deck1 Flashcards

Question

Which of the following are required in order to create an Azure Virtual Machine

Answer 1

A name for the VM A virtual network

Answer 2

Centralized management and monitoring Regular updates and patches Adheres to industry-standard compliance frameworks

Answer 3

Management of the cloud

Answer 4

The ability to accurately forecast future costs.

Answer 5

Azure Functions

Answer 6

5 Petabytes

Answer 7

To allow guest users from external organizations to access your organization's resources.

Answer 8

A physical grouping of servers within an Azure data center.

Answer 9

Scaling out

Answer 10

To unify data governance and compliance across various data sources

Answer 11

Planned downtime

Answer 12

Management in the cloud

Answer 13

Table Storage

Answer 14

Azure Disks

Answer 15

App Service Plan

Answer 16

Availability zones

Answer 17

Device type

Answer 18

You must include an additional service such as Load Balancing or Application Gateway

Answer 19

Create a second storage account and do data partitioning

Answer 20

It is potentially cheaper to run your own computing than using the cloud

Answer 21

To deliver virtualized Windows desktops to users

Answer 22

Management group

Answer 23

Virtual Network

Answer 24

Denying access to resources to a specific individual

Answer 25

Virtual Machine Scale Sets

Answer 26

SAML SAML (Security Assertion Markup Language) is the correct protocol primarily used by Microsoft Entra ID for single sign-on (SSO). SAML enables secure authentication and authorization between identity providers and service providers.

Answer 27

Yes, but only by the owner of the subscription

Answer 28

No Erklärung Correct. In Azure, a resource can only be associated with a single resource group. This design choice ensures that resources are organized efficiently and consistently within the Azure environment.

Answer 29

Azure App Service Erklärung Azure App Service is the most suitable option for hosting web applications like the one described in the question. It supports multiple programming languages, including Python, and provides a fully managed platform for building, deploying, and scaling web apps without managing the underlying infrastructure.

Answer 30

Yes Erklärung Yes, creating an Azure App Service and Azure SQL databases aligns with the requirement of using Platform as a Service (PaaS) solutions in Azure. Azure App Service is a fully managed platform for building, deploying, and scaling web apps, while Azure SQL databases provide a fully managed relational database service. Both of these services fall under the category of PaaS offerings in Azure, making this solution suitable for the migration of on-prem resources to the cloud.

Answer 31

Richtige Antwort Hybrid Erklärung Hybrid cloud combines the benefits of both private and public cloud models, allowing organizations to leverage the scalability and cost-effectiveness of public cloud services while maintaining sensitive data and critical workloads on-premises or in a private cloud environment. This hybrid approach provides flexibility, security, and compliance for industries like banking, finance, government, and healthcare that require a balance between security and agility.

Answer 32

Hardware or software failures within Azure Erklärung Hardware or software failures within Azure can significantly impact the availability of Azure services and are covered under the SLA commitments. These failures can lead to service interruptions or outages, affecting the availability guarantees provided by Microsoft. Richtige Auswahl Natural disasters Erklärung Natural disasters such as earthquakes, floods, or severe weather events can disrupt Azure data centers and infrastructure, leading to service outages and impacting availability. While natural disasters are rare, they are considered a factor that can affect the availability of Azure services under the SLA. Planned maintenance activities Erklärung Planned maintenance activities are a factor that can affect the availability of an Azure service under the SLA. During planned maintenance, Azure services may experience downtime or reduced performance, impacting the availability guarantees outlined in the SLA.

Answer 33

Yes Erklärung Yes, deploying the virtual machines to two or more Availability Zones in Azure would meet the goal of ensuring availability in case a single data center fails. Availability Zones are physically separate data centers within an Azure region, each with its own power, cooling, and networking. By distributing the virtual machines across multiple Availability Zones, you can achieve higher availability and resilience to failures.

Answer 34

When you need additional Virtual Machines / compute to speed up your application Erklärung Scaling out by adding additional Virtual Machines or compute resources is the correct choice when you need to increase the capacity of your deployment to handle higher traffic or workload. This approach helps speed up your application by distributing the workload across multiple instances.

Answer 35

No Erklärung This choice is correct because an internet connection is not a strict requirement for using cloud computing. While many cloud services and resources are accessed over the internet, there are scenarios where cloud computing can be utilized in offline or restricted network environments, making an internet connection not necessary for all cloud computing use cases.

Answer 36

Location Erklärung The location of resources in Azure can impact costs due to differences in pricing based on regions and data transfer costs between regions. Choosing a specific location for your resources can affect the overall cost of running services in Azure. Richtige Auswahl Instance size Erklärung The instance size of virtual machines or other resources in Azure directly affects costs. Larger instance sizes typically come with higher costs, so selecting the appropriate instance size based on your workload requirements is crucial for cost optimization in Azure.

Answer 37

Azure Scale Sets Erklärung Azure Scale Sets allow you to create and manage a group of load balanced VMs, providing high availability and application resiliency by distributing VMs across availability zones. They also enable your application to automatically scale as resource demand changes, making them the correct choice for the given requirements.

Answer 38

Single-Sign-On (SSO) Erklärung Single-Sign-On (SSO) is a service that allows users to access multiple applications with one set of login credentials. It can automatically sign users in when they are on their corporate devices and connected to the corporate network, providing a seamless user experience.

Answer 39

Azure Sentinel is a cloud-native security information and event management (SIEM) service that provides intelligent security analytics for threat detection and response. It is not related to automatically signing users in when they are on their corporate devices and connected to the corporate network.

Answer 40

IaaS IaaS provides the most flexibility to replicate an on-premises environment in the cloud. The enterprise can migrate its servers and applications with minimal changes to the underlying infrastructure.

Answer 41

No Erklärung The architect advising against deploying mission critical services or applications to services in Azure Public preview is correct. It is important to prioritize stability, reliability, and support when deploying critical workloads. Waiting for services to be generally available ensures a more mature and tested environment, reducing the risk of potential issues or changes impacting the performance of mission critical applications.

Answer 42

configuring the SaaS solution Erklärung Configuring the SaaS solution is the correct responsibility of the consumer when implementing a Software as a Service (SaaS) solution. This includes setting up redundancy, failover mechanisms, and load balancing to achieve high availability.

Answer 43

Yes Erklärung Yes, one of the definitions of the Hybrid cloud model is indeed to use multiple Public Clouds in conjunction with a Private Cloud. This approach allows organizations to leverage the benefits of both public and private cloud environments, enabling them to optimize performance, security, and cost-effectiveness based on their specific needs and workloads.

Answer 44

Azure Cosmos DB Erklärung Azure Cosmos DB is the correct choice as it meets all the specified requirements. It can handle unstructured data such as documents, graphs, and key-value pairs. It automatically indexes all data regardless of the data model. Additionally, it offers multi-region writes and data distribution to any Azure region, making it a suitable choice for the given requirements.

Answer 45

Azure Monitor Erklärung Azure Monitor is the recommended solution for collecting, analyzing, and potentially taking action based on metric and logging data from the entire Azure and on-premises environment. It provides a comprehensive monitoring and analytics solution for resources in Azure and on-premises environments, allowing you to gain insights, detect issues, and take proactive actions based on the data collected.

Answer 46

PaaS Erklärung Platform as a Service (PaaS) is the best cloud service model for a small development team building a proof-of-concept for a new mobile application. PaaS offers a flexible environment where developers can focus on building and deploying applications without worrying about managing the underlying infrastructure. It allows for rapid experimentation with different technologies and frameworks.

Answer 47

Subscriptions Erklärung Subscriptions in Azure provide a way to group and manage resources, billing, and access control. By using subscriptions, you can set permissions and access controls at the subscription level to restrict access to certain Azure resources based on departmental requirements within your organization.

Answer 48

Serverless Computing Erklärung Serverless Computing allows developers to focus on writing code without worrying about managing servers or infrastructure. It automatically scales based on demand, making it an ideal choice for handling sudden spikes in viewership during live telecasts of football matches.

Answer 49

True Erklärung True. Resources in Azure do not automatically inherit the tags applied to a resource group or subscription. Tags must be explicitly applied to each individual resource to ensure consistent tagging across all resources within a resource group or subscription.

Answer 50

Azure Functions Erklärung Azure Functions is a serverless compute service that allows you to run event-triggered code without having to explicitly provision or manage infrastructure. It is designed to help you write less code, maintain less infrastructure, and save on costs by only paying for the resources used during execution.

Answer 51

IaaS IaaS (Infrastructure as a Service) provides the highest level of flexibility and control, allowing the startup to customize their infrastructure to meet their specific needs. They can scale resources up or down as required, and have full control over the operating system, applications, and data.

Answer 52

Azure Files Erklärung Azure Files offers fully managed file shares in the cloud that can be accessed via the SMB or NFS protocols. It is designed to provide a simple way to create file shares in Azure that can be used to replace or supplement traditional on-premises file servers or NAS devices, making it the correct choice for this scenario

Answer 53

Unlimited data storage Erklärung Unlimited data storage is not a benefit of using Microsoft Entra ID. While Microsoft Entra ID provides centralized identity management, simplified access to applications, and enhanced security features, it does not offer unlimited data storage as a feature.

Answer 54

Azure Service Health Erklärung Azure Service Health provides a personalized view of the health of Azure services, regions, and resources that you rely on. It offers proactive notifications and guidance when Azure service issues affect you.

Answer 55

Azure Cost Management and Billing Erklärung Azure Cost Management and Billing is the correct choice as it provides recommendations to optimize your cloud spending based on your usage patterns. It offers cost analysis, budgeting tools, and cost optimization recommendations to help you manage and optimize your Azure spending effectively.

Answer 56

PaaS Erklärung PaaS (Platform as a Service) would be the most suitable cloud service model for the medium-sized business in this scenario. PaaS offers customization options for developing, testing, and deploying applications without the need to manage the underlying infrastructure. This helps minimize IT overhead while still allowing for customization of the CRM system.

Answer 57

A service that provides dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters. Erklärung Azure ExpressRoute is a service that offers dedicated, private network connectivity between your on-premises infrastructure and Azure datacenters. This allows for a more secure and reliable connection compared to using the public internet.

Answer 58

Yes, it is possible for the admin to do so Erklärung Yes, it is possible for the admin to modify an Azure resource that has a delete lock applied to it. Delete locks prevent accidental deletion of a resource, but they do not restrict modifications by administrators who have the necessary permissions.

Answer 59

Reducing the amount of data transferred between Azure regions Erklärung Reducing the amount of data transferred between Azure regions can help lower costs as data transfer fees can add up quickly. By optimizing your data transfer patterns and minimizing unnecessary data movement, you can effectively reduce your Azure costs.

Answer 60

Platform as a Service (PaaS) Erklärung Platform as a Service (PaaS) would be the most suitable option for your use case. PaaS provides a platform and environment for developers to build, deploy, and manage applications without the complexity of infrastructure management. This would allow you to focus on developing and running your app without worrying about the underlying infrastructure.

Answer 61

Applications can be quickly provisioned and deprovisioned. Erklärung Applications can be quickly provisioned and deprovisioned in the Public Cloud, allowing organizations to rapidly deploy and remove resources as needed. This agility and flexibility are essential for adapting to changing business requirements. No capital expenditure to scale up Erklärung One of the key benefits of the Public Cloud is that it eliminates the need for capital expenditure to scale up. Users can easily adjust their resources based on demand without the upfront costs associated with traditional IT infrastructure. Metered pricing Erklärung Metered pricing is a characteristic of the Public Cloud, where users are charged based on their actual usage of resources. This pay-as-you-go model allows for cost-effective scalability and flexibility.

Answer 62

False An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Answer 63

Yes Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.

Answer 64

Azure IoT Hubs Azure Data Lake Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub. Several messaging patterns are supported, including device-to-cloud telemetry, uploading files from devices, and request-reply methods to control your devices from the cloud. IoT Hub also supports monitoring to help you track device creation, device connections, and device failures. IoT Hub scales to millions of simultaneously connected devices and millions of events per second to support your IoT workloads. For more information about scaling your IoT Hub, see IoT Hub scaling. To learn more about the tiers of service offered by IoT Hub, check out the pricing page. IoT Hub can further route messages to Azure Data Lake Storage.

Answer 65

Azure Monitor If you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Answer 66

No, Azure HDInsight is a PaaS offering. Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and more—using Azure HDInsight, a customizable, enterprise-grade service for open-source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open-source project ecosystem with the global scale of Azure. Easily migrate your big data workloads and processing to the cloud.

Answer 67

Azure Kubernetes Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying cloud-native apps, with built-in code-to-cloud pipelines and guardrails. Get unified management and governance for on-premises, edge, and multicloud Kubernetes clusters. Interoperate with Azure security, identity, cost management, and migration services.

Answer 68

Availability Zones Availability Zones are a high-availability offering from Microsoft Azure that provide a fault-tolerant architecture for applications. Availability Zones are physically separate data centers within an Azure region, each with their own power, cooling, and networking infrastructure. By deploying virtual machines and other resources across multiple Availability Zones, you can ensure that your application remains available even in the event of a data center outage or other disruption. Availability Zones provide redundancy and isolation, which helps protect your application from both planned and unplanned downtime. Other options - Availability Sets are a feature of Microsoft Azure that help ensure that virtual machines are distributed across multiple fault domains and update domains within a single data center or region. This helps protect against hardware failures and other disruptions by ensuring that virtual machines are not all located in the same physical rack or power source. However, Availability Sets do not provide any inherent protection against data center-wide outages, which can occur due to issues such as network outages, power failures, or natural disasters. In such cases, all virtual machines in the affected data center or region may become unavailable Scale Sets is not necessarily the best choice for ensuring availability during planned maintenance events because it only provides horizontal scalability by adding or removing virtual machines based on demand, but does not inherently provide any availability benefits beyond what is provided by the underlying infrastructure. Scale Sets are a feature of Microsoft Azure that provide automatic scaling of a set of virtual machines based on demand. This helps ensure that the application can handle varying levels of traffic and usage, but does not necessarily provide inherent resiliency against planned maintenance events or other types of disruptions. Azure Container Registry is a managed private Docker registry service that enables you to store and manage container images in Azure. While it provides benefits such as secure storage, authentication, and geo-replication of container images, it is not directly related to ensuring availability during planned maintenance events.

Answer 69

Load Balancer Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers. Why use Azure Load Balancer? With Azure Load Balancer, you can scale your applications and create highly available services. Load balancer supports both inbound and outbound scenarios. Load balancer provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

Answer 70

A Resource group must be in the same region as its resources The option "Resource group must be in the same region as its resources" is NOT a valid constraint for Resource Groups. While it's recommended that resources in a resource group be located in the same region for optimal performance, it's not a strict requirement. Resources in a resource group can span different regions, and this can be useful for achieving high availability and disaster recovery scenarios, as well as for optimizing data access for users in different geographic locations.

Answer 71

To estimate the cost of provisioning resources in Azure To estimate the cost of provisioning resources in Azure - This is the correct answer because the Azure Pricing Calculator is specifically designed to help users estimate the cost of provisioning resources in Azure. To compare the costs of running on-premises and Azure Cloud infrastructure - This option is incorrect because this function is performed by the Total Cost of Ownership (TCO) Calculator, not the Pricing Calculator. To provision resources in Azure - This option is incorrect because the Pricing Calculator does not provision resources; it only provides cost estimates for resources. To provision resources, you would use the Azure Portal or other management tools. To manage the billing of your Azure account - This option is incorrect because the Pricing Calculator does not manage billing. It only provides cost estimates for resources. To manage billing, you would use the Azure Cost Management and Billing tools.

Answer 72

No Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure as servers, storage, and networking, but also middleware, development tools, business intelligence (BI) services, database management systems, and more. Azure SQL Databases are PaaS, that's fine. BUT: Azure Load Balancers are IaaS not PaaS!

Answer 73

No An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. Please Note : Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory.

Answer 74

By geography The cost of network traffic in Azure is affected by geography. Data transfer costs can vary depending on the zones, which are geographical groupings of Azure regions for billing purposes. The cost of moving data within a region or between regions can differ, impacting the overall cost of network traffic. Other options - By the number of users: While the number of users may affect the overall amount of network traffic, the cost is not directly determined by the number of users. Instead, it is determined by the amount of data transferred and the geographical zones involved. By resource type: The cost of network traffic is related to the amount of data transferred and the zones involved, not the specific Azure resources being used. While the type of resources may have an impact on the amount of data transferred, the cost of network traffic itself is not directly influenced by the resource type. By the type of subscription: The type of subscription may affect the overall cost of Azure services, including usage allowances, but it doesn't directly determine the cost of network traffic. Network traffic costs are determined by the amount of data transferred and the geographical zones involved.

Answer 75

Access to more than 25 products that are always free Access to a number of Azure products free for 12 months Credit to spend within the first 30 days of sign-up Access to a number of Azure products free for 12 months - This is correct because an Azure free trial subscription provides access to several Azure products for free during the first 12 months. Credit to spend within the first 30 days of sign-up - This is correct as the Azure free trial subscription offers credit to spend within the first 30 days after sign-up, which allows users to explore and use various Azure services during that period. Unlimited access to all Azure services - This is incorrect because the Azure free trial subscription does not provide unlimited access to all Azure services. It offers a limited set of free services, usage allowances, and credits to spend within a specified timeframe. Access to more than 25 products that are always free - This is correct because, in addition to the free services available during the trial period, the Azure free trial subscription provides access to more than 25 products that are always free, based on resource and region availability. These products can be used without any additional costs even after the trial period is over.

Answer 76

Azure Monitor You can use Azure Monitor to set up alerts for key events that are related to your specific resources.

Answer 77

Deine Auswahl ist richtig. Power costs Deine Auswahl ist richtig. Current infrastructure configuration Richtige Auswahl IT labor costs Current infrastructure configuration - Correct, the TCO calculator allows you to input your current infrastructure configuration, including servers, databases, storage, and outbound network traffic. Power costs - Correct, the TCO calculator lets you add assumptions about power costs in your current environment to estimate the cost difference between on-premises and Azure. IT labor costs - Correct, the TCO calculator allows you to include assumptions about IT labor costs to help estimate the cost difference between your current environment and Azure. Subscription type - Incorrect, the TCO calculator focuses on comparing on-premises infrastructure costs with Azure Cloud infrastructure costs. Subscription type is not part of the input for the TCO calculator.

Answer 78

No Composite SLAs involve multiple services supporting an application, each with differing levels of availability. For example, consider an App Service web app that writes to Azure SQL Database. At the time of this writing, these Azure services have the following SLAs: App Service web apps = 99.95% SQL Database = 99.99% What is the maximum downtime you would expect for this application? If either service fails, the whole application fails. The probability of each service failing is independent, so the composite SLA for this application is 99.95% × 99.99% = 99.94%. That's LOWER than the individual SLAs, which isn't surprising because an application that relies on multiple services has more potential failure points. You can improve the composite SLA by creating independent fallback paths. For example, if SQL Database is unavailable, put transactions into a queue to be processed later.

Answer 79

Richtige Auswahl Azure File Storage Deine Auswahl ist richtig. Azure Blob Storage Azure Queue Storage Richtige Auswahl Azure Table Storage Gesamterklärung The Azure services that can be used to store unstructured data are: Azure Blob Storage, Azure Table Storage and Azure File Storage. Azure Table Storage can also be used to store unstructured data in Azure. Azure Table Storage is a NoSQL key-value store that can be used to store structured and semi-structured data, as well as unstructured data such as large text and binary data. Azure Table Storage allows you to store large amounts of data in a flexible schema that can evolve over time, making it a good choice for storing unstructured data that does not fit well into a fixed schema. Azure File Storage can also be used to store unstructured data in Azure. Azure File Storage is a fully managed file share service that can be used to store and share unstructured data, such as documents, media files, and logs. Azure File Storage provides the standard SMB (Server Message Block) file share protocol, which allows you to easily mount file shares from multiple VMs in the same region or across regions. This makes it a good choice for scenarios where you need to share unstructured data between multiple VMs or applications. Azure Blob Storage is a massively scalable object storage service that allows you to store and access large amounts of unstructured data, such as text and binary data, images, and videos. It's commonly used for data storage, backup and recovery, and data archiving. Incorrect - Azure Queue Storage, on the other hand, is not suitable for storing unstructured data. It is designed for reliably queuing and processing messages between different components of a distributed application, rather than for storing large amounts of unstructured data.

Answer 80

Azure Network Watcher The correct answer is Azure Network Watcher. Azure Network Watcher is a monitoring and diagnostic service that provides tools to diagnose network issues in Azure. It includes a VPN diagnostics tool that can be used to diagnose connectivity issues with VPN gateways, including Site-to-Site VPN (IPsec) gateways. The tool can help identify configuration issues, routing issues, and other common problems that can cause connectivity issues. Other Options: Azure Traffic Manager: This is a global DNS load balancer that can be used to distribute incoming traffic across multiple Azure regions. It is not designed for diagnosing network connectivity issues. Azure Application Gateway: This is a web traffic load balancer that can be used to manage and route HTTP and HTTPS traffic. It is not designed for diagnosing network connectivity issues. Azure ExpressRoute: This is a dedicated, private connection between an on-premises datacenter and Azure. It is not used for Site-to-Site VPN (IPsec) connections, and is not designed for diagnosing connectivity issues with VPN gateways.

Answer 81

Richtige Antwort Azure Network Security Group Azure Advanced Threat Protection (ATP) Deine Antwort ist falsch. Azure Firewall Azure DDoS Protection Gesamterklärung You can use Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. This article describes properties of a network security group rule, the default security rules that are applied, and the rule properties that you can modify to create an augmented security rule.

Answer 82

It provides read access to replicated data in the secondary region. It offers the highest level of durability compared to other options. Deine Antwort ist falsch. It guarantees data replication to a secondary region. Richtige Antwort It allows data to be accessible even if a zone becomes unavailable. For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure Storage data synchronously across three Azure availability zones in the primary region. ZRS offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a given year. With ZRS, your data is still accessible for both read and write operations even if a zone becomes unavailable.

Answer 83

Azure DevTest Labs Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms. Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim preconfigured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.

Answer 84

ExpressRoute Deine Antwort ist falsch. Point-to-Site (VPN over SSL) VNet-to-VNet (IPsec) Richtige Antwort Site-to-Site (IPsec) Gesamterklärung The correct answer Site-to-Site (IPsec). Site-to-Site (IPsec) VPN connection type is used to connect two or more virtual networks that are in different regions, data centers, or even different cloud providers. It allows you to connect an on-premises network or a branch office network to an Azure virtual network, or to connect two Azure virtual networks that are in different regions. Site-to-Site VPN connections use a VPN gateway to provide a secure connection over the Internet. IPsec is the protocol used to secure the VPN connection. Other options: VNet-to-VNet (IPsec): This is not the best choice for this scenario because it is designed to connect two virtual networks within the same region. It creates an IPsec tunnel between the two virtual networks, allowing resources to communicate securely and privately over the Microsoft backbone network. Since the two virtual networks in this scenario are in different regions, VNet-to-VNet (IPsec) would not be the most efficient or cost-effective option. Point-to-Site (VPN over SSL): This is used to connect individual devices to an Azure virtual network over a VPN connection. It is not suitable for connecting virtual networks in different regions. ExpressRoute: This is a private connection between an on-premises infrastructure and an Azure data center. It provides dedicated, high-speed connectivity between your network and Azure, but it is not suitable for connecting virtual networks in different regions.

Answer 85

define a blueprint in Azure Blueprint to implement this change Richtige Antwort open an online customer support request at no charge. Deine Antwort ist falsch. Upgrade your support plan create an Azure policy defining this increase but it will be charged. Gesamterklärung If you want to raise the limit or quota above the default limit, you can open an online customer support request at no charge.

Answer 86

No The BASIC Support plan is associated with all accounts but a STANDARD plan needs to be purchased and costs $100/month.

Answer 87

Richtige Antwort Azure Queue Storage Azure Data Box Azure File Sync Deine Antwort ist falsch. Azure Asynchronous Communicator Gesamterklärung From the official Azure documentation: You can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices. A single queue message can be up to 64 KB in size, and a queue can contain millions of messages, up to the total capacity limit of a storage account. Queue storage is often used to create a backlog of work to process asynchronously.

Answer 88

Yes Virtual Machines are resources and can be moved to a new region. For VMs, replica VMs are created in the target region. The source VM is shut down, and some downtime occurs (usually minutes).

Answer 89

Initiatives Gesamterklärung From the official Azure docs: An initiative definition is a collection of policy definitions that are tailored towards achieving a singular overarching goal. Initiative definitions simplify managing and assigning policy definitions. They simplify by grouping a set of policies as one single item. For example, you could create an initiative titled Enable Monitoring in Azure Security Center, with a goal to monitor all the available security recommendations in your Azure Security Center.

Answer 90

Threats targeting Azure services like Azure App Service, Azure SQL, and Azure Storage Account. Physical security breaches within datacenters. Gesamterklärung Defender for Cloud helps detect threats targeting various Azure services, such as Azure App Service, Azure SQL, and Azure Storage Account - these are PaaS services anyway. It provides monitoring and protection for these services to enhance their security.

Answer 91

Richtige Antwort DDoS protection A network security group (NSG) Deine Antwort ist falsch. Azure Information Protection Azure Policies Gesamterklärung From the Official Azure Documentation: Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Azure DDoS Protection enables you to protect your Azure resources from denial of service (DoS) attacks with always-on monitoring and automatic network attack mitigation. There is no upfront commitment, and your total cost scales with your cloud deployment.

Answer 92

Azure Active Directory Domain Services Gesamterklärung From the Official Azure Documentation: Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud. An Azure AD DS managed domain lets you run legacy applications in the cloud that can't use modern authentication methods, or where you don't want directory lookups to always go back to an on-premises AD DS environment. You can lift and shift those legacy applications from your on-premises environment into a managed domain, without needing to manage the AD DS environment in the cloud. Azure AD DS integrates with your existing Azure AD tenant. This integration lets users sign in to services and applications connected to the managed domain using their existing credentials. You can also use existing groups and user accounts to secure access to resources. These features provide a smoother lift-and-shift of on-premises resources to Azure.

Answer 93

Azure Virtual Dedicated Host Richtige Antwort Azure Dedicated Host Deine Antwort ist falsch. Azure Virtual Machines Azure Bare Metal Gesamterklärung Azure Dedicated Host is the correct answer. Azure Dedicated Host is an Azure service that offers a dedicated physical server to host your virtual machines. With Azure Dedicated Host, you can control the underlying host infrastructure and manage host maintenance operations such as updates and reboots. You can also select the number of cores, amount of memory, and types of storage devices that best suit your workloads. Other options - Azure Virtual Machines: This is a cloud-based infrastructure as a service (IaaS) offering that provides virtual machines for running applications and services. However, Azure Virtual Machines do not offer dedicated physical servers. Azure Virtual Dedicated Host: This is not a valid Azure service. Azure Bare Metal: This is a term that generally refers to a physical server or machine without a hypervisor layer. While Azure provides access to virtual machines with a range of hardware specifications, Azure Bare Metal is not a specific service that provides dedicated physical servers.

Answer 94

Richtige Antwort Azure HDInsight Azure Cognitive Services Deine Antwort ist falsch. Azure Data Lake Analytics Azure Cosmos DB Gesamterklärung VERY IMPORTANT! From the Official Azure docs: We can easily run popular open source frameworks—including Apache Hadoop, Spark, and Kafka—using Azure HDInsight, a cost-effective, enterprise-grade service for open source analytics. Effortlessly process massive amounts of data and get all the benefits of the broad open source ecosystem with the global scale of Azure.

Answer 95

By automatically suspending resources when they reach a certain cost threshold Richtige Antwort By preserving the relationship between blueprint definition and blueprint assignment By sending email notifications when a deployment reaches a certain milestone Deine Antwort ist falsch. By providing real-time monitoring of resource usage Gesamterklärung Azure Blueprints helps in monitoring deployments by preserving the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed). This connection allows you to track and audit your deployments effectively. Other options: Azure Blueprints doesn't provide real-time monitoring of resource usage. It focuses on standardizing and automating environment deployments based on predefined configurations. Automatically suspending resources when they reach a certain cost threshold is not a function of Azure Blueprints. It is more related to cost management features like budgets and cost alerts. Sending email notifications when a deployment reaches a certain milestone is not a feature specific to Azure Blueprints. This could be achieved through other Azure services or custom monitoring solutions.

Answer 96

Static scaling Deine Antwort ist falsch. Vertical scaling Downscaling Richtige Antwort Horizontal scaling Gesamterklärung From the official docs: Horizontal scaling With horizontal scaling, if you suddenly experienced a steep jump in demand, your deployed resources could be scaled out (either automatically or manually). For example, you could add additional virtual machines or containers, scaling out. In the same manner, if there was a significant drop in demand, deployed resources could be scaled in (either automatically or manually), scaling in. Vertical scaling With vertical scaling, if you were developing an app and you needed more processing power, you could vertically scale up to add more CPUs or RAM to the virtual machine. Conversely, if you realized you had over-specified the needs, you could vertically scale down by lowering the CPU or RAM specifications.

Answer 97

No Tricky question! PowerAutomate is not the same as PowerShell. PowerAutomate moreover isn't a part of Azure! It falls under the Microsoft umbrella of offerings, just like PowerApps. Hence, this statement is definitely False. You can use the Azure portal to provision Virtual Machines, or even the CLI.

Answer 98

Deine Auswahl ist richtig. Resource groups Richtige Auswahl Role assignments Deine Auswahl ist richtig. Policy assignments Deine Auswahl ist richtig. Azure Resource Manager templates Gesamterklärung All the options are correct. From the official docs: Azure Blueprints deploy a new environment based on all of the requirements, settings, and configurations of the associated artifacts. Artifacts can include things such as: Role assignments Policy assignments Azure Resource Manager templates Resource groups

Answer 99

No Gesamterklärung No, it is false that ExpressRoute connections go over the public Internet. However, they do offer more reliability, faster speeds, and lower latencies than typical Internet connections. From the Official Azure Documentation: All incoming data into Azure using ExpressRoute is free of charge (as with any other inbound data transfer to Azure).

Answer 100

Deine Auswahl ist richtig. Azure Portal Richtige Auswahl Azure Cloudshell Richtige Auswahl Azure CLI Richtige Auswahl Azure Powershell Gesamterklärung All of the above can be used to manage Azure resources on a MacOS based system! Azure Portal - Available for all Operating Systems Azure CLI - Available for MacOS, Windows and Linux Azure Powershell - Available to install on MacOS, Windows, Linux, Docker, and Arm (Subset of Azure Cloudshell) Azure Cloudshell - Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Answer 101

Department spending quota alerts Cost analysis Deine Antwort ist falsch. Cost alerts Richtige Antwort Budgets Gesamterklärung Budgets is the correct answer. Budgets in Azure Cost Management allow you to set a spending limit for Azure based on a subscription, resource group, service type, or other criteria. You can also set a budget alert, which will notify you when the budget reaches the defined alert level. Other options - Cost analysis: Incorrect because cost analysis is used to explore and analyze your organizational costs in different ways, such as by billing cycle, region, or resource. It helps you understand spending trends but does not provide notifications for reaching a certain threshold. Cost alerts: Incorrect because cost alerts are the notifications you receive when a certain threshold is reached, but they are not the feature you use to set up the alert in the first place. You need to set a budget and configure a budget alert to receive cost alerts. Department spending quota alerts: Incorrect because department spending quota alerts are specific to organizations with Enterprise Agreements (EAs) and are used to notify when department spending reaches a fixed threshold of the quota. This alert type is not related to general Azure spending thresholds.

Answer 102

Azure Tags Deine Antwort ist falsch. Azure Arc Richtige Antwort Azure Resource Manager Azure Templates Gesamterklärung From the official documentation: Azure provides native support for IaC via the Azure Resource Manager model. Teams can define declarative ARM templates that specify the infrastructure required to deploy solutions. Third-party platforms like Terraform, Ansible, Chef, and Pulumi also support IaC to manage automated infrastructure.

Answer 103

Storage Machines Deine Antwort ist falsch. Estimate Richtige Antwort Products Gesamterklärung The Products tab allows us to choose certain services, and configure a solution. We then get an estimated cost for deploying our solution.

Answer 104

Deine Antwort ist falsch. Azure Logic Apps Richtige Antwort Azure Machine Learning Studio Azure App Service Azure Batch Gesamterklärung From the official docs: Azure Machine Learning Studio is an enterprise-grade service for the end-to-end machine learning lifecycle. It empower data scientists and developers to build, deploy, and manage high-quality models faster and with confidence. It accelerates time to value with industry-leading machine learning operations (MLOps), open-source interoperability, and integrated tools. Innovate on a secure, trusted platform designed for responsible AI applications in machine learning.

Answer 105

Deine Antwort ist falsch. Locally redundant storage (LRS) Geo-zone-redundant storage (GZRS) Richtige Antwort Zone Redundant Storage (ZRS) Planet-redundant storage (PRS) Gesamterklärung From the Official Azure Documentation: Data in an Azure Storage account is always replicated three times in the primary region. Azure Storage offers two options for how your data is replicated in the primary region: Locally redundant storage (LRS) copies your data synchronously three times within a single physical location in the primary region. LRS is the least expensive replication option, but isn't recommended for applications requiring high availability or durability. Zone-redundant storage (ZRS) copies your data synchronously across three Azure availability zones in the primary region. For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region. Geo-zone-redundant storage (GZRS) combines the high availability provided by redundancy across availability zones with protection from regional outages provided by geo-replication. Data in a GZRS storage account is copied across three Azure availability zones in the primary region and is also replicated to a secondary geographic region for protection from regional disasters.

Answer 106

Deine Auswahl ist richtig. Credit alerts Deine Auswahl ist richtig. Budget alerts Richtige Auswahl Department spending quota alerts Deine Auswahl ist falsch. Resource usage alerts Gesamterklärung Budget alerts: Correct. Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the alert condition of the budget. Credit alerts: Correct. Credit alerts notify you when your Azure credit monetary commitments are consumed. Monetary commitments are for organizations with Enterprise Agreements (EAs). Department spending quota alerts: Correct. Department spending quota alerts notify you when department spending reaches a fixed threshold of the quota. Spending quotas are configured in the EA portal. Other options - Resource usage alerts: Incorrect. Resource usage alerts are not part of the Cost Management service. Cost Management focuses on costs, budgets, and spending alerts.

Answer 107

Deine Antwort ist falsch. Azure File Explorer Richtige Antwort Azure File Sync Azure File Manager Azure File Storage Gesamterklärung From the Official Azure Documentation: Azure File Sync enables centralizing your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of a Windows file server. While some users may opt to keep a full copy of their data locally, Azure File Sync additionally has the ability to transform Windows Server into a quick cache of your Azure file share. You can use any protocol that's available on Windows Server to access your data locally, including SMB, NFS, and FTPS. You can have as many caches as you need across the world.

Answer 108

Azure DNS Richtige Antwort Azure Arc Deine Antwort ist falsch. Azure Bridge Azure Sentinel Gesamterklärung From the Official Azure Documentation: Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments. Develop cloud-native applications with a consistent development, operations, and security model. Azure Arc runs on both new and existing hardware, virtualization and Kubernetes platforms, IoT devices, and integrated systems. Today, companies struggle to control and govern increasingly complex environments that extend across data centers, multiple clouds, and edge. Each environment and cloud possesses its own set of management tools, and new DevOps and ITOps operational models can be hard to implement across resources. Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Answer 109

A single firewall at the network perimeter. Deine Antwort ist falsch. The physical locks on server room doors. Richtige Antwort A dedicated intrusion detection system (IDS). A strong password policy for user accounts. Gesamterklärung From the official documentation: "At Microsoft Azure, our security approach focuses on defense in depth, with layers of protection built throughout all phases of design, development, and deployment of our platforms and technologies. We also focus on transparency, making sure customers are aware of how we’re constantly working to learn and improve our offerings to help mitigate the cyberthreats of today and prepare for the cyberthreats of tomorrow." The defence in depth model is all about multiple layers - so always choose the option that best matches this. A dedicated intrusion detection system (IDS) is an example of a security layer in the defense-in-depth model. It monitors network traffic for suspicious activity and helps detect and respond to potential breaches.

Answer 110

Deine Antwort ist falsch. Azure Advisor Azure Defender Azure Policy Richtige Antwort Azure Firewall Manager Gesamterklärung The correct answer is Azure Firewall Manager. Azure Firewall Manager is not a tool for vulnerability management within the Azure Security Center. Instead, Azure Firewall Manager is a centralized security management service that provides a single pane of glass to manage multiple Azure Firewall instances and virtual networks across different regions and subscriptions. It allows you to configure and deploy Azure Firewall instances, create and apply security policies, and view security alerts and reports. Other options - Azure Defender: This is a unified security management service that provides advanced threat protection across your hybrid cloud workloads, including virtual machines, containers, and Azure services. It includes a variety of security tools, such as vulnerability assessment, security alerts, and security recommendations. Azure Advisor: This is a service within the Azure Security Center that provides personalized recommendations to optimize your Azure resources for performance, high availability, security, and cost. It includes recommendations related to security vulnerabilities, such as enabling Network Security Groups (NSGs) and applying endpoint protection. Azure Policy: This is a service that helps you enforce compliance with your corporate standards and regulatory requirements by applying policies to your Azure resources. It includes built-in policies to help identify and remediate security vulnerabilities, such as requiring encryption for storage accounts and enforcing secure communication protocols.

Answer 111

No Gesamterklärung No, a Network Security Group (NSG) DOES NOT encrypt traffic. From the Official Azure Documentation: You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. You may read more about encryption here

Answer 112

Azure Log Analytics Richtige Antwort Azure Event Hubs Deine Antwort ist falsch. Azure Cosmos DB Azure Blueprint Gesamterklärung From the official documentation: Event Hubs is a fully managed, real-time data ingestion service that’s simple, trusted and scalable. Stream millions of events per second from any source to build dynamic data pipelines and immediately respond to business challenges. Keep processing data during emergencies using the geo-disaster recovery and geo-replication features. Integrate seamlessly with other Azure services to unlock valuable insights. Allow existing Apache Kafka clients and applications to talk to Event Hubs without any code changes – you get a managed Kafka experience without having to manage your own clusters. Experience real-time data ingestion and microbatching on the same stream.

Answer 113

Sentinel Deine Antwort ist falsch. External User Management Richtige Antwort External Identities External Profiles Gesamterklärung From the Official Azure Documentation: External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. Building on B2B collaboration, External Identities gives you more ways to interact and connect with users outside your organization.

Answer 114

Richtige Antwort Encrypt the data both at rest and in transit. Encrypt the data in transit. Encrypt the data at rest. Deine Antwort ist falsch. Don't store sensitive data at all. To help protect data in the cloud, you need to account for the possible states in which your data can occur, and what controls are available for that state. Best practices for Azure data security and encryption relate to the following data states: 1) At rest: This includes all information storage objects, containers, and types that exist statically on physical media, whether magnetic or optical disk. 2) In transit: When data is being transferred between components, locations, or programs, it’s in transit. Examples are transfer over the network, across a service bus (from on-premises to cloud and vice-versa, including hybrid connections such as ExpressRoute), or during an input/output process.

Answer 115

Deine Antwort ist falsch. AzMigrate Richtige Antwort AzCopy AzMove AzReplicate Gesamterklärung From the Official Azure Documentation: AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account. Example of a command - azcopy make 'https://mystorageaccount.file.core.windows.net/myfileshare? sv=2018-03-28&ss=bjqt&srs=sco&sp=rjklhjup&se=2019-05-10T04:37:48Z&st=2019-05- 09T20:37:48Z&spr=https&sig=%2FSOVEFfsKDqRry4bk3qz1vAQFwY5DDzp2%2B%2F3Eykf%2FJLs%3D'

Answer 116

Autonomy Deine Antwort ist falsch. Monolithic architecture Redundancy Richtige Antwort Multi-Tenancy Gesamterklärung The concept of sharing resources among multiple users or tenants, allowing for cost savings and increased efficiency, is known as "multi-tenancy". Other options - Redundancy: It refers to the duplication of critical system components to ensure continued operation in case of a failure. While redundancy is an important attribute of many cloud systems, it is not specifically related to the concept of sharing resources among multiple users. Autonomy: It refers to the ability of a system or organization to operate independently, with minimal external control or interference. While autonomy can be an important attribute of cloud systems, it is not specifically related to the concept of multi-tenancy. Monolithic architecture: It architecture refers to a software architecture pattern in which all components of an application are tightly integrated and deployed as a single unit. While monolithic architecture can be used in cloud systems, it is not specifically related to the concept of multi-tenancy, which involves the sharing of resources among multiple users or tenants.

Answer 117

Richtige Antwort Load balancing the incoming traffic Load balancing is done to increase the overall availability of the application not to optimise costs.

Answer 118

It eliminates the need to install and configure command-line interfaces on your local machine is correct because Azure Cloud Shell provides a browser-based command-line interface that allows you to manage your Azure resources without having to install and configure command-line interfaces on your local machine. This makes it easier and more convenient to manage your Azure resources from any device and location. Other options: It provides faster access to Azure resources is incorrect because the speed of access to Azure resources is not determined by the management tool used, but rather by factors such as network latency and the size and complexity of the resources being accessed. It offers more advanced features than other Azure management tools is incorrect because Azure Cloud Shell provides the same set of features as other Azure management tools, such as Azure CLI and Azure PowerShell, and does not offer any advanced features that are not available in other tools. It allows for easier integration with third-party tools and services is incorrect because the integration of Azure Cloud Shell with third-party tools and services is not any easier or more seamless than the integration of other Azure management tools.

Answer 119

Rehydrate it

Answer 120

To provide a direct and secure connection to Azure services. A public endpoint in Azure allows resources to be accessed over the public internet. It's used to expose services to clients or users who are not within the same network as the resource. Public endpoints are commonly used for services that need to be accessed from anywhere, such as web applications.

Answer 121

Yes Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation. All resources in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to manage your outbound connections. To learn more about outbound connections in Azure, see Outbound connections, Public IP addresses, and Load Balancer.

Answer 122

Centralized billing and cost management for all resources Azure Arc is a hybrid management service that allows you to manage your servers, Kubernetes clusters, and applications across on-premises, multi-cloud, and edge environments. Some of the benefits of using Azure Arc include consistent management of resources across hybrid environments, improved security and compliance for resources, and increased visibility and control over resources. Centralized billing and cost management for all resources: Thus is not a benefit of using Azure Arc. While Azure provides centralized billing and cost management for resources in the cloud, Azure Arc is focused on managing resources across hybrid environments and does not provide billing or cost management features. Other options - Consistent management of resources across hybrid environments: This is a key benefit of using Azure Arc. With Azure Arc, you can apply policies, monitor and manage resources, and automate tasks across all of your environments, including on-premises, multi-cloud, and edge environments. Improved security and compliance for resources: This is another benefit of using Azure Arc. Azure Arc allows you to apply security and compliance policies to resources across all of your environments, providing consistent protection against threats and helping you maintain regulatory compliance. Increased visibility and control over resources: This is also a benefit of using Azure Arc. With Azure Arc, you can gain a unified view of all your resources across hybrid environments, and apply policies, automate tasks, and monitor resources from a single location. This provides greater control and visibility over your entire IT estate.

Answer 123

Azure Site Recovery Azure Site Recovery (ASR) is a service offered by Azure that enables replication of virtual machines from on-premises environments to Azure or between Azure regions with little or no downtime. This allows for the migration of virtual machines to Azure without any disruption to business operations. After replication to Azure, the virtual machines can be launched and used as if they were in the on-premises environment.

Answer 124

SAML SAML (Security Assertion Markup Language) is the protocol used for federated authentication in Azure AD. Federated authentication is a mechanism that allows users to use their existing credentials from a trusted identity provider (IdP) to authenticate with another application or service. In the context of Azure AD, federated authentication allows users to use their existing corporate credentials to authenticate with cloud-based applications and services. Azure AD supports several federated authentication protocols, including Security Assertion Markup Language (SAML), OAuth 2.0, and OpenID Connect. SAML is widely used for federated authentication in enterprise environments, while OAuth 2.0 and OpenID Connect are commonly used in web and mobile applications.

Answer 125

Azure Pricing Calculator You can use the Azure Pricing Calculator to calculate your estimated hourly or monthly costs for using Azure. Azure TCO on the other hand is primarily used to estimate the cost savings you can realize by migrating your workloads to Azure.

Answer 126

Protection Control: Microsoft provides customers with the ability to control their personal data and how it is used. Transparency: Microsoft is transparent about the collection, use, and sharing of personal data. Security: Microsoft takes strong measures to protect personal data from unauthorized access, disclosure, alteration, and destruction. Strong legal protections: Microsoft complies with applicable laws and regulations, including data protection and privacy laws. No content-based targeting: Microsoft does not use personal data to target advertising to customers based on the content of their communications or files. Benefits to the customer: Microsoft uses personal data to provide customers with valuable products and services that improve their productivity and overall experience. Protection is NOT one of the principles.

Answer 127

No No, PowerApps is not a part of Azure!

Answer 128

alert rule Alerts help you detect and address issues before users notice them by proactively notifying you when Azure Monitor data indicates that there may be a problem with your infrastructure or application. You can alert on any metric or log data source in the Azure Monitor data platform. An alert rule monitors your telemetry and captures a signal that indicates that something is happening on a specified target. The alert rule captures the signal and checks to see if the signal meets the criteria of the condition. If the conditions are met, an alert is triggered, which initiates the associated action group and updates the state of the alert.

Answer 129

Infrastructure that is recreated rather than modified in place. Immutable infrastructure refers to the practice of recreating infrastructure components whenever changes are needed rather than modifying them in place. This approach aligns with IaC principles, enhancing consistency and reducing configuration drift.

Answer 130

Declarative Declarative Infrastructure as Code involves writing a definition that defines how you want your environment to look. In this definition, you specify a desired outcome rather than how you want it to be accomplished. The tooling figures out how to make the outcome happen by inspecting your current state, comparing it to your target state, and then applying the differences.

Answer 131

Yes When you define your management group hierarchy, first create the root management group. Then move all existing subscriptions in the directory into the root management group. New subscriptions always go into the root management group initially. Later, you can move them to another management group. What happens when you move a subscription to an existing management group? The subscription inherits the policies and role assignments from the management group hierarchy above it. Establish many subscriptions for your Azure workloads. Then create other subscriptions to contain Azure services that other subscriptions share. Do you expect your Azure environment to grow? Then create management groups for production and nonproduction now, and apply appropriate policies and access controls at the management group level. As you add new subscriptions to each management group, those subscriptions inherit the appropriate controls.

Answer 132

Azure Queue Storage zure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.

Answer 133

HIPAA/HITECH The correct answer is HIPAA/HITECH. HIPAA stands for the Health Insurance Portability and Accountability Act, which is a US law that regulates the handling of sensitive medical information. HITECH stands for the Health Information Technology for Economic and Clinical Health Act, which expands on HIPAA's privacy and security rules. Azure has undergone third-party audits and achieved compliance with the HIPAA/HITECH standards, making it suitable for use in the healthcare industry.

Answer 134

Public Public endpoint for a managed instance enables data access to your managed instance from outside the virtual network. You are able to access your managed instance from multi-tenant Azure services like Power BI, Azure App Service, or an on-premises network. By using the public endpoint on a managed instance, you do not need to use a VPN, which can help avoid VPN throughput issues.

Answer 135

NTLM Azure AD does support SAML, OAuth 2.0, and OpenID Connect authentication protocols. However, NTLM is not supported by Azure AD. NTLM is a legacy authentication protocol that is not recommended for modern authentication scenarios due to its security limitations. Azure AD recommends using modern authentication protocols such as SAML, OAuth 2.0, and OpenID Connect, which provide stronger security and support features such as multi-factor authentication and conditional access.

Answer 136

It is free of cost Bandwidth refers to data moving in and out of Azure data centres, as well as data moving between Azure data centres; other transfers are explicitly covered by the Content Delivery Network, ExpressRoute pricing or Peering.

Answer 137

Platform as a Service (PaaS) Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services.

Answer 138

All of these

Answer 139

Azure Resource Manager templates Azure Resource Manager Templates is correct since templates are idempotent (Same), which means you can deploy the same template many times and get the same resource types in the same state.

Answer 140

No Even though Subscriptions can be moved to another management group, they cannot be merged into 1 single subscription.

Answer 141

Microsoft Defender for Cloud Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises: Defender for Cloud secure score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts. Defender for Cloud recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks. Defender for Cloud alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.

Answer 142

Service Trust Portal The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.

Answer 143

Azure Policy The correct option is Azure Policy. Azure Policy is the service that allows you to enforce organizational standards and compliance across all your resources in Azure. With Azure Policy, you can create policies that enforce specific configurations and settings for resources, including virtual machines, at the time of deployment or during their lifecycle. In this scenario, you can create a policy that enforces the installation of specific antivirus software on all virtual machines, ensuring that all resources in your environment are compliant with your organization's security requirements. Azure Advisor provides recommendations to optimize your resources, Azure Security Center helps to identify and remediate potential security threats, and Azure Monitor provides insights into the performance and health of your applications and resources. While these services are useful for monitoring and optimizing your environment, they do not enforce specific policies or configurations on your resources.

Answer 144

Azure Functions Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running. You focus on the pieces of code that matter most to you, and Azure Functions handles the rest. Azure Functions provides "compute on-demand" in two significant ways. First, Azure Functions allows you to implement your system's logic into readily available blocks of code. These code blocks are called "functions". Different functions can run anytime you need to respond to critical events. Second, as requests increase, Azure Functions meets the demand with as many resources and function instances as necessary - but only while needed. As requests fall, any extra resources and application instances drop off automatically.

Answer 145

Defense in Depth

Answer 146

Archive Tier

Answer 147

Modules One of the goals of using code to deploy infrastructure is to avoid duplicating work or creating multiple templates for the same or similar purposes. Infrastructure modules should be reusable and flexible and should have a clear purpose. Modules are independent files, typically containing set of resources meant to be deployed together. Modules allow you to break complex templates into smaller, more manageable sets of code. You can ensure that each module focuses on a specific task and that all modules are reusable for multiple deployments and workloads.

Answer 148

Imperative Imperative Infrastructure as Code involves writing scripts in languages like Bash or PowerShell. You explicitly state commands that are executed to produce a desired outcome. When you use imperative deployments, it's up to you to manage the sequence of dependencies, error control, and resource updates.

Answer 149

A bridge that extends the Azure platform to help you build apps with the flexibility to run across datacenters Azure Arc is a service from Microsoft that allows organizations to manage and govern their on-premises servers, Kubernetes clusters, and applications using Azure management tools and services. With Azure Arc, customers can use Azure services such as Azure Policy, Azure Security Center, and Azure Monitor to manage their resources across on-premises, multi-cloud, and edge environments. Azure Arc also enables customers to deploy and manage Azure services on-premises or on other clouds using the same tools and APIs as they use in Azure. From the official documentation: Azure Arc is a bridge that extends the Azure platform to help you build applications and services with the flexibility to run across datacenters, at the edge, and in multicloud environments.

Answer 150

Azure Migrate provides all the Azure migration tools and guidance you need to plan and implement your move to the cloud—and track your progress using a central dashboard that provides intelligent insights. Multiple scenarios Use a comprehensive approach to migrating your application and datacenter estate. Get support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops. Migrate to destinations including Azure Virtual Machines, Azure VMware Solution, Azure App Service, and Azure SQL Database. Migrations are holistic across VMware, Hyper-V, physical server, and cloud-to-cloud migration.

Answer 151

No Public clouds are the most common type of cloud computing deployment. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the internet. With a public cloud, all hardware, software, and other supporting infrastructure are owned and managed by the cloud provider. Microsoft Azure is an example of a public cloud. In a public cloud, you share the same hardware, storage, and network devices with other organisations or cloud “tenants,” and you access services and manage your account using a web browser. Public cloud deployments are frequently used to provide web-based email, online office applications, storage, and testing and development environments

Answer 152

False Azure Availability Zones are unique physical locations within an Azure region and offer high availability to protect your applications and data from datacentre failures. Each zone is made up of one or more datacentres equipped with independent power, cooling, and networking.

Answer 153

Premium P1 edition

Answer 154

Agent-based discovery The keyword here is 'physical' servers. The correct answer is 'Agent-Based Discovery'. Agent-based discovery is the correct choice for discovering and assessing physical servers. This method requires the installation of agents on the physical servers, which then collect and report data back to Azure Migrate for assessment.

Answer 155

Edge The correct answer is "Edge". The full list of Azure Data Box devices is: Data Box, Data Box Disk, Data Box Heavy, Data Box Edge.

Answer 156

Tools for visualizing data flow and understanding its origins and dependencies Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview provides tools for visualizing data lineage, allowing organizations to track the flow of data, understand its origins, and analyze its dependencies. This helps in performing impact analysis and ensuring data quality.

Answer 157

Azure Sentinel The correct answer is Azure Sentinel. Azure Firewall can integrate with Azure Sentinel to provide threat intelligence and advanced security analytics. Azure Sentinel is a cloud-native security information and event management (SIEM) solution that provides intelligent security analytics and threat intelligence across the enterprise. By integrating Azure Firewall with Azure Sentinel, customers can gain visibility and control over network traffic, detect threats, and respond quickly to security incidents.

Answer 158

Management Group --> Subscription --> Resource Group Azure provides four levels of scope: management groups, subscriptions, resource groups, and resources. The following image shows an example of these layers. Though not labeled as such, the blue cubes are resources. You apply management settings at any of these levels of scope. The level you select determines how widely the setting is applied. Lower levels inherit settings from higher levels. For example, when you apply a policy to the subscription, the policy is applied to all resource groups and resources in your subscription. When you apply a policy on the resource group, that policy is applied to the resource group and all its resources. However, another resource group doesn't have that policy assignment. You can deploy templates to management groups, subscriptions, or resource groups.

Answer 159

Azure AD and RBAC provide complementary functionality for managing access to Azure resources. Azure AD and RBAC are both related to identity and access management (IAM) in Azure, but they serve different purposes. Azure AD provides identity management services, including user authentication and authorization for cloud-based applications and services, while RBAC is used to manage access to specific Azure resources. RBAC provides a way to assign permissions to specific roles rather than individual users, which makes it easier to manage access control in large environments. Azure AD provides a central location for managing user identities and their access to various applications and resources, including Azure resources. Therefore, Azure AD and RBAC are complementary solutions that work together to provide a comprehensive IAM solution for Azure users.

Answer 160

Subscription Azure Locks can be set at the subscription level to prevent users from modifying or deleting a resource group or its resources. When an Azure Lock is applied to a resource or resource group, it prevents all users and roles from making any changes to the resource or deleting it.

Answer 161

Azure AzCopy AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.

Answer 162

Managing user identities for a cloud-based application. Azure Active Directory (AAD) is a cloud-based identity and access management service that is used to manage user identities and their access to various cloud-based applications and services, including those hosted in Azure. AAD provides a centralized location for managing user accounts, passwords, and access to applications. In contrast, Role-Based Access Control (RBAC) is used to manage access control for specific Azure resources, including virtual machines, storage accounts, and other Azure services. RBAC provides a way to assign permissions to specific roles rather than individual users, making it easier to manage access control in large environments.

Answer 163

RBAC allows you to assign permissions to specific roles rather than individual users.

Answer 164

Spot Pricing

Answer 165

security posture The objective of defense in depth is to protect information and prevent it from being stolen by those who aren't authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data. Your security posture is your organization's ability to protect from and respond to security threats. The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA. Confidentiality The principle of least privilege means restricting access to information only to individuals explicitly granted access, at only the level that they need to perform their work. This information includes protection of user passwords, email content, and access levels to applications and underlying infrastructure. Integrity Prevent unauthorized changes to information: At rest: when it's stored. In transit: when it's being transferred from one place to another, including from a local computer to the cloud. A common approach used in data transmission is for the sender to create a unique fingerprint of the data by using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit. Availability Ensure that services are functioning and can be accessed only by authorized users. Denial-of-service attacks are designed to degrade the availability of a system, affecting its users.

Answer 166

The Size of the Virtual Machine (VM) The Region the Virtual Machine is located in

Answer 167

Geographic distribution One of the major benefits of cloud computing is the ability to quickly and easily deploy applications or systems across multiple regions or locations. This is often referred to as geographic distribution, and it allows organizations to better serve customers in different regions by providing faster response times and reduced latency. For example, imagine a company that has customers in both North America and Europe. By using a cloud provider's infrastructure, the company can deploy its application in data centers located in both regions, allowing customers to access the application with minimal latency. Additionally, if one data center experiences an outage or other issue, the application can fail over to another data center, ensuring that customers are still able to access the application without interruption. This is an example of the fault tolerance aspect of cloud computing. Scalability is incorrect because scalability refers to the ability to increase or decrease resources as needed to meet changing demands, but it does not necessarily enable rapid deployment across multiple locations. Fault tolerance is incorrect because fault tolerance refers to the ability of a system to continue operating in the event of a hardware or software failure. While fault tolerance is important for ensuring system availability, it does not necessarily enable rapid deployment across multiple locations. Elasticity is incorrect because elasticity refers to the ability to automatically adjust resources in response to changing demand. While elasticity is related to scalability, it does not necessarily enable rapid deployment across multiple locations. Geographic distribution is the correct answer because it refers to the ability to deploy applications or systems across multiple regions or locations, which can help improve performance, reduce latency, and provide redundancy in case of a disaster or outage.

Answer 168

Azure Storage Explorer Azure Storage Explorer is a free tool to conveniently manage your Azure cloud storage resources from your desktop. You can easily use it to do the following - Upload, download and manage Azure Storage blobs, files, queues and tables, as well as Azure Data Lake Storage entities and Azure Managed Disks. Configure storage permissions and access controls, tiers and rules.

Answer 169

Azure Queue Storage ou can use Azure Queue Storage to build flexible applications and separate functions for better durability across large workloads. When you design applications for scale, application components can be decoupled, so that they can scale independently. Queue storage gives you asynchronous message queueing for communication between application components, whether they are running in the cloud, on the desktop, on-premises, or on mobile devices You can also use Queue Storage to rightsize your service deployment. Applications absorb unexpected traffic bursts, which prevents servers from being overwhelmed by a sudden flood of requests. Monitor queue length to add elasticity to your application, and deploy or hibernate additional worker nodes based on customer demand

Answer 170

Azure Data Box Gateway Azure Data Box Gateway is a storage solution that enables you to seamlessly send data to Azure. This article provides you an overview of the Azure Data Box Gateway solution, benefits, key capabilities, and the scenarios where you can deploy this device. Data Box Gateway is a virtual device based on a virtual machine provisioned in your virtualized environment or hypervisor. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files. Use cases: Data Box Gateway can be leveraged for transferring data to the cloud such as cloud archival, disaster recovery, or if there is a need to process your data at cloud scale. Here are the various scenarios where Data Box Gateway can be used for data transfer. Cloud archival - Copy hundreds of TBs of data to Azure storage using Data Box Gateway in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios. Continuous data ingestion - Continuously ingest data into the device to copy to the cloud, regardless of the data size. As the data is written to the gateway device, the device uploads the data to Azure Storage. Initial bulk transfer followed by incremental transfer - Use Data Box for the bulk transfer in an offline mode (initial seed) and Data Box Gateway for incremental transfers (ongoing feed) over the network.

Answer 171

Cool The keyword here is 'cost-effective'. When your data is stored in an online access tier (either Hot or Cool), users can access it immediately. The Hot tier is the best choice for data that is in active use, while the Cool tier is ideal for data that is accessed less frequently, but that still must be available for reading and writing. Example usage scenarios for the Hot tier include: Data that's in active use or is expected to be read from and written to frequently. Data that's staged for processing and eventual migration to the Cool access tier. Usage scenarios for the Cool access tier include: Short-term data backup and disaster recovery. Older data sets that aren't used frequently, but are expected to be available for immediate access. Large data sets that need to be stored in a cost-effective way while additional data is being gathered for processing.

Answer 172

Azure Policy Azure Policy helps to enforce organizational standards and to assess compliance at-scale. Through its compliance dashboard, it provides an aggregated view to evaluate the overall state of the environment, with the ability to drill down to the per-resource, per-policy granularity. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources. Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started. All Azure Policy data and objects are encrypted at rest. For more information, see Azure data encryption at rest.

Answer 173

Azure Active Directory B2C

Answer 174

Tamper-resistant storage Data-at-rest encryption Azure Data Box offers several security features to protect data during the transfer process, including data-at-rest encryption and tamper-resistant storage. Data-at-rest encryption ensures that data is encrypted while it is being stored on the Data Box device. Tamper-resistant storage is designed to help protect against unauthorized access or tampering during the transit. Other Options: Firewall protection is not a security feature of Azure Data Box devices during the transfer process. Firewalls are typically used to protect networks from external threats. Multi-factor authentication is not a security feature of Azure Data Box devices during the transfer process. Multi-factor authentication is typically used to authenticate users to access systems and applications.

Answer 175

Azure Pricing Calculator

Answer 176

Customizable user experiences for sign-up and sign-in processes. Azure AD B2C allows you to provide custom user experiences during sign-up and sign-in processes for your applications. This enhances customer engagement and satisfaction by delivering a branded and consistent identity experience.

Answer 177

Azure Migrate - Server Assessment and Azure Migrate - Server Migration Azure Migrate - Server Assessment helps you to evaluate the migration readiness of your on-premises servers, identify any potential issues, and provide recommendations. Azure Migrate - Server Migration is designed to migrate your on-premises virtual machines or physical servers to Azure with minimal downtime. These two features work together to ensure a smooth migration of interconnected servers, as they address both the pre-migration assessment and the actual migration process. Other options: Azure Migrate - App Service and Azure Migrate Web App Migration - These are geared towards migrating web applications to Azure App Service and not for migrating interconnected servers. Azure Migrate - Database Assessment and Azure Migrate Database Migration - These focus on the assessment and migration of on-premises databases to Azure. They are not intended for migrating interconnected servers. Azure Migrate - Data Box and Azure Migrate Data Factory - These are used for transferring large amounts of data to Azure and for data integration, respectively. They do not address the migration of interconnected servers.

Answer 178

Capital Expense

Answer 179

Azure Service Health If you want to keep tabs on Azure itself, especially the services and regions you depend on, you want to choose Azure Service Health. You can view the current status of the Azure services you rely on, upcoming planned outages, and services that will be sunset. You can set up alerts that help you stay on top of incidents and upcoming downtime without having to visit the dashboard regularly. However, if you want to keep track of the performance or issues related to your specific VM or container instances, databases, your applications, and so on, you want to visit Azure Monitor and create reports and notifications to help you understand how your services are performing or diagnose issues related to your Azure usage.

Answer 180

False This statement is false. Private endpoints provide secure access to Azure resources, but they do so without using the public internet. Private endpoints allow resources to be accessed privately through the Azure backbone network, enhancing security by avoiding exposure to the public internet.

Answer 181

Azure Table Storage Azure Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. Because Table storage is schemaless, it's easy to adapt your data as the needs of your application evolve. Access to Table storage data is fast and cost-effective for many types of applications, and is typically lower in cost than traditional SQL for similar volumes of data. You can use Table storage to store flexible datasets like user data for web applications, address books, device information, or other types of metadata your service requires. You can store any number of entities in a table, and a storage account may contain any number of tables, up to the capacity limit of the storage account.

Answer 182

The Trust Center

Answer 183

Data-at-rest encryption The correct answer is : Data-at-rest encryption. This is a key security feature of Azure Data Box devices that ensures data is unreadable if intercepted during the shipping process. Data-at-rest encryption ensures that data is encrypted when it is stored on the device, making it impossible for anyone to access the data without the encryption key. This is an important security measure that protects against data theft or loss during the shipping process. Other options: Firewall protection: This is incorrect because it refers to a network security measure that protects against unauthorized access to a network, but it is not directly related to the security of data during the shipping process. Multi-factor authentication: This is also incorrect because it is a security measure that verifies a user's identity using multiple methods, such as a password and a fingerprint or a security token. This is not directly related to the security of data during the shipping process. Data transfer over HTTPS: This is incorrect because it refers to a network protocol that encrypts data during transmission between a web server and a client, but it does not protect data during the shipping process.

Answer 184

No Automatically is the key word in this question that most people miss. Data is not backed up automatically to another Azure Data Center, although it can be backed up depending on the replication option configured for the account. Locally Redundant Storage (LRS) is the default which maintains three copies of the data in the data center. Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.

Answer 185

To manage and provision infrastructure using code. Infrastructure as Code (IaC) is a key DevOps practice that involves the management of infrastructure, such as networks, compute services, databases, storages, and connection topology, in a descriptive model. IaC allows teams to develop and release changes faster and with greater confidence. Infrastructure as Code (IaC) allows you to define and manage infrastructure resources such as virtual machines, networks, and storage using code. This approach enhances consistency, repeatability, and scalability in deploying and managing resources.

Answer 186

Data Ingress Data transfer within the same region Data transfer within same Availability Zone

Answer 187

Microsoft Representative Azure Partner Azure Website

Answer 188

No Azure AD Multi-Factor Authentication is a Microsoft service that provides multifactor authentication capabilities. Azure AD Multi-Factor Authentication enables users to choose an additional form of authentication during sign-in, such as a phone call or mobile app notification. The Azure Active Directory free edition enables Azure AD Multi-Factor Authentication for administrators with the global admin level of access, via the Microsoft Authenticator app, phone call, or SMS code. You can also enforce Azure AD Multi-Factor Authentication for all users via the Microsoft Authenticator app only, by enabling security defaults in your Azure AD tenant.

Answer 189

Azure App Service App Service enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability. App Service supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model. This platform as a service (PaaS) environment allows you to focus on the website and API logic while Azure handles the infrastructure to run and scale your web applications. API apps Much like hosting a website, you can build REST-based web APIs by using your choice of language and framework. You get full Swagger support and the ability to package and publish your API in Azure Marketplace. The produced apps can be consumed from any HTTP or HTTPS based client.

Answer 190

Shutting down Virtual Machines at night

Answer 191

A way to package and deploy a collection of policy definitions as a single entity.

Answer 192

Infrastructure as a Service (IaaS)

Answer 193

Azure Virtual Machine Scale Sets Azure Virtual Machine Scale Sets is Automated virtual machine scaling that helps you cost-effectively simplify the deployment, management, and availability of your applications.

Answer 194

Azure Active Directory (Azure AD)

Answer 195

By monitoring users' device health and security posture Azure AD Identity Protection uses various signals, including device health and security posture, to detect identity-based attacks and suspicious activities. By monitoring these factors, it can assess the risk level of a user's sign-in attempt or activity and take appropriate action, such as requiring additional authentication or blocking access. Note that Azure AD Identity Protection is not a replacement for strong passwords, multi-factor authentication, or other security measures. Instead, it is an additional layer of security that helps to protect against identity-based attacks. By enforcing strong passwords for all users: This is incorrect because enforcing strong passwords is not a specific feature of Azure AD Identity Protection, but rather a general best practice for secure password management. By automatically blocking all sign-in attempts from high-risk IP addresses: This is incorrect because Azure AD Identity Protection does not automatically block sign-in attempts based on IP address, but instead uses a risk-based approach to evaluate sign-in attempts and assess the level of risk. By requiring all users to use multi-factor authentication: This is incorrect because although Azure AD Identity Protection supports multi-factor authentication, it is not the only method used to protect against identity-based attacks.

Answer 196

False You can create one billing report per subscription. If you have multiple departments and need to do a "chargeback" of cloud costs, one possible solution is to organize subscriptions by department or by project. Resource tags can also help.

Answer 197

Azure Policy Azure Policy is the Azure service used to enforce policies for resource consistency and compliance. It allows administrators to create and enforce policies that ensure resources deployed in Azure adhere to specific rules, such as the requirement to have a specific set of tags. Azure Policy can evaluate resources against these policies and, if necessary, take actions to remediate non-compliant resources. In this scenario, Azure Policy can be used to automatically enforce the policy that requires all resources to be deployed with a specific set of tags.

Answer 198

False At the beginning of any cloud governance implementation, you identify a cloud organization structure that meets your business needs. This step often involves forming a cloud center of excellence team (also called a cloud enablement team or a cloud custodian team). This team is empowered to implement governance practices from a centralized location for the entire organization. Teams often start their Azure governance strategy at the subscription level. Subscriptions also have some resource limitations. For example, the maximum number of network Azure ExpressRoute circuits per subscription is 10. Those limits should be considered during your design phase. If you'll need to exceed those limits, you might need to add more subscriptions. If you hit a hard limit maximum, there's no flexibility to increase it. Management groups are also available to assist with managing subscriptions. A management group manages access, policies, and compliance across multiple Azure subscriptions. You'll learn more about management groups later in this module.

Answer 199

Azure Private DNS

Answer 200

Azure Policy

Answer 201

Azure Files

Answer 202

Billing boundary Access control boundary

Answer 203

No A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance. However, as this is an upfront payment, it will be classed as CapEx, not OpEx. Simple way to remember : Upfront payment = Capex, Pay as you go = Opex!

Answer 204

It helps classify and protect sensitive data and ensures compliance policies are followed. Microsoft Purview provides a unified data governance solution to help manage and govern your on-premises, multicloud, and software as a service (SaaS) data. Microsoft Purview helps organizations classify and label data, apply data protection policies, and manage access controls. This ensures that sensitive data is properly protected and that compliance with data regulations is maintained, contributing to data security and compliance efforts.

Answer 205

False Azure Storage offers multiple redundancy options, including locally redundant storage (LRS), zone-redundant storage (ZRS), geo-redundant storage (GRS), and read-access geo-redundant storage (RA-GRS). LRS and ZRS provide redundancy within a datacenter or within a single zone, respectively, and create three copies of the data. GRS and RA-GRS provide additional redundancy across multiple datacenters or regions, respectively, and create six copies of the data (three copies in the primary region and three copies in the secondary region). However, none of these redundancy options provide only two copies of the data by default.

Answer 206

The user's device health and security posture The correct answer is - The user's device health and security posture is one of the factors that Azure AD Identity Protection uses to assess the risk level of a user's sign-in attempt or activity. Azure AD Identity Protection uses machine learning algorithms and various risk factors, such as device health and security posture, to identify potential risks and take appropriate action to protect the user's identity and the organization's resources.

Answer 207

Billing is applied to each subscription separately Trial subscription can be converted to paid Subscription is dependent on a region Billing is applied to each subscription separately - Yes! It is one of the many reasons why people use separate subscriptions. Trial subscription can be converted to paid - Of course. When you sign up for an Azure free account, you get $200 credit. In the first 30 days, any services you use beyond their free amounts will be deducted from that $200 credit. When you’ve used up your $200 credit or 30 days have passed (whichever happens first), you’ll need to upgrade by moving to pay-as-you-go pricing. That way, you can keep getting free amounts of services and purchase services beyond their free amounts as needed. The cost of those services is charged to the payment method you provide. Subscription is dependent on a region - Yes, when you create a subscription in Azure, you need to specify a certain region for that Subscription. Hence, this choice is valid as well. All other options are invalid and don't stand true.

Answer 208

hybrid Since you are using both Azure, as well as on-prem resources ( A combination of both ) -> This is an example of a hybrid cloud!

Answer 209

It provides controlled access to specified resources while maintaining security. Azure AD B2B Collaboration enables organizations to securely collaborate with external partners by granting them controlled access to specific resources. This allows external partners to work on shared projects without compromising security.

Answer 210

Azure Table Storage

Answer 211

Azure Active Directory B2C

Answer 212

Pay For a Year

Answer 213

Additional subscriptions

Answer 214

Private DNS zone To enable private connectivity via a private endpoint, you need to configure a Private DNS zone. This Private DNS zone allows you to resolve the hostname of the private endpoint to its private IP address within your virtual network.

Answer 215

To enable administrators to manage and investigate risk events. The purpose of the Azure AD Identity Protection dashboard is to provide administrators with a centralized view of all risky sign-ins, vulnerabilities, and compromised identities. It allows administrators to investigate and manage risk events by providing detailed information about the users, devices, and applications involved in the event. The dashboard also provides recommendations to improve the security posture of the organization, such as enabling multi-factor authentication for at-risk users. To provide an overview of all users' activity logs: This is incorrect because the Azure AD Identity Protection dashboard focuses on risk events, not activity logs. To allow administrators to manage users' authentication methods: This is incorrect because managing users' authentication methods is a separate function that is not part of the Azure AD Identity Protection dashboard. To show a summary of the risk level of all users: This is incorrect because while the dashboard provides a risk score for each user, its primary purpose is to enable administrators to investigate and manage risk events, not to provide a summary of the risk level of all users.

Answer 216

One-time migration of a large amount of on-premises data Moving a media library from offline tapes to Azure

Answer 217

Disk Storage

Answer 218

Azure CosmosDB

deck1 Flashcards

(256 cards)