS updates. In IaaS, clients manage their virtual machines' applications and operating systems ("guest VM OS"). While the cloud provider oversees physical hardware, clients must keep their VM software, including the guest OS, updated. Services can be scaled automatically to support system load. IaaS host services often feature the ability to scale automatically to combat increased system load and scaled back during periods of inactivity.

Answer 181

Ultra Ultra disks are the most expensive, yet highest-performing disk types available for Azure virtual machines. They support up to 64TB on a single disk.

Answer 182

Azure has many redundancy options to choose from when identifying which storage option to select. The following are all valid Azure Storage redundancy options - Locally redundant storage - Zone-redundant storage - Geo-redundant storage - Read-access geo-redundant storage - Geo-zone-redundant storage - Read-access geo-zone-redundant storage.

Answer 183

Azure's native Infrastructure-as-Code (IaC) solution ARM templates are Azure's native Infrastructure-as-Code (IaC) solution that can consistently and automatically deploy the same environments that are defined in code format.

Answer 184

Monitors and analyzes the cost of your current Azure resources Cost Management is part of subscription billing tools, which breaks down current cost via a variety of filters and can also set budgets and alerts.

Answer 185

Metrics and logs All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs. Metrics are numerical values that describe some aspect of a system at a particular point in time. They are lightweight and capable of supporting near real-time scenarios. Logs contain different kinds of data organized into records with different sets of properties for each type. Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis. Subscription monitoring data Azure Monitor collects two broad types of data: metrics and logs. Within these data types sits subscription monitoring data.

Answer 186

Automated and repeatable environment setup in Azure. Azure Blueprints provides automated and repeatable environment setup in Azure. It is able to implement: - Role assignments - Policy assignments - Azure Resource Manager templates (ARM templates) - Resource groups

Answer 187

Azure Policy Azure Policy is used to enforce different rules and effects over your resources, such as limiting what actions different administrators can perform within your RG-RG resource group. The other answers are incorrect: Access Control can be used to prevent the creation of Azure resources, but improper use could prevent required system access from other administrators, so this is not the best selection. Locks can be used on a resource to prevent accidental deletion or modification of a resource group, for example. Properties are typically read-only values for an Azure resource, such as its resource ID, subscription, resource group, and other information.

Answer 188

Azure Information Protection (sometimes referred to as AIP) helps protect: Email messages, Office documents and PDF documents. AIP is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Azure Information Protection is not used to protect data in Azure Blob Storage nor can it help protect virtual hard disks.

Answer 189

Azure App Service Azure App Service is a platform-as-a-service (PaaS) offering for web services and is a common solution for the migration of IIS. Azure SQL Database Azure SQL Database is a platform-as-a-service (PaaS) offering for relational database management and is a common solution for the migration of SQL.

Answer 190

Azure Privileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization.

Answer 191

Devices and accounts All cloud models, including SaaS, require you to manage the devices and accounts that access your application. Information and data All cloud models, including SaaS, require you to be responsible for the data that is migrated or created by your PaaS service.

Answer 192

You can secure a subnet individually from the entire virtual network. You can logically group services on the same Virtual Network. IP address allocation on the subnet is more efficient. Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. This makes address allocation more efficient, you can have a separate network security group for the subnet, and you can logically group services as well.

Answer 193

Use an Application Gateway to route URLs containing the "/image/" path. An Application Gateway is used specifically for routing traffic based on parameters in the traffic itself. This could be all requests to the "/images/" path of the URL being sent to a specific VM. A VPN Gateway is used to securely connect an Azure Virtual Network with an on-premises network. A CDN does not route traffic. A Load Balancer routes all traffic without looking at it.

Answer 194

Azure Storage Explorer Azure Storage Explorer is a drag-and-drop GUI interface for all storage types.

Answer 195

All Azure subscriptions have access to the Cost Management tool. The Cost Management tool in Azure is supported by all subscriptions on Azure.

Answer 196

Microsoft Office 365 Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet such as email or Microsoft Office 365. SaaS provides a complete software solution that you rent on a pay-as-you-go basis.

Answer 197

Select the icon (>_) in the top menu of the Azure Portal. CORRECT ('Select the icon (>) in the top menu of the Azure Portal') - The Azure Cloud Shell is accessible by selecting the (>) button in the top menu of the Azure Portal.

Answer 198

Platform as a Service (PaaS) PaaS solutions provide managed services to develop your own applications without the need to manage the underlying operating system.

Answer 199

Availability Zones exist within regions. Availability Zones protect your instances from the failure of a single datacenter. Each zone has its own isolated power, cooling, and networking. An Azure Availability Zones are groups of datacenters within a region which have their own isolated power, cooling, and networking. This is to ensure if one part of a local power grid fails, or a major internet outage occurs in a city that it should not impact multiple datacenters. This exists to protect your instances from the failure of entire datacenters. Each availability zone will share part of the load for running every Azure service in a region. Many resource types can benefit from Availability Zones, such as Storage Accounts, Virtual Machines, and Databases Azure Availability Zones

Answer 200

Availability Zones Using Azure Site Recovery, you can migrate Azure VMs to other Availability Zones. Move Azure VMs into Availability Zones | Microsoft Docs Enable Azure VM disaster recovery between availability zones Resource Groups Azure virtual machines can be moved between resource groups with either Azure PowerShell or the Azure portal. Move virtual machines to resource group or subscription Regions Using Azure Site Recovery, you can migrate Azure VMs to other regions. Subscriptions Azure virtual machines can be moved between subscriptions with either Azure PowerShell or the Azure portal.

Answer 201

Each availability zone has its own power, cooling, and networking capabilities. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Azure regions that support Availability Zones have a minimum of three. To ensure resiliency, there's a minimum of three separate zones in supported regions.

Answer 202

High availability While there is some overlap between many of the core cloud concepts, high availability is specifically defined by making sure IT disruptions are minimized as much as possible, which is carried out by using clusters of identical servers, automatically replacing failed servers, redundant, fault-tolerant, or failover-protected components, etc.

Answer 203

Deleted virtual machines will still incur charges for storage. When a virtual machine is deleted, its managed disk remains in the Azure portal and can be used to create a new virtual machine. Until this disk is manually removed, you will incur charges for the disk whether it is in use or not.

Answer 204

Configure the application to authenticate using Azure AD credentials over single sign-on (SSO). Azure AD supports modern authentication protocols (e.g., OAuth 2.0) and is already present in your Azure environment.

Answer 205

Virtual Machines The simplest migration approach would be to use Azure Migrate and target Virtual Machines - virtual machines have the closest similarity to the on-premises platform where the application resides.

Answer 206

Geo-zone-redundant storage (GZRS) Geo-zone-redundant storage (GZRS) satisfies the requirements of replicating data to a secondary region and replicating data across zones in the primary region.

Answer 207

Three Azure creates three copies of data per region. All single-region options create three copies. All multi-region options create six copies, with three copies in each region.

Answer 208

Managed network interface in a virtual network that provides a private connection to Azure-managed (PaaS) services Private endpoints are managed network interfaces that provide private connectivity to Azure PaaS services that do not use the public internet. A virtual network can share a private endpoint connection with other connected networks, such as VPN networks, to also connect to managed services over a private connection.

Answer 209

Single Sign On (SSO) Single Sign On allows you to use your Azure AD credentials as the authentication source for other applications.

Answer 210

Zone-redundant storage (ZRS) Zone-redundant storage (ZRS) copies data across three zones in a single region. Of the redundancy options that meet the requirements, it is the least expensive.

Answer 211

Utilize Azure Active Directory Domain Services (Azure AD DS) to create a fully managed Active Directory environment. Assign a unique namespace to the Azure AD DS instance and configure the application to authenticate using Azure AD DS on the instance. Azure AD DS provides a fully managed instance of classic Active Directory, supporting protocols and features like NTLM, LDAP, Kerberos, and Group Policy which are required by the applications as mentioned in the scenario. By using Azure AD DS, the administrative effort is reduced compared to self-managing a VM acting as a domain controller. The unique namespace ensures a distinct domain environment in Azure while facilitating the transition from on-premises resources to the cloud.

Answer 212

High scalability Private clouds often offer more scalability compared to on-premises infrastructure. Azure Documentation: What is a private cloud? Improved security Because resources are not shared with others, private clouds provide higher levels of control, privacy and security.

Answer 213

GRS provides protection if an entire region becomes unavailable. GRS creates six copies of replicated data in Azure Storage. All of the single region redundancy options create three copies of data in a single region. The multi-region redundancy options create six copies: three in the primary region and three in the secondary region.

Answer 214

Provides insights such as customer behavior, performance bottlenecks, and web application errors Application Insights provides website performance monitoring.

Answer 215

Azure Files Azure Files uses SMB shares within a storage account to act as a cloud-based network file server.

Answer 216

Azure Resource Manager (ARM) templates ARM templates are Azure's native Infrastructure-as-Code (IaC) solution that can consistently and automatically deploy the same environments that are defined in code format.

Answer 217

Scope Scope determines which set of resources (subscription, resource group, individual VM, etc.) a user or other identity has access to. Security principal Security principal is the identity, or the "who," that needs access. Role definition Role definition defines what level of access is granted to an identity (security principal).

Answer 218

Alert Rule The alert rule provides the conditions that must be met before triggering an alert. Action Group After an alert is triggered via an alert rule, the action group designates who is informed of the triggered alert.

Answer 219

Azure VPN Gateway Azure VPN Gateway allows you to establish an IPsec tunnel from an on-premises network to an Azure virtual network over the public internet.

Answer 220

Send the CPU utilization metrics to a Log Analytics workspace. Within Log Analytics, run a query on the metrics to view trends over time. Log Analytics acts as both a storage container for logs/metrics as well as a query service to analyze the same logs/metrics data.

Answer 221

Check Azure Service Health for any outages. Azure Service Health notifies you about Azure service incidents and planned maintenance so you can take action to mitigate downtime.

Answer 222

Azure AD Identity Protection Azure AD Identity Protection is specifically tailored for Azure. It helps organizations in detecting, investigating, and remediating identity-based risks within Azure. With its capability to provide real-time risk detections during sign-ins and various remediation options, it addresses the requirements of the question.

Answer 223

Authorization system built on Azure Resource Manager that provides fine-grained access management of Azure resources. Azure RBAC provides fine-grained control to Azure resources. It is defined by a role definition assigned to a security principal at a specific scope of access.

Answer 224

Reliability There is overlap between high availability and reliability (the correct answer). High availability is more focused on replacing individual failed servers and maintaining clusters (or groups) of identical resources to ensure they are available. Reliability is more focused on plans to recover from more wide-scale disasters.

Answer 225

Apply only the necessary RBAC permissions to the external account according to the needed scope of access. External guest accounts are subject to the same RBAC permissions as any internal account. Selected Apply Conditional Access policies to secure the external account's access to Azure resources. Though not required, Conditional Access provides an additional layer of protection for any account to prevent unauthorized access.

Answer 226

Managed network interface in a virtual network that provides a private connection to Azure-managed (PaaS) services Private endpoints are managed network interfaces that provide private connectivity to Azure PaaS services that do not use the public internet. A virtual network can share a private endpoint connection with other connected networks, such as VPN networks, to also connect to managed services over a private connection.

Answer 227

Use Azure Blueprints. CORRECT (Use Azure Blueprints) Azure Blueprints are templates for creating compliant Azure infrastructure projects. You can use them to comply with standards and regulations that apply to your company. You can get architecture help using a support plan too, but it is much more laborious.

Answer 228

Availability Zones Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking within an Azure region. Configuring your Virtual Machines in distinct Availability Zones ensures that only a subset of the virtual machines in an availability zone will be affected in the event of hardware failure, OS update, or a complete data center outage. This configuration offers 99.99% SLA.

Answer 229

Read the secure score in Microsoft Defender for Cloud. Microsoft Defender for Cloud constantly reviews your active recommendations and calculates your secure score based on them.

Answer 230

Azure Virtual Machines Azure Virtual Machines are image service instances that provide on-demand and scalable computing resources with usage-based pricing. More broadly, a virtual machine behaves like a server: It’s a computer within a computer that provides the user the same experience that they would have on the host operating system itself. In general, virtual machines are sandboxed from the rest of the system, meaning that the software inside a virtual machine can’t escape or tamper with the underlying server itself. Each virtual machine provides its own virtual hardware including CPUs, memory, hard drives, network interfaces and other devices.

Answer 231

Apply role-based access control (RBAC) polices on non-Azure servers. Azure Arc can extend Azure RBAC controls to non-Azure resources. Selected Protect Amazon EC2 instances with Microsoft Defender for Cloud. Azure Arc can extend the features and monitoring of Microsoft Defender for Cloud to non-Azure resources. Enable running Azure serverless services (e.g., Azure Functions) in containerized form on on-premises servers. Azure Arc can run some Azure serverless services on local/on-premises servers.

Answer 232

Access Decisions Once the signal condition of a policy is met, an access decision is applied such as grant, block, or grant with restrictions (requires MFA/managed device). Signals Signals are the conditions that must be met to trigger a Conditional Access policy. They include the affected users/groups, applications being signed into, locations, and more.

Answer 233

Use Azure AD Connect in your on-premises environment to synchronize on-premises and Azure AD accounts. Azure AD Connect in an on-premises environment is capable of synchronizing on-premises and Azure AD accounts, so users can be signed in and be managed in both locations without having to maintain 2 separate Active Directory environments.

Answer 234

Reliability Reliability describes the ability to continue business operations in the case of an outage or disaster.

Answer 235

Azure Cloud Shell via the Azure portal Cloud Shell contains both the Azure CLI and PowerShell environments. You can run Azure PowerShell scripts in Azure Cloud Shell using the PowerShell environment. Azure PowerShell PowerShell can, unsurprisingly, run PowerShell scripts.

Answer 236

Configure an Azure VM with Windows Server, and operate as an Active Directory domain controller. Configure the application to authenticate with your VM-hosted AD server. This is referred to as self-managed AD, where you are in charge of configuring and maintaining a Windows Server acting as a domain controller. Selected Continue using your on-premises AD server, and synchronize the server with Azure AD over Azure AD Connect. Configure the application to authenticate with your on-premises AD server. One option is to simply continue hosting an on-premises AD server, if you are not removing all existing on-premises infrastructure.

Answer 237

Premium block blobs Premium block blobs provide fast performance for block blob storage types (e.g., blob objects).

Answer 238

Azure portal CORRECT ( Azure portal ) - Azure portal is a web application that is accessible on all modern desktop, tablet devices, and browsers. As long as your device can run a modern web browser, you can generally use the Azure Portal. Azure Cloud Shell CORRECT ( Azure Cloud Shell ) - Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell. At this time, there is no native PowerShell Core distribution for Google OS, and the current version of the CLI cannot be installed on Google OS.

Answer 239

Office 365 Office 365 is considered as SaaS due to the level of provider responsibility. Azure Active Directory Azure Active Directory is considered as SaaS due to the level of provider responsibility.

Answer 240

Collect and analyze telemetry data from your Azure resource to make sure everything is running as it should be Azure Monitor is responsible for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments to ensure proper operation and alert you to problems when they occur.

Answer 241

Knowing what your application will cost with real-time tracking of rescource usage as well as knowing that your application will perform consistently regardless of customer load.

AZ-900 Flashcards

(265 cards)