az900 Flashcards
(42 cards)
You want your virtual machines to survive a data center failure. Which one of these options will meet the requirement?
Use Availability Sets
Deploy VM in Two or more Availability Zones
None of the above
Deploy VM in Two or more Availability Zones
Explanation
The best approach to survive a data center failure is to deploy your VMs to multiple AZs.
You do not want to allow creation of an Azure Cosmos DB instances in specific resource groups. Which of these options would you recommend?
Resource Group Lock
Request Azure Customer service
Configure a Azure Policy
Configure a Azure Policy
Explanation
Azure Policy helps you create, assign, and manage policies. You can automatically ensure that resources stay compliant with defined standards and SLAs.
You are concerned about encryption and security of documents and emails created by your team. You want a flexible service to protect and encrypt document and emails. Which of these services would you recommend?
Azure Security center
Azure Information Protection
Azure Storage account
Azure Information Protection
Explanation
Azure Information Protection helps you classify and protect your documents and emails. You can add labels indicating what kind of protection/encryption you want. It uses Azure Rights Management (Azure RMS) - Integrates with Office 365, Azure Active Directory etc.
You have several virtual machines running on-premises with Windows 10. You are planning to map a shared network drive for sharing configuration between all these virtual machines. Which of these Azure services would you recommend?
Virtual Machine Data Disk
Azure Blob Containers
Azure Files
Azure Files
Explanation
Azure Files: Managed File Shares. Connect from multiple devices concurrently.
You are running a web application on an Azure VM. You want to ensure that the application is accessible from internet by opening up access to ports 80 and 443 on the VM. Which of these would you need to configure?
Network Security Groups
Subnet
VPN
Network Security Groups
Explanation
Network Security Groups allow you to configure multiple inbound and outbound security rules. You can allow or block traffic based on source/destination IP address, protocol and port. You can restrict traffic between resources such as virtual machines and subnets.
TRUE or FALSE: All virtual machines in a Virtual Network can communicate with other machines inside the same Virtual Network irrespective of the subnets they are in.
TRUE
FALSE
True
Explanation
Resources in the same VNet can communicate using private IP addresses even if they are in different subnets
TRUE or FALSE: You have created a Virtual Network with two subnets - WebSubnet for deploying your VMs, DbSubnet for deploying your databases. By default, all VMs in WebSubnet can access databases created in DbSubnet.
TRUE
FALSE
TRUE
Explanation
Resources in the same VNet can communicate using private IP addresses even if they are in different subnets
__________ ensures business continuity by keeping business apps and workloads running during outages. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there.
Azure Site Recovery
Azure Backup
Azure High Availability
Azure Fault Tolerance
Azure Site Recovery
TRUE or FALSE: A resource can have multiple locks like Read Lock and Delete Lock.
True
False
True
Explanation
Resource Locks prevent accidental deletion/modification of resources. You can have multiple locks on a resource.
What is the name of the local windows tool that syncs local active directory to Azure active directory?
Azure AD Connect
explain how many availability zones is a subscription mapped to in 1 region, plus how many ms between availability zones, how many buildings per az and how many regions in world aproximately and how many regions in usa,
Azure Regions A region consists of multiple datacenters located within a specific area, chosen for low-latency connections and linked through a specialized network. All Azure resources are created within an Azure region and subscription. Some regions may have default access restrictions.
3 availability zones in one az region. Each subscription is mapped to 3 availability zones but they are not the exact same availability zones as another subscription. Each availability zone is basically a separate building with own power, cooling, network etc. but is within the one region. Then there is multiple regions in USA and around world that are paired for updates etc.
52+ 6 coming regions world wide
9 USA specific regions
Think of resource groups of things that have a common _________
Life cycle.
network, servers, storage etc all belong to one resource group during it’s “life cycle”
Proving who you are vs what you have access to is _____ vs _____
authentication vs authorization
RBAC is ____
Policy is _____
Budget is ______
RBAC is who I am
Policy is what I can do
Budget is how much I can spend
What are the two permissions that I can set with a resource lock
CanNotDelete
ReadOnly
Application Insights, VM insights, Container insights and Log Analytics are features of:
Azure Monitor
Application Insights, VM insights, Container insights and Log Analytics are features of Azure Monitor.
Logic apps, functions, and service fabric are all examples of what model of compute within Azure?
SaaS Model
Serverless Model
IaaS Model
App Services Model
Serverless Model
Explanation
The serverless model of compute removes all responsibility to selecting or even managing the server and makes Azure responsible for running your code including scaling
See: https://azure.microsoft.com/en-us/solutions/serverless/
What is the name of the group of services inside Azure that hosts the Apache Hadoop big data analysis tools?
HDInsight
Explanation
HDInsight is a collection of open-source Apache Hadoop tools
See: https://azure.microsoft.com/en-us/services/hdinsight/
——Fake answers——
Azure Data Factory
Azure Hadoop Services
Azure Kubernetes Services
True or False: Azure is a public cloud, and has no private cloud offerings
False
Explanation
Some aspects of Azure are not open to the public and require a private agreement with Microsoft such as Azure Government and DoD services
True or false: Formal support is not included in private preview mode.
True
Explanation
True. Preview features are not fully ready and this phase does not include formal support.
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy?
Use an account that has Contributor or above permissions to the resource group
The only way is to remove the policy, create the resource and add the policy back
Subscription Owners (Administrators) can create resources regardless of what the policy restricts
The only way is to remove the policy, create the resource and add the policy back
Explanation
You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task.
Which Azure feature is specifically designed to help companies get their in-house developed code from the code repository, through automated unit testing, and onto Azure using a service called Pipelines?
GitHub
Virtual Machines
Azure DevOps
Azure Monitor
Azure DevOps
Explanation
Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to build an automation that moves code (and all related dependencies) through various stages from the development environment into deployment.
a virtual network cannot span regions or subscriptions - True or False
Can it span Availability zones 1-3?
True
yes, it definitely can span az 1-3
Virtual networks cannot span regions or subscriptions
what are 3 non routable ip address ranges
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
See: https://azure.microsoft.com/en-us/pricing/details/storage/blobs/
See: https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview
