Practice Questions - exam-az-900 Flashcards

Question

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure Traffic Manager profile. Does this meet the goal? A. Yes B. No

Answer 1

B. No Traffic Manager is a DNS-based load balancing solution, and modifying it will not ensure a virtual machine is accessible over HTTP. To allow HTTP traffic, you need to configure a Network Security Group (NSG) or Azure Firewall to allow inbound traffic on port 80.

Answer 2

- **Monitor the health of Azure services:** Azure Monitor - **Browse available virtual machine images:** Azure Marketplace - **View security recommendations:** Azure Advisor The correct answer is determined as follows: * **Monitor the health of Azure services: Azure Monitor** - Azure Monitor is the service in Azure specifically designed for collecting, analyzing, and acting on telemetry data to monitor the health and performance of Azure resources and applications. * **Browse available virtual machine images: Azure Marketplace** - The Azure Marketplace is a repository of pre-built solutions, including virtual machine images, offered by Microsoft and third-party vendors. It allows users to find and deploy various software and services. * **View security recommendations: Azure Advisor** - Azure Advisor analyzes your Azure resources and provides recommendations to optimize your Azure deployments for security, high availability, performance, and cost. Security recommendations are a key component of its functionality.

Answer 3

[Image](https://img.examtopics.com/az-900/image504.png)

Answer 4

No, No, Yes **Explanation:** * **Statement 1: You can assign an Azure policy to a virtual machine.** * **Incorrect:** Azure Policies are typically assigned to Management Groups, Subscriptions, or Resource Groups, but not directly to individual resources like VMs. While it might appear possible in some interfaces, the policy is effectively applied at a higher scope. * **Statement 2: If an Azure policy is assigned to a resource group, noncompliant resources are removed from the group.** * **Incorrect:** Azure Policy does not automatically remove non-compliant resources. It flags them and can prevent new non-compliant resources from being created. Remediation is a separate process. * **Statement 3: If an Azure policy is assigned to a resource group, only compliant resources can be deployed to the group.** * **Correct:** Azure Policy can prevent the creation of new resources that violate the policy rules. Thus, when a policy is in place, only compliant resources can be deployed.

Answer 5

Yes No No **Explanation:** * **Statement 1: The Hot access tier is available for blob data that uses standard storage.** This is **TRUE**. The Hot access tier is designed for data that is accessed frequently and is available in standard storage accounts for blob data. * **Statement 2: The Cool access tier is available for file shares in premium storage.** This is **FALSE**. The Cool access tier is intended for blob storage and is not available for file shares in premium storage. Premium storage is designed for high-performance, low-latency workloads and does not use the Hot, Cool, or Archive tiers. * **Statement 3: The Cool access tier can be configured at the storage account level.** This is **FALSE**. The Cool access tier is configured at the blob level. You can set the access tier for individual blobs within a storage account, but you cannot set the Cool access tier at the storage account level as a default for all blobs.

Answer 6

C. Azure Arc Azure Arc allows you to manage your entire environment together by projecting your existing non-Azure and/or on-premises resources into Azure Resource Manager, providing a unified management experience. Options A, B, and D are incorrect because: * Azure Migrate is used for migrating on-premise servers to Azure. * Azure AD Connect is used to synchronize on-premises Active Directory identities to Azure Active Directory. * Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.

Answer 7

Yes No Yes

Answer 8

[Image](https://img.examtopics.com/az-900/image518.png)

Answer 9

Yes Yes Yes DISCUSSION: The consensus, based on the provided documentation links and explanations, is that Azure Arc can indeed manage physical Linux servers, AKS clusters, and even third-party databases hosted outside of Azure. The third statement is true because Azure Arc facilitates the management of databases like PostgreSQL and SQL Server, which can be deployed on-premises or in other clouds.

Answer 10

[Image](https://img.examtopics.com/az-900/image508.png)

Answer 11

* Quickly expand or decrease computer processing, memory, and storage resources to meet changing demands. -> Elasticity * Recover from a natural disaster with minimal downtime. -> Disaster Recovery * Deploy new applications and services quickly. -> Agility **Explanation:** * **Elasticity:** This refers to the ability to dynamically adjust resources based on demand. This aligns with the requirement of quickly expanding or decreasing computer processing, memory, and storage. * **Disaster Recovery:** This directly addresses the need to recover from disasters with minimal downtime. * **Agility:** This describes the ability to rapidly deploy new applications and services.

Answer 12

* **Physical Security:** Badges, Security Guards, Locks * **Identity and Access Management:** Multi-Factor Authentication, Permissions * **Perimeter:** DDoS Protection * **Network:** Segmentation, Firewalls * **Compute:** Antimalware * **Application:** Encryption * **Data:** Encryption

Answer 13

D. Azure Resource Manager (ARM) templates DISCUSSION: The correct answer is D. Azure Resource Manager (ARM) templates allow you to define infrastructure as code, ensuring repeatable and reliable deployments with consistent configurations. A is incorrect because Azure Policy enforces organizational standards and assesses compliance but doesn't deploy resources. B is incorrect because Azure Arc allows you to manage on-premises, multicloud and edge resources. C is incorrect because a resource group is a logical container for Azure resources, but it doesn't define the configuration or deployment process.

Answer 14

* **First statement: Yes.** ExpressRoute uses Border Gateway Protocol (BGP) to exchange routes between your on-premises network, your Azure instances, and Microsoft public addresses. * **Second statement: No.** ExpressRoute connections do not route through the public internet. They provide a private, dedicated connection. * **Third statement: Yes.** A single virtual network can be connected to multiple ExpressRoute circuits. Microsoft recommends having at least two ExpressRoute circuits for redundancy.

Answer 15

A. Command Prompt C. Windows PowerShell DISCUSSION: The correct answers are A and C. The Azure CLI can be run from both the Command Prompt and Windows PowerShell. * **A. Command Prompt:** The Azure CLI is commonly run from the Command Prompt in Windows. * **C. Windows PowerShell:** The Azure CLI can also be effectively used within Windows PowerShell. * **B. Azure Resource Explorer:** This is a tool for visually exploring Azure resources, not for running the CLI. * **D. Windows Defender Firewall:** This is a security component and not a tool for running the CLI. * **E. Network and Sharing Center:** This is for managing network connections and is not related to running the CLI.

Answer 16

A. tags DISCUSSION: The correct answer is A. Tags are used to organize and categorize Azure resources. In this scenario, applying tags to resources based on the office they belong to will allow you to easily filter and generate billing reports for each office. Incorrect Options: B. Templates are used for deploying and managing infrastructure as code, not for billing reports. C. Locks are used to prevent accidental deletion or modification of resources, not for billing. D. Policies enforce organizational standards and compliance, but are not directly used for generating billing reports.

Answer 17

D. an Azure data center failure

Answer 18

[Image](https://img.examtopics.com/az-900/image524.png)

Answer 19

A. A network security group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. NSGs allow you to create rules that specify the ports and protocols that can be used to access your virtual machines. B. Incorrect: Azure Active Directory (Azure AD) roles are used for managing access to Azure resources. C. Incorrect: Azure Active Directory groups are used to manage users and their access to resources. D. Incorrect: Azure Key Vault is used to securely store and manage secrets, keys, and certificates.

Answer 20

B. Azure Monitor DISCUSSION: The question asks about viewing *service failure notifications*. * **Azure Monitor** is the correct answer because it is designed to collect, analyze, and act on telemetry from Azure resources, including VMs. It provides alerts and notifications for service failures and other issues affecting VM availability. * **Azure Service Fabric** is a distributed systems platform used for building scalable and reliable microservices and applications. It's not designed for general service failure notifications. * **Azure Virtual Machines** is the service used to create and manage VMs, but it doesn't provide native monitoring or alerting capabilities for service failures. * **Azure Advisor** provides recommendations to optimize Azure deployments for cost, security, reliability, and performance. It does not provide real-time service failure notifications.

Answer 21

[Image](https://img.examtopics.com/az-900/image528.png)

Answer 22

- No - Yes - No **Explanation:** * **Statement 1: Azure Active Directory (Azure AD) requires domain controllers on virtual machines.** Azure AD is a cloud-based identity and access management service. It doesn't require on-premises domain controllers. Thus, the answer is No. * **Statement 2: Azure Active Directory (Azure AD) is a centralized identity provider.** Azure AD serves as a centralized identity provider, allowing users to access various Azure resources and Microsoft 365 services with a single set of credentials. Thus, the answer is Yes. * **Statement 3: Each user account in Azure Active Directory can be assigned only one Microsoft 365 license.** A user can be assigned multiple Microsoft 365 licenses to grant them access to different services and features. Thus, the answer is No.

Answer 23

ADE DISCUSSION: The question specifies that a PowerShell script needs to be run. Therefore, the environment needs to support PowerShell and have the Azure modules available. * **A:** A Windows 11 computer has PowerShell by default. Installing Azure CLI tools provides the necessary tools to interact with Azure, including running PowerShell scripts (although the Azure PowerShell module is more directly suited for PowerShell scripts). * **D:** Azure Cloud Shell provides a browser-based shell with both Bash and PowerShell environments pre-configured, making it suitable for running PowerShell scripts. * **E:** A Windows 10 computer has PowerShell by default. The Azure PowerShell module provides cmdlets for managing Azure resources directly from PowerShell. **Why other options are incorrect:** * **B:** While Azure CLI can execute PowerShell scripts, it's not the most direct approach. The Azure PowerShell module is specifically designed for PowerShell scripting with Azure on Linux, and the option doesn't confirm PowerShell is installed. * **C:** While PowerShell Core 6.0 can run on macOS, simply having PowerShell installed does not guarantee the presence of the necessary Azure modules to interact with Azure services. The Azure PowerShell modules must be installed separately. Also, newer versions of Powershell are recommended.

Answer 24

[Image](https://img.examtopics.com/az-900/image542.png)

Answer 25

From Most to Least Customer Responsibility: 1. On-premises 2. IaaS (Infrastructure as a Service) 3. PaaS (Platform as a Service) 4. SaaS (Software as a Service) **Explanation:** The question asks to rank the cloud service models from most to least customer responsibility. * **On-premises:** The customer is responsible for everything, from the hardware to the software and data. * **IaaS (Infrastructure as a Service):** The customer manages the operating system, middleware, runtime, data, and applications. The cloud provider manages the servers, storage, and networking. * **PaaS (Platform as a Service):** The customer manages the applications and data. The cloud provider manages the operating system, middleware, runtime, servers, storage, and networking. * **SaaS (Software as a Service):** The customer only manages the data and how they use the software. The cloud provider manages the applications, operating system, middleware, runtime, servers, storage, and networking. Therefore, the correct order from most to least customer responsibility is: On-premises, IaaS, PaaS, SaaS.

Answer 26

D. a Log Analytics workspace

Answer 27

C. maintaining the hardware E. physical security of the datacenter infrastructure DISCUSSION: The question asks for the responsibilities of the *cloud service provider* in an IaaS model. Option C is correct because maintaining the hardware (servers, etc.) is a core responsibility of the provider in IaaS. Option E is correct because physical security of the datacenter is also a core responsibility of the cloud provider. Option A is incorrect because in IaaS, the *configuration* of storage is typically the responsibility of the customer, not the provider. The provider supplies the storage infrastructure. Option B is incorrect because installing and configuring the operating system is generally the responsibility of the customer in an IaaS model. Option D is incorrect because the *customer* usually handles network configuration in IaaS. The provider is responsible for the underlying network infrastructure.

Answer 28

[Image](https://img.examtopics.com/az-900/image540.png)

Answer 29

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0017400002.jpg) DISCUSSION: The Azure portal, accessible via `https://portal.azure.com`, is the central web-based interface for managing all Azure resources. The question asks where you would manage all Azure resources, and the portal is the correct location.

Answer 30

Azure Virtual Desktop

Answer 31

B. No DISCUSSION: The suggested solution involves running a PowerShell script to create Azure resources from a macOS computer with PowerShell Core 6.0 installed. While PowerShell Core is cross-platform, simply having it installed is insufficient. To interact with Azure, the Azure PowerShell module (Az module) must also be installed. The solution does not mention the Azure PowerShell module, therefore it does not meet the goal. Option A is incorrect because PowerShell Core 6.0 alone is not enough to manage Azure resources. The Azure PowerShell module is also required.

Answer 32

C. a content delivery network (CDN) **Explanation:** * **Correct:** A Content Delivery Network (CDN) is designed to efficiently deliver web content, especially large files like videos, to users worldwide. CDNs cache content at strategically located edge servers, minimizing latency and providing a better playback experience for users regardless of their location. * **Incorrect A:** An Application Gateway is used for routing and securing web traffic, but it does not provide content caching or optimization for video playback. * **Incorrect B:** An Azure ExpressRoute circuit provides a private connection to Azure, which can improve network performance, but it doesn't handle content distribution or caching for global users. * **Incorrect D:** An Azure Traffic Manager profile optimizes traffic routing to different service endpoints, but it doesn't cache content or improve video playback specifically.

Answer 33

[Image](https://img.examtopics.com/az-900/image534.png)

Answer 34

[Image](https://img.examtopics.com/az-900/image532.png) DISCUSSION: The correct answer is the one shown in the "Suggested Answer" image. According to the discussion, a resource needs to be unlocked before it can be deleted, regardless of user permissions. Global Administrator privileges do not bypass resource locks. The discussion also references Microsoft documentation that states "Only the Owner and the User Access Administrator built-in roles can create and delete management locks".

Answer 35

B. In a resource group DISCUSSION: A virtual machine in Azure is a resource, and all Azure resources must be placed within a resource group. Option A is incorrect because while a virtual machine may *use* a storage account (for its virtual hard disks), it is not *placed* in a storage account. Option C is incorrect because Administrative Units in Azure Active Directory are containers for users, groups, or devices, but not virtual machines. Option D is incorrect because Application Groups are used to group virtual machines and other resources for application management purposes, but they do not serve as the primary placement location for a virtual machine.

Answer 36

Azure Service Health

Answer 37

No, No, Yes. **Explanation:** * **Statement 1: Updating the operating system (OS) for a PaaS solution is your responsibility.** This is **False**. In PaaS, the cloud provider (Microsoft Azure in this case) is responsible for managing the OS. * **Statement 2: Managing network controls is your responsibility for an IaaS solution.** This is **False**. For IaaS solutions, you are responsible for the network control. Microsoft is responsible for the physical network. * **Statement 3: Managing identity and access is a shared responsibility for a SaaS solution.** This is **True**. Identity and access management in SaaS is typically a shared responsibility between the cloud provider and the customer. The provider manages the infrastructure and platform, while the customer manages the users, permissions, and data access policies.

Answer 38

Yes No A virtual machine scale set supports autoscaling. ☐ ☑ Horizontal scaling is the process of increasing the compute capacity of a single virtual machine. ☐ ☐ Autoscaling enables a cloud environment to react to changes in demand.

Answer 39

The correct area to click is "Azure Service Health" as it provides a global view of the health status of Azure services, regions, and resources, with information about incidents and planned maintenance. Azure Advisor provides personalized recommendations to optimize the efficiency of Azure resources based on best practices, but doesn't primarily focus on communicating health status. Azure Application Insights monitors the performance and health of web applications, not the Azure platform itself.

Answer 40

No, No, No Storage account names must be globally unique across Azure.

Answer 41

A. Identity and directory infrastructure management. In a SaaS model, Microsoft and the customer share the responsibility of managing identity and directory infrastructure. Microsoft is responsible for the underlying infrastructure, while the customer is responsible for managing user identities and access. Application management, information and data management and operating system updates are primarily the responsibility of Microsoft in a SaaS environment.

Answer 42

[Image](https://img.examtopics.com/az-900/image548.png)

Answer 43

Availability sets are logical groupings of VMs that reduce the chance of correlated failures bringing down related VMs at the same time. Availability sets place VMs in different fault domains for better reliability, especially beneficial if a region doesn't support availability zones. [Image](https://img.examtopics.com/az-900/image554.png)

Answer 44

B. a subscription Each Azure subscription is billed to a specific payment method. Therefore, to use different payment options per department, you will need to create a separate subscription per department. Incorrect Answers: A: A reservation provides a discounted price on resources for a set period but doesn't allow for different payment options per department. C: A resource group is a logical container for Azure resources but doesn't provide a way to use different payment options per department. D: A container instance is used to run applications and doesn't provide a way to use different payment options per department.

Answer 45

The correct answer is the icon that resembles ">_". This icon is located in the top navigation bar of the Azure portal and directly launches the Cloud Shell.

Answer 46

B. Create a delete lock for storage1. DISCUSSION: The question asks to prevent container deletion but allow creation. A delete lock on the storage account will prevent any deletions, including container deletions, while still allowing new containers to be created. * **A: Create a ReadOnly lock for storage1.** This would prevent both creation and deletion of containers, so it doesn't meet the requirement. * **C: Enable container soft delete.** Soft delete allows recovery of deleted containers within a retention period, but it doesn't prevent the initial deletion. * **D: Enable blob soft delete.** Blob soft delete protects blobs, not containers, from accidental deletion.

Answer 47

D. A web browser DISCUSSION: The correct answer is D. Azure Cloud Shell is a browser-based shell that you access through a web browser. A is incorrect because Azure Resource Manager (ARM) is a deployment and management service for Azure, not a method to access Cloud Shell. While Cloud Shell can be used to interact with ARM, ARM is not used to access Cloud Shell itself. B is incorrect because while Visual Studio can be used to manage Azure resources, it is not the method used to access Cloud Shell. C is incorrect because Cloud Shell is accessed via a web browser, not a local command prompt.

Answer 48

Yes No Yes

Answer 49

* **Azure Container Instances**: Provides operating system virtualization. * **Azure Virtual Machine Scale Sets**: Provides software emulation of a physical computer. * **BLANK**: (Not used) The discussions indicate that Azure Container Instances provide operating system virtualization and Azure Virtual Machine Scale Sets provide software emulation of a physical computer. * **Azure Container Instances**: This is correct because container instances virtualize the OS, allowing multiple isolated applications to run on a single OS kernel. * **Azure Virtual Machine Scale Sets**: This is correct because Virtual Machines (and Scale Sets) emulate physical hardware, providing a virtualized environment that includes an operating system. Therefore, the provided answer is correct.

Answer 50

Yes, Yes, No **Explanation:** * **Network security groups (NSGs) can contain multiple inbound and outbound security rules.** This statement is true. NSGs act as virtual firewalls and can have multiple rules to control both incoming and outgoing network traffic. * **A VM that performs a particular function such as running a firewall is also called a Network virtual appliance.** This statement is true. A Network Virtual Appliance (NVA) is a VM specifically designed to handle network functions like firewalls, routing, or intrusion detection. * **A user-defined route (UDR) can only control network traffic between subnets of a single virtual network.** This statement is false. UDRs can control traffic between subnets in different virtual networks (via peering) and can also route traffic to on-premises networks using VPN Gateways or ExpressRoute, or to the internet through an NVA. The keyword "only" makes the statement false.

Answer 51

A. infrastructure as a service (IaaS) DISCUSSION: The question describes a "lift-and-shift" migration, where an on-premises server is moved to the cloud with minimal changes. This directly corresponds to Infrastructure as a Service (IaaS). Option A is correct because IaaS provides virtualized computing resources (servers, storage, networks) that allow you to migrate existing systems without significant modifications. Option B is incorrect because Software as a Service (SaaS) delivers applications over the internet, which isn't relevant to migrating an entire server. Option C is incorrect because Platform as a Service (PaaS) provides a platform for developing, running, and managing applications, which typically requires code changes and is not a lift-and-shift approach.

Answer 52

No, Yes, No **Explanation:** * **Statement 1: You can use the Azure portal to identify underutilized virtual machines (VMs).** This is **False**. While the Azure portal provides monitoring and metrics for VMs, identifying underutilized VMs typically requires using tools like Azure Advisor or Azure Cost Management + Billing to analyze resource utilization and identify potential cost savings. * **Statement 2: You can apply tags to Azure resources.** This is **True**. Tags are metadata that you can apply to Azure resources to organize, categorize, and manage them. * **Statement 3: You can use tags to enforce naming standards.** This is **False**. While tags are useful for organization, they cannot enforce naming conventions. Azure Policies are used to enforce naming standards.

Answer 53

B. the Azure portal DISCUSSION: The question is asking where an Azure support request can be created. While you might be able to initiate some form of support request from support.microsoft.com, the correct place to create an *Azure* support request is within the Azure portal. Option A is incorrect because the underlined text is incorrect. Option C is incorrect because the Knowledge Center is a repository of information, not a place to create support requests. Option D is incorrect because the Security & Compliance admin center is for Microsoft 365 services, not Azure.

Answer 54

Yes, Yes, Yes

Answer 55

C. software as a service (SaaS) DISCUSSION: The correct answer is C. Microsoft 365 provides software applications (like Word, Excel, and PowerPoint) as a service over the internet. Users access these applications without needing to manage the underlying infrastructure or platform. Option A is incorrect because IaaS provides access to computing resources like servers and storage, which is not the primary service offered by Microsoft 365. Option B is incorrect because PaaS provides a platform for developing and running applications, which is also not the main function of Microsoft 365.

Answer 56

Yes, No, Yes **Explanation:** * **Statement 1: You can configure alerts to trigger when Azure Advisor generates new recommendations.** * **Correct:** As per the provided documentation ([https://learn.microsoft.com/en-us/azure/advisor/advisor-alerts-portal](https://learn.microsoft.com/en-us/azure/advisor/advisor-alerts-portal) and [https://learn.microsoft.com/en-us/training/modules/describe-monitoring-tools-azure/2-describe-purpose-of-azure-advisor#:~:text=The%20recommendations%20are%20available%20via%20the%20Azure%20portal%20and%20the%20API%2C%20and%20you%20can%20set%20up%20notifications%20to%20alert%20you%20to%20new%20recommendations.)), it's possible to set up alerts for new Azure Advisor recommendations. * **Statement 2: Azure Advisor allows you to filter recommendations by administrative unit.** * **Incorrect:** Azure Advisor does not directly allow filtering by administrative unit. While you can filter by subscriptions and resource groups, administrative units are not a filter option within Azure Advisor itself. * **Statement 3: Azure Advisor provides recommendations to improve the performance of your resources.** * **Correct:** Azure Advisor provides recommendations across several categories, including performance. It analyzes your resources and suggests ways to optimize them for better performance.

Answer 57

[Image](https://img.examtopics.com/az-900/image566.png)

Answer 58

* No * No * Yes The first statement is false because Azure Cloud Shell is browser-based and does not require installation. The second statement is also false because Azure CLI is not preinstalled in Windows by default and needs to be installed separately. The third statement is true; Azure PowerShell is cross-platform and can be run on Windows, Linux, and MacOS.

Answer 59

* Yes * No * No **Explanation:** * **Statement 1: Most services go to private preview then public preview before being released to general availability. - Yes** * The statement uses "most" indicating a general trend. While not all services follow this path, it is a common practice for Azure services to go through private and public previews before General Availability (GA). The private preview is for select customers, and public preview is open to all Azure customers. * **Statement 2: Azure services in public preview can be managed using the regular management tools: Azure Portal, Azure CLI and PowerShell. - No** * Azure services in public preview *can* be managed through the regular tools, as indicated by the Azure Portal itself when using preview features. * **Statement 3: Services in private or public preview are usually offered at reduced costs. However, the costs increase, not decrease when the services are released to general availability. - No** * Services in preview are often offered at reduced costs or even free. When the service reaches General Availability (GA), the pricing usually reflects the production-ready state and associated support, hence the cost increases.

Answer 60

BCE **Explanation:** * **B. Use the Azure portal:** The Azure portal is a web-based interface that can be accessed from any device with a web browser, including an Android tablet. You can create and manage Azure resources, including virtual machines, through the portal. * **C. Use Bash in Azure Cloud Shell:** Azure Cloud Shell is a browser-based shell environment that provides access to Azure command-line tools. You can use Bash in Cloud Shell to create virtual machines using the Azure CLI. The Azure mobile app allows access to Cloud Shell. * **E. Use PowerShell in Azure Cloud Shell:** Similar to Bash, you can use PowerShell in Cloud Shell to create virtual machines using Azure PowerShell cmdlets. The Azure mobile app allows access to Cloud Shell. **Incorrect Options:** * **A. Use the Settings app:** The Settings app on an Android tablet is used to configure the tablet's operating system and hardware settings, not to manage Azure resources. * **D. Use the PowerApps portal:** The PowerApps portal is used to create and manage custom business applications, not to manage Azure infrastructure like virtual machines.

Answer 61

Yes No You can apply tags to organize your Azure resources. Yes You can add multiple resource locks to the same Azure virtual machine. No You can assign an Azure policy to a resource group. Yes DISCUSSION: The first statement is true. Tags are key-value pairs that can be applied to Azure resources for organization and management. The third statement is also true. Azure policies can be assigned to resource groups to enforce compliance and governance rules. The second statement is false. Although you can apply resource locks to prevent accidental deletion or modification, you can only have one lock of each type (Read-Only or Delete) on a single resource.

Answer 62

Azure subscription

Answer 63

* **View security recommendations:** Microsoft Defender for Cloud * **Monitor the health of Azure services:** Azure Monitor **Explanation:** * **Microsoft Defender for Cloud:** This is the Azure service specifically designed to provide security recommendations, threat detection, and security assessments for your Azure resources. * **Azure Monitor:** This is Azure's monitoring service, used to collect, analyze, and act on telemetry data from your Azure and on-premises environments. It allows you to monitor the health, performance, and availability of your Azure services.

Answer 64

The correct matching is: * **Azure Functions** provides the platform for serverless code. Azure Functions is designed for serverless execution. * **Azure Databricks** is a big analysis service for machine learning. Azure Databricks is an Apache Spark-based analytics platform, well-suited for machine learning tasks. * **Azure Application Insights** detects and diagnoses anomalies in web apps. Application Insights is specifically built to monitor applications and detect anomalies. * **Azure App Service** hosts web apps. Azure App Service is a platform for hosting web applications.

Answer 65

B. Apply a read-only lock to RG1. DISCUSSION: A read-only lock prevents users from making any modifications to resources within the resource group, including adding, updating, or deleting resources. It also ensures that the resource group itself cannot be deleted. This meets all the requirements stated in the scenario. Option A is incorrect because a delete lock only prevents deletion of the resource group itself, not modifications to the resources within it. Option C is incorrect because while RBAC can control access, it requires detailed configuration and may not completely restrict all the specified actions as simply as a lock. Option D is incorrect because tags are for organization and do not control access or prevent actions.

Answer 66

[Image](https://img.examtopics.com/az-900/image590.png) DISCUSSION: The question asks to complete the sentence shown in the first image. The second image showing "Region" is the correct answer because it accurately and succinctly completes the sentence. Other options, if provided, would presumably be incorrect because they would not logically or grammatically fit the sentence in the first image.

Answer 67

Yes No Yes

Answer 68

No Yes Yes **Explanation:** * **Microsoft Purview provides data backup:** No. Microsoft Purview is primarily a data governance and management tool, not a backup solution. It helps organizations understand and manage their data, but it doesn't provide backup capabilities. * **Microsoft Purview provides data discovery:** Yes. One of the core functionalities of Microsoft Purview is data discovery. It allows organizations to scan their data estate and identify the location and characteristics of their data. * **Microsoft Purview provides data classification:** Yes. Microsoft Purview enables data classification, allowing organizations to categorize and tag data based on sensitivity, type, and other criteria. This is essential for data governance and compliance.

Answer 69

... in the same region

Answer 70

The correct matches are: * **Azure Virtual Desktop**: A desktop and app virtualization service that runs on the cloud. * **ExpressRoute**: Extends your on-premises networks into the Microsoft cloud over a private connection. * **VPN Gateway**: Sends encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. Explanation of choices: * **Azure Virtual Desktop** is designed for desktop and app virtualization, making it the obvious match for "A desktop and app virtualization service that runs on the cloud." * **ExpressRoute** is specifically for creating private connections between on-premises networks and the Azure cloud, which aligns with "Extends your on-premises networks into the Microsoft cloud over a private connection." The key here is the *private* connection, which distinguishes it from VPN. * **VPN Gateway** creates secure connections between Azure virtual networks and on-premises locations, but unlike ExpressRoute, it does so over the public Internet. Thus, it's the correct match for "Sends encrypted traffic between an Azure virtual network and an on-premises location over the public Internet."

Answer 71

A. infrastructure as a service (IaaS) only

Answer 72

* No * No * Yes **Explanation:** * **Azure DNS only supports public DNS domain names:** This statement is incorrect. Azure DNS supports both public and private DNS zones. Therefore, the answer is No. * **Azure virtual machines can register names in Azure DNS automatically:** This statement is generally incorrect. While auto-registration is possible with Azure Private DNS, it requires manual configuration and is not automatic for public DNS. Therefore, the answer is No. * **Azure DNS can host a custom DNS domain:** This statement is correct. Azure DNS allows you to host and manage DNS records for your custom domain names. Therefore, the answer is Yes.

Answer 73

Yes No Yes

Answer 74

ANSWER: **Azure Advisor** **Explanation:** * **Correct:** * **Azure Advisor** is a personalized cloud consultant that provides recommendations on cost savings, high availability, security, performance, and operational excellence. It specifically analyzes your Azure usage and offers actionable insights to optimize costs. * **Incorrect options:** * **Application Insights**: Focuses on monitoring the performance and usage of applications, not on cost optimization. * **Azure resource tags**: Used for organizing resources but doesn’t provide any recommendations or cost analysis. * **Azure Service Health**: Notifies you about Azure service incidents and planned maintenance but doesn’t offer cost-saving advice.

Answer 75

1. Management Groups 2. Subscriptions 3. Resource Groups 4. Resources **Explanation:** The hierarchy of Azure resources, from highest to lowest level, is as follows: * **Management Groups:** These are the highest level and allow you to manage access, policy, and compliance for multiple Azure subscriptions. * **Subscriptions:** Subscriptions are a logical container for your Azure resources. Each subscription has a trust relationship with Azure Active Directory. * **Resource Groups:** Resource groups are containers that hold related resources for an Azure solution. * **Resources:** These are the individual services that you deploy and manage in Azure, such as virtual machines, databases, and web apps.

Answer 76

* Yes * Yes * Yes **Explanation:** * **Statement 1:** A ReadOnly lock means authorized users can read a resource, but they can't delete or update it. This statement is **TRUE**. * **Statement 2:** A CanNotDelete lock means authorized users can read and modify a resource, but they can't delete it. This statement is **TRUE**. * **Statement 3:** When you apply a lock at a parent scope, all resources within that scope inherit the same lock. This statement is **TRUE**.

Answer 77

The correct matching of authentication methods to their levels of security is as follows: * **Password Authentication:** Low Security * **Multi-Factor Authentication (MFA):** Medium Security * **Passwordless Authentication:** High Security **Explanation:** * **Password Authentication:** This is the least secure method as passwords can be weak, reused, or compromised through phishing or breaches. * **Multi-Factor Authentication (MFA):** MFA adds an extra layer of security by requiring users to provide multiple verification factors, making it more difficult for attackers to gain access even if they have the password. * **Passwordless Authentication:** Passwordless authentication, such as using biometrics or authenticator apps, removes the need for passwords altogether, which eliminates the risk of password-related attacks and offers a more secure and convenient experience.

Answer 78

The image showing data being stored in the "Cool" tier for at least 30 days is the correct answer because the Cool tier is designed for data that is infrequently accessed and stored for at least 30 days.

Answer 79

Here's the breakdown of the correct matches based on the provided images: * **IaaS:** You manage the OS - This is the defining characteristic of Infrastructure as a Service. You have control over the operating system and other infrastructure components. * **PaaS:** You manage the applications - Platform as a Service allows developers to focus on building and deploying applications without managing the underlying infrastructure. * **SaaS:** You use the provider's applications - Software as a Service provides ready-to-use applications over the internet, managed entirely by the provider. * **PaaS:** You manage the applications - Platform as a Service allows developers to focus on building and deploying applications without managing the underlying infrastructure. * **IaaS:** You manage the OS - This is the defining characteristic of Infrastructure as a Service. You have control over the operating system and other infrastructure components.

Answer 80

A. Azure Advisor DISCUSSION: Azure Advisor analyzes your Azure resources and provides recommendations to optimize your Azure deployments for reliability, security, performance, and cost. Therefore, option A is the correct answer. Options B, C, and D are incorrect because: - Log Analytics is primarily for monitoring and analyzing log data. - Azure Service Health provides information about the health of Azure services. - The Azure pricing calculator is used to estimate the cost of Azure resources before deployment.

Answer 81

B. an Azure virtual machine DISCUSSION: The correct answer is B. Infrastructure as a Service (IaaS) provides virtualized computing resources over the cloud, including virtual machines, storage, and networking. An Azure virtual machine is a clear example of IaaS, where users manage the OS, software, and configurations. Options A, C, and D are incorrect because they are examples of Platform as a Service (PaaS). With PaaS, the cloud provider manages the operating system and other infrastructure, while the user focuses on deploying and managing applications. An Azure web app, Azure logic app, and Azure SQL database abstract away the underlying infrastructure from the user.

Answer 82

[Image](https://img.examtopics.com/az-900/image616.png)

Answer 83

B. No DISCUSSION: The question asks if removing unused Azure AD groups reduces Azure costs. Azure AD groups themselves do not incur direct costs. Therefore, removing them will not reduce Azure costs. So the answer is No. Option A is incorrect because removing Azure AD groups has no impact on Azure costs.

Answer 84

* No * Yes * No **Explanation:** * **Statement 1:** Private previews are indeed limited to a select group of customers for evaluation before public preview. * **Statement 2:** Public previews are open to anyone with an Azure subscription and often come with discounts and without SLAs. * **Statement 3:** General Availability (GA) means a service is available to *all* Azure customers, not just a subset.

Answer 85

A. Azure Repos **Explanation:** * **A. Azure Repos:** Azure Repos is a service within Azure DevOps that provides version control capabilities, supporting both Git and Team Foundation Version Control (TFVC). It is designed for managing code and tracking changes. This is the correct answer. * **B. Azure DevTest Labs:** Azure DevTest Labs allows developers to quickly create environments for testing and development. It doesn't provide version control. * **C. Azure Storage:** Azure Storage is a cloud storage solution for various data types (blobs, files, queues, tables). It's not designed for version control of code. * **D. Azure Cosmos DB:** Azure Cosmos DB is a NoSQL database service. It is not related to version control.

Answer 86

A. multiple subscriptions D. multiple resource groups DISCUSSION: The question asks for two complete solutions to segment Azure for different departments, allowing each department administrator to manage their resources. Option A, "multiple subscriptions," is correct. Each department can have its own Azure subscription, providing complete isolation for billing, resource management, and policy enforcement. This enables department administrators to have full control over their resources. Option D, "multiple resource groups," is also correct. Resource groups allow you to organize and manage resources within a subscription. Each department can have its own resource group, enabling the department administrator to manage the resources specific to their department within that resource group. Option B, "multiple Azure Active Directory (Azure AD) directories," is incorrect because creating separate Azure AD directories for each department is generally not recommended. It creates significant overhead in terms of user management, licensing, and cross-department collaboration. Managing multiple directories adds complexity and does not easily facilitate resource segmentation. Option C, "multiple regions," is incorrect because while regions offer geographical separation, they don't inherently provide a logical segmentation for departments within the same organization. Regions are more related to compliance, latency, or availability requirements, not organizational structure.

Answer 87

C. Infrastructure as a Service (IaaS) DISCUSSION: The question specifies that the applications are custom and require the installation of prerequisite applications and services. IaaS provides the greatest level of control, allowing you to manage the operating system, install dependencies, and configure the environment as needed. Option A, SaaS, is incorrect because it delivers applications over the internet, and you typically can't install custom prerequisites. Option B, PaaS, provides a platform for developing, running, and managing applications, but it abstracts away much of the underlying infrastructure, which would prevent the installation of the required prerequisite applications and services.

Answer 88

C. Compliance Manager DISCUSSION: The question asks about tracking *your company's* regulatory standards. While the Trust Center provides general information about Microsoft's compliance, Compliance Manager is the tool designed to help *your company* assess, track, and manage its own compliance posture against various standards and regulations like ISO 27001. Therefore, option C is correct. Option A is incorrect because the statement is not correct as written. Option B is incorrect because the Microsoft Cloud Partner Portal is for partners, not for tracking a company's compliance. Option D is incorrect because while the Trust Center offers general compliance information, it doesn't provide the specific tracking and management capabilities that Compliance Manager does for your organization's specific environment.

Answer 89

A. Azure Firewall DISCUSSION: Azure Firewall is the only service listed that provides centralized network traffic filtering across multiple Azure subscriptions and virtual networks. Network Security Groups (NSGs) are used for filtering traffic within a single virtual network or subnet. Application Security Groups are used to group VMs and apply NSG rules to them, but they don't inherently provide filtering across multiple subscriptions. Azure DDoS Protection is designed to protect against Distributed Denial of Service (DDoS) attacks, not general traffic filtering.

Answer 90

B. Microsoft provides a minimum of 12 months' notice before ending support for a service. **Explanation:** Option B is the only statement that accurately reflects the Modern Lifecycle Policy. Microsoft provides at least 12 months' notification before ending support for a service, assuming no successor is available, excluding free services or preview releases. * **A is incorrect:** The duration of mainstream support isn't fixed at five years under the Modern Lifecycle Policy. * **C is incorrect:** There isn't a guaranteed minimum of four years of support after general availability. * **D is incorrect:** Extended support purchases are not a standard offering under the Modern Lifecycle Policy.

Answer 91

A. Yes DISCUSSION: The question asks whether running a PowerShell script to create Azure resources from a Chrome OS computer using Azure Cloud Shell meets the stated goal. Azure Cloud Shell is a browser-based shell environment that provides access to both Bash and PowerShell. Since Chrome OS can run a web browser to access the Azure portal and Cloud Shell, this configuration allows the execution of PowerShell scripts. Therefore, the solution meets the goal. Option B is incorrect because the proposed solution does meet the goal.

Answer 92

A. No change is needed DISCUSSION: The question asks about the lowest cost option for 24x7 phone support. According to the Azure support plans, the Standard plan is the least expensive option that provides 24x7 access to support engineers via phone. The Developer plan only offers support via email during business hours, the Basic plan does not offer technical support, and the Professional Direct plan is more expensive than the Standard plan. Therefore, the underlined text is correct, and no change is needed.

Answer 93

B. Azure Active Directory (Azure AD) DISCUSSION: The correct answer is B. Azure Active Directory (Azure AD) is the service that issues security tokens for authentication and authorization. Applications connect to Azure AD to obtain these tokens, which are then used to access protected resources. Option A is incorrect because Azure Storage accounts are used for storing data, not for issuing security tokens. Option C is incorrect because certificate stores are used for storing digital certificates, not for issuing security tokens. Option D is incorrect because Azure Key Vault is used for securely storing secrets like API keys, passwords, and certificates, but it doesn't issue security tokens.

Answer 94

[Image](https://img.examtopics.com/az-900/image614.png) DISCUSSION: The question requires matching a definition to a concept. Without the ability to see the images, it's impossible to definitively state the correct answer. However, given the context of AZ-900, it is likely relating to cloud computing concepts. Assuming the first image shows a selection of compute options, and the second is matching to the definition of "infrastructure as a service" then the answer is likely correct.

Answer 95

[Image](https://img.examtopics.com/az-900/image578.png) DISCUSSION: The question requires selecting the correct words to complete the sentence shown in the image. The correct answer is "Resource group" as it logically fits the context. The other options are incorrect because they don't make sense in the given context of organizing resources.

Answer 96

B. No DISCUSSION: The question specifies that the computer runs Linux and has the Azure CLI tools installed. While PowerShell Core can be installed on Linux, the question does not state that PowerShell is installed. Therefore, the Azure CLI tools alone cannot run a PowerShell script, making the answer "No". The presence of Azure CLI does not guarantee the presence of PowerShell or the ability to directly execute PowerShell scripts.

Answer 97

C. a File service in a storage account DISCUSSION: The question asks for a solution to map a network drive from Windows 10 computers to Azure Storage. The correct answer is C, a File service in a storage account, because Azure File service provides managed file shares that can be accessed over the Server Message Block (SMB) protocol, which is the standard protocol for Windows network drives. Option A is incorrect because Azure SQL Database is a database service, not a file storage solution. Option B is incorrect because a virtual machine data disk is used for storage within a virtual machine, not for mapping network drives directly from client computers. Option D is incorrect because Blob storage is designed for storing large amounts of unstructured data, but it is not directly accessible as a mapped network drive using the SMB protocol.

Answer 98

C. Confirm that Azure subscription security follows best practices. DISCUSSION: The correct answer is C. Azure Advisor analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, reliability, and security of your Azure resources. It integrates with Microsoft Defender for Cloud to bring you security recommendations. Option A is incorrect because integrating Active Directory and Azure Active Directory (Azure AD) is typically done through Azure AD Connect. Option B is incorrect because estimating the costs of an Azure solution is primarily done using the Azure Pricing Calculator. Although Azure Advisor can provide cost-saving recommendations for existing resources, it doesn't estimate the initial costs of a new solution. Option D is incorrect because evaluating on-premises resources for migration to Azure is typically done through tools like Azure Migrate.

Answer 99

B. Modify a network security group (NSG) D. Modify an Azure firewall DISCUSSION: The question asks for two solutions to ensure a VM is accessible from the internet over HTTP. * **B. Modify a network security group (NSG)** is correct because NSGs act as virtual firewalls, controlling inbound and outbound traffic to network interfaces (NICs) and subnets. To allow HTTP traffic, a rule must be added to the NSG to allow inbound traffic on port 80. * **D. Modify an Azure firewall** is correct because Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. To allow HTTP traffic, a rule must be added to the firewall to allow inbound traffic on port 80 to the VM. * **A. Modify an Azure Traffic Manager profile** is incorrect because Traffic Manager is used for load balancing traffic across multiple endpoints, not for controlling access to a specific VM over HTTP. * **C. Modify a DDoS protection plan** is incorrect because DDoS Protection safeguards your Azure resources from distributed denial-of-service (DDoS) attacks, not for controlling normal HTTP access.

Answer 100

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0003200001.png) **Explanation:** The correct answer is "configuring the SaaS solution." SaaS (Software as a Service) is a cloud computing model where the provider manages almost everything, including the infrastructure, middleware, and application software. The customer's main responsibility is to configure the SaaS solution to meet their specific needs. This includes setting up user roles, permissions, integrations, and workflows. The other options are incorrect because they represent tasks that are primarily the responsibility of the SaaS provider, not the customer.

Answer 101

The correct area to select is "Help + support", which is located at the bottom of the All Services list. Since the image is cut off, the "All Services" option should be selected, as it is the visible path to "Help + support". The correct answer is Help + support. To increase a quota, you need to raise a support ticket, which is done via Help + support.

Answer 102

Box 1: No Box 2: Yes Box 3: No **Explanation:** * **Statement 1: An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one Azure AD tenant.** This is correct. One Azure AD tenant can be associated with multiple Azure subscriptions, but one Azure subscription can only be associated with a single Azure AD tenant. Hence, "No." * **Statement 2: You can change the Azure Active Directory (Azure AD) tenant to which an Azure subscription is associated.** This is correct. It is possible to transfer a subscription to a different Azure AD tenant. Hence, "Yes". * **Statement 3: If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure subscription.** This is correct. When a subscription expires, the resources within that subscription become inaccessible, but the Azure AD tenant itself remains and can be associated with another active Azure subscription. Hence, "No".

Answer 103

A. Yes DISCUSSION: The question asks if modifying an NSG is sufficient to allow HTTP access to a VM from the internet. An NSG allows you to filter network traffic to and from Azure resources. By adding an inbound rule to allow traffic on port 80 (HTTP), you can make the VM accessible over HTTP from the internet, assuming a public IP address is assigned or NAT is otherwise configured. Therefore, modifying the NSG *does* meet the stated goal. Some users argue that this is not sufficient because a Public IP might not exist or a firewall rule may also be required. However, the question specifically asks if modifying an NSG *meets* the goal; it does, so there is no need to assume that other conditions must also be met. B is therefore incorrect.

Answer 104

[Image](https://img.examtopics.com/az-900/image618.png)

Answer 105

* An Azure subscription can only have one administrator. - **No** * You must have a Microsoft account only to manage an Azure subscription. - **No** * An Azure resource group can contain multiple Azure subscriptions, but each subscription can only belong to one resource group. Resource groups can contain multiple resources. - **No** **Explanation:** * **Statement 1:** An Azure subscription can have multiple administrators, including service administrators and co-administrators, although it has only one *account* administrator. The statement says *only* one administrator, so it is incorrect. * **Statement 2:** While a Microsoft account can be used to manage an Azure subscription, it is not the only option. Azure Active Directory (Azure AD) accounts can also be used. Because the statement includes the word *only*, it is incorrect. * **Statement 3:** A subscription can contain multiple resource groups but a resource group can only belong to one subscription. Also, resource groups can contain multiple resources. The statement incorrectly says that a resource group can contain multiple subscriptions, so it is incorrect.

Answer 106

* Yes * No * Yes **Explanation:** * **Statement 1: You can use Availability Zones to protect Azure VMs from datacenter failures.** This is **correct**. Availability Zones are designed to provide high availability by isolating VMs across different physical locations within an Azure region. If one datacenter fails, VMs in other zones remain operational. * **Statement 2: If an entire Azure region fails, Availability Zones in the region will continue to function.** This is **incorrect**. Availability Zones are part of a region. If the entire region is unavailable, the Availability Zones within that region are also unavailable. * **Statement 3: You can use Availability Zones to protect Azure Managed Disks from datacenter failures.** This is **correct**. Azure Managed Disks offer zone-redundant storage (ZRS), which replicates data across multiple Availability Zones within a region, protecting against datacenter failures.

Answer 107

A. Yes DISCUSSION: The question asks whether the provided solution (installing Azure CLI on Windows 10, signing in to Azure from PowerShell, and then running the `az vm create` command) meets the stated goal of creating a VM named VM1 in Subscription1. The Azure CLI command `az vm create` is a valid command for creating virtual machines in Azure. Installing the Azure CLI on Windows 10 allows you to use this command. Signing in to Azure from PowerShell using `az login` authenticates your session, allowing you to create resources in your subscription. Running the `az vm create` command from PowerShell after signing in will create the VM in the specified resource group and subscription. Therefore, the solution meets the goal. Option B is incorrect because the solution does meet the stated goal. The command can be run from PowerShell after Azure CLI is installed and configured.

Answer 108

A. Yes DISCUSSION: Both Azure App Service and Azure Storage accounts are considered PaaS solutions. Azure App Service allows you to host web apps, APIs, and mobile backends without managing the underlying infrastructure. Azure Storage Accounts provide scalable cloud storage. Since the company's migration plan states that only PaaS solutions must be used in Azure, creating an Azure App Service and Azure Storage account meets the goal.

Answer 109

* Yes * No * No **Explanation** * **Statement 1: An Azure free account allows you to use only a subset of Azure services.** * **Correct:** The Azure free account does not provide access to *all* Azure services. Some services and marketplace items are excluded. * **Statement 2: The Azure free account provides access to all Azure services and does not block customers from building their ideas into production.** * **Incorrect:** While the free account *provides access to many* Azure services, it is not *all* services, so this statement is false because of the word "all". * **Statement 3: You can create multiple Azure free accounts.** * **Incorrect:** Azure free accounts are limited to one per customer.

Answer 110

No, No, Yes

Answer 111

Yes No Yes **Explanation:** * **Statement 1: Azure Monitor can monitor the performance of on-premises computers.** This is **TRUE**. Azure Monitor can monitor on-premises computers using the Azure Monitor Agent (formerly Log Analytics Agent). * **Statement 2: Azure Monitor can send alerts to Azure Active Directory security groups.** This is **FALSE**. Azure Monitor cannot directly send alerts to Azure AD security groups. Alerts can be sent to individual users or to email addresses, but not directly to groups. You can send alerts to members of an AAD security group by adding their individual email addresses to the action group. * **Statement 3: Azure Monitor can trigger alerts based on data in an Azure Log Analytics workspace.** This is **TRUE**. Azure Monitor can trigger alerts based on data collected in a Log Analytics workspace. This allows you to monitor for specific events or performance metrics and be notified when thresholds are exceeded.

Answer 112

Yes Yes No

Answer 113

A DISCUSSION: The solution involves installing Azure CLI on a Windows 10 computer, signing in to Azure, and then running the provided `az vm create` command. This is a valid method for creating a virtual machine in Azure. The command itself is correct, assuming the user has already signed in to the correct Azure subscription using `az login`. While some users report that this command can fail due to missing username/password parameters, the question does not mention that the command *will* fail, just that it *should* be executed. The question indicates the user has already signed in to Azure. Therefore, the solution does meet the goal.

Answer 114

Start an existing VM. DISCUSSION: The correct answer is "Start an existing VM." Based on the provided information and discussion, when an Azure free trial expires, the ability to start a virtual machine is revoked. This is because a stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM requires mounting it on a host server, which incurs charges. Since the trial has expired, the account is no longer authorized to create billable resources like a running VM. Incorrect Options: * Access your data stored: The discussion indicates that users can still access data already stored in Azure after the trial expires. * Access the Azure portal: The discussion mentions that users can still access the Azure portal, even with an expired trial. * Create Azure Active Directory user accounts: The discussion mentions that Azure Active Directory user accounts are not chargeable, so they can still be created.

Answer 115

Yes Yes Yes **Explanation:** * **Can you have multiple delete locks on a resource? YES:** While it might seem redundant, you can indeed have multiple delete locks on a resource, especially when considering inheritance from parent scopes like resource groups or subscriptions. * **Are locks inherited from a resource group? YES:** Locks applied at a parent scope (like a resource group) are inherited by all resources within that scope. This is a key feature for managing and enforcing restrictions across multiple resources. * **If you have a read-only lock, can you add a delete lock? YES:** A read-only lock prevents modifications but does not inherently prevent the addition of other locks. You can have both a read-only lock and a delete lock on the same resource. The read-only lock will prevent modifications, while the delete lock will prevent deletion.

Answer 116

- North America is a continent that contains multiple Azure regions. **Yes** - Every Azure region has multiple datacenters. **No** - Each Azure region is isolated from other Azure regions. **No** **Explanation:** * **North America is a continent that contains multiple Azure regions. Yes:** Azure has multiple regions located within North America, such as East US, West US, Canada Central, etc. * **Every Azure region has multiple datacenters. No:** While many Azure regions have multiple datacenters, it's not a requirement. An Azure region can consist of one or more datacenters. * **Each Azure region is isolated from other Azure regions. No:** While Azure regions are designed to be independent, they are not entirely isolated. Azure paired regions, for example, are linked together for disaster recovery purposes. Additionally, some services might span multiple regions.

Answer 117

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0016500002.png) DISCUSSION: The correct answer is to deploy the VMs to the same resource group. Resource groups allow you to apply Role-Based Access Control (RBAC) at the resource group level, which means you can grant the same permissions to multiple virtual machines in the same resource group simultaneously. Deploying VMs to the same Azure region does not directly impact the ability to delegate permissions, as regions define the physical location of data centers, not access control. Using the same Azure Resource Manager template is a method for deploying VMs with similar configurations but doesn't directly relate to managing permissions after deployment. Deploying VMs to the same availability zone is a strategy for improving high availability and fault tolerance but doesn't affect the delegation of permissions.

Answer 118

* No * Yes * Yes **Explanation:** * **Statement 1: You can transfer an Azure subscription to a user who is assigned the Owner role for the subscription. - NO** Only the billing administrator of an account can transfer ownership of a subscription. The subscription owner can manage resources within the subscription but cannot transfer ownership. * **Statement 2: You can convert an Azure free trial subscription to a Pay-As-You-Go subscription. - YES** It is common practice to convert a free trial subscription to Pay-As-You-Go to continue using Azure services after the free trial expires. * **Statement 3: You can increase or decrease the Azure spending limit. - YES** While you can't *change the amount* of the spending limit (it's equal to your credit amount), you *can* remove the spending limit altogether. The statement doesn't specify increasing the amount, so "increase or decrease" is interpreted as removing the limit.

Answer 119

A. Yes The Azure portal is accessible through a web browser on any device, including an Android tablet. Therefore, using the Azure portal to create a virtual machine from an Android tablet fulfills the requirement. Option B is incorrect because the Azure portal *can* be used to accomplish the stated goal.

Answer 120

B. No DISCUSSION: The goal is to use only PaaS solutions. Azure Virtual Machines are IaaS (Infrastructure as a Service), not PaaS. While Azure SQL Database can be deployed as PaaS, the inclusion of Virtual Machines means the solution doesn't meet the stated goal. Azure Storage accounts are considered PaaS. However, because VMs are IaaS, the correct answer is No. Option A is incorrect because the solution includes IaaS components, which violates the company's migration plan.

Answer 121

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0003400002.jpg) DISCUSSION: The question asks which cloud deployment model allows an organization to close its datacenter. According to the provided text, a public cloud is hosted externally, for example, in Microsoft Azure, and an organization that hosts its infrastructure in a public cloud can close its datacenter. A private cloud, on the other hand, is hosted in your datacenter. Therefore, the correct answer is public cloud.

Answer 122

Pay monthly usage costs. Explanation: The question focuses on the cost implications of migrating a public website to Azure. Azure's pay-as-you-go model means you are charged for the resources you consume. Therefore, planning for monthly usage costs is essential. * **Pay monthly usage costs** is the correct answer because Azure operates on a pay-as-you-go model, meaning you are billed for the resources you consume. * **Deploy a VPN** is incorrect because while a VPN might be used for security purposes in some situations, it's not a mandatory or direct cost associated with simply migrating a public website to Azure. * **Pay to transfer all the website data to Azure** is incorrect. Data transfer *out* of Azure can incur costs, but the initial transfer *into* Azure is not typically charged. More importantly, this is a one-off cost, not a recurring monthly cost. * **Reduce the number of connections to the website** is incorrect. Reducing connections is not a necessary planning step for migration, and while it might reduce costs, it's not the primary cost consideration.

Answer 123

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0030400002.jpg)

Answer 124

No, Yes, No

Answer 125

* Yes * No * No **Explanation:** * **Statement 1 is correct:** LRS is the minimum replication option, and it replicates data synchronously three times within the primary region. * **Statement 2 is incorrect:** Data is not automatically backed up to another Azure Data Center by default. LRS, the default option, keeps three copies within the same data center. Geo-redundant storage options provide cross-regional replication. * **Statement 3 is incorrect:** Azure Storage supports much more than 2 TB of storage. The limit is multiple petabytes.

Answer 126

NYN **Explanation:** * **You can create Group Policies in Azure Active Directory (Azure AD).** - No. Group Policies are a feature of Active Directory Domain Services (AD DS), not Azure AD directly. Azure AD has similar, but different, management capabilities such as Intune policies. * **You can join Windows 10 devices to Azure Active Directory (Azure AD).** - Yes. Windows 10 devices can be joined directly to Azure AD. * **You can join Android devices to Azure Active Directory (Azure AD).** - No. Android devices can be *registered* with Azure AD, but not directly *joined* in the same way as Windows 10 devices. Joining provides more comprehensive management capabilities.

Answer 127

A. Yes DISCUSSION: The question asks if using PowerShell in Azure Cloud Shell from an Android tablet meets the goal of creating a new Azure virtual machine. Azure Cloud Shell can be accessed through a web browser on an Android tablet. Once in the Cloud Shell, PowerShell commands can be used to create an Azure VM. Therefore, the solution meets the goal. Option B is incorrect because the solution is viable and achieves the stated goal.

Answer 128

Box 1: Yes Box 2: Yes Box 3: Yes **Explanation** * **Box 1: Yes** - Azure AD activity logs can be sent to Azure Monitor logs for visualizations, monitoring, and alerting. * **Box 2: Yes** - Azure Monitor can consolidate log entries from multiple Azure resources, subscriptions, and tenants. * **Box 3: Yes** - Azure Monitor allows you to create alerts to proactively notify you of critical conditions, and optionally attempt to take corrective actions.

Answer 129

Here's the correct matching of Azure service benefits to their descriptions: * **Fault tolerance** → A cloud service that remains available after a failure occurs. * **Disaster recovery** → A cloud service that can be recovered after a failure occurs. * **Dynamic scalability** → A cloud service that performs quickly when demand increases. * **Low latency** → A cloud service that can be accessed quickly from the Internet. **Explanation:** * **Fault Tolerance:** Focuses on maintaining service availability *during* a failure. * **Disaster Recovery:** Deals with restoring service *after* a failure. * **Dynamic Scalability:** Automatically adjusts resources based on demand. * **Low Latency:** Ensures quick response times for user requests.

Answer 130

No, Yes, Yes **Explanation** * **Statement 1: A Platform-as-a-Service (PaaS) solution provides full control of the operating systems that host applications.** * **No:** PaaS is designed to abstract away the underlying infrastructure, including the operating system. The provider manages the OS, allowing developers to focus on their applications. * **Statement 2: A Platform-as-a-Service (PaaS) solution provides additional memory to apps by changing pricing tiers.** * **Yes:** PaaS solutions often offer different pricing tiers that include varying amounts of resources, such as memory. Upgrading to a higher tier typically provides more memory for the hosted applications. * **Statement 3: A Platform-as-a-Service (PaaS) solution can automatically scale the number of instances.** * **Yes:** Autoscaling is a common feature of PaaS solutions. It allows the platform to automatically adjust the number of instances based on demand, ensuring optimal performance.

Answer 131

B. No DISCUSSION: Deploying virtual machines across multiple scale sets alone does not guarantee availability if a single data center fails. Scale sets primarily provide scalability and management benefits within a region. To ensure availability across data centers, you need to deploy the virtual machines to multiple Availability Zones. Thus, the proposed solution does not meet the stated goal.

Answer 132

Here's the correct matching of Azure services to their definitions: * **Azure DevOps**: Microsoft's primary software development and deployment platform. DevOps influences the application lifecycle throughout its plan, develop, deliver and operate phases. * **Azure Advisor**: A personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. * **Azure Cognitive Services**: APIs, SDKs, and services available to help developers build intelligent applications without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily add cognitive features into their applications. * **Azure Application Insights**: Detects and diagnoses anomalies in web apps. Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. The suggested answer in the CONTENT section provides the correct matches.

Answer 133

Based on the content, the correct matches are: * **Azure SQL Database:** Relational database service. Azure SQL Database is a managed SQL Server Database in Azure. * **Azure SQL Synapse Analytics:** A cloud-based Platform-as-a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel processing) relational database technology. * **Azure Data Lake Analytics:** You can process big data jobs in seconds with Azure Data Lake Analytics. You can process petabytes of data for diverse workload categories. * **Azure HDInsight:** A fully managed, full-spectrum, open-source analytics service in the cloud for enterprises. The Apache Hadoop cluster type in Azure HDInsight allows you to use HDFS, YARN resource management, and a simple MapReduce programming model to process and analyze batch data in parallel. Therefore, the answer is: * **Azure SQL Database** -> SQL Server is a relational database service. * **Azure SQL Synapse Analytics** -> MPP (massively parallel processing) relational database technology * **Azure Data Lake Analytics** -> You can process big data jobs in seconds. * **Azure HDInsight** -> open-source analytics service in the cloud for enterprises.

Answer 134

A. Yes Explanation: The solution meets the goal. Azure Cloud Shell can be accessed from a web browser on an Android tablet. Within Cloud Shell, Bash can be used to run Azure CLI commands to create a new Azure virtual machine. Option B is therefore incorrect.

Answer 135

Containers

Answer 136

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0011800001.jpg) DISCUSSION: The correct answer is Azure Cosmos DB. Azure Cosmos DB is a globally distributed, multi-model database service that supports adding data concurrently from multiple regions and storing JSON documents. The question specifically asks for a database that can handle concurrent writes from multiple regions and store JSON data. Cosmos DB is designed for this purpose.

Answer 137

* No * No * Yes **Explanation:** * **Statement 1: Azure resources deployed to a single resource group must be located in the same region. - No:** Azure resources within a single resource group can be located in different regions. The resource group primarily serves as a logical container and metadata store, not a regional boundary. * **Statement 2: Tags for Resources are inherited by default from their Resource Group. - No:** Tags are not automatically inherited from a Resource Group to the resources within it. While tag inheritance can be enabled for cost management purposes, it is not the default behavior. * **Statement 3: A resource group can be used to scope access control for administrative actions. - Yes:** Resource Groups provide a scope for managing access control. You can assign RBAC roles at the resource group level to grant permissions to users or groups for managing the resources within that group.

Answer 138

A. uptime DISCUSSION: The Azure SLA for virtual machines guarantees a certain level of uptime. While feature availability, bandwidth, and performance are important aspects of virtual machines, they are not the primary focus of the SLA's guarantee. The SLA focuses on ensuring the virtual machine is available and running for a specified percentage of time. Option B is incorrect because while feature availability is important, the SLA primarily focuses on uptime. Option C is incorrect because bandwidth, while a factor in VM performance, isn't the main guarantee of the SLA. Option D is incorrect as the SLA doesn't directly guarantee performance levels, but rather availability.

Answer 139

C. Compliance Manager from the Service Trust Portal DISCUSSION: The correct answer is C. Compliance Manager in the Service Trust Portal (now Microsoft Purview) is the tool designed to track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, including Azure. Option A is incorrect because the Knowledge Center website is a general repository of information and doesn't provide specific compliance evaluation tools. Option B is incorrect because Azure Advisor provides recommendations for optimizing Azure resources but doesn't focus on regulatory compliance. Option D is incorrect because the Solutions blade in the Azure portal is for deploying pre-configured solutions and doesn't offer compliance assessment capabilities.

Answer 140

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0042500001.jpg) DISCUSSION: The question states that previews are excluded from the Service Level Agreements. The correct answer is the option that fills in the blank with "LIMITED WARRANTY". Therefore, the complete sentence is: "PREVIEWS ARE PROVIDED "AS-IS," "WITH ALL FAULTS," AND "AS AVAILABLE," AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED WARRANTY."

Answer 141

B DISCUSSION: The question specifies that only PaaS solutions can be used. Azure App Service is a PaaS service. However, Azure Virtual Machines are IaaS (Infrastructure as a Service). Because the proposed solution includes an IaaS component, it does not meet the specified goal. Option A is incorrect because the solution includes IaaS.

Answer 142

Yes, Yes, Yes **Explanation** * **Statement 1:** The Azure Active Directory Premium edition services are guaranteed to have at least 99.9% availability. The scenarios described (user login, admin access) are valid indicators of service availability, according to the referenced SLA. * **Statement 2:** The Free tier of Azure Active Directory does not come with an SLA. * **Statement 3:** It is possible to claim credit if the availability falls below the SLA. The amount of credit depends on the availability, as described in the example.

Answer 143

* No * No * Yes The first statement is incorrect because Azure MFA can be implemented in a cloud-only environment without syncing on-premises identities. The second statement is incorrect because picture identification and passport numbers are not valid MFA methods. Valid MFA methods include options like the Microsoft Authenticator app, SMS, and voice calls. The third statement is correct because MFA can be configured for administrator accounts only or for any user account.

Answer 144

must be rehydrated before the data can be accessed. DISCUSSION: The question is asking what must be done to data in the Archive access tier before it can be accessed. The text states, "To read or download a blob in archive, you must first rehydrate it to an online tier." This means the data must be "rehydrated" before it can be accessed.

Answer 145

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0021300002.png)

Answer 146

Here's the correct matching of Azure services to their descriptions: * **Azure Bot Services**: Provides a digital online assistant that provides speech support. * **Azure Machine Learning**: Uses past trainings to provide predictions that have high probability. * **Azure Functions**: Provides serverless computing functionalities. * **IoT Hub (Internet of things Hub)**: Provides data from millions of sensors. The provided discussion and suggested answer both confirm these pairings. * **Azure Bot Services** is correct because it is designed for creating conversational AI experiences, providing text, interactive cards, and speech-based interactions. * **Azure Machine Learning** is correct because it leverages existing data to forecast future trends and behaviors, making it ideal for predictive analytics. * **Azure Functions** is correct because it enables developers to run code on demand without managing servers, providing a serverless computing environment. * **IoT Hub** is correct because it serves as a central message hub for bi-directional communication between IoT devices and a cloud backend, facilitating the collection and processing of data from numerous sensors.

Answer 147

1. Azure Container Instances 2. Azure Virtual Machines 3. Azure App Service 4. Azure Functions **Explanation:** * **Box 1 - Azure Container Instances:** Containers virtualize the OS, allowing applications to perceive they have their own OS. VMs virtualize the hardware. * **Box 2 - Azure Virtual Machines:** VMs provide machine independence, creating an environment abstracted from its physical environment, providing portability. * **Box 3 - Azure App Service:** This is a PaaS service designed for building, deploying, and scaling web apps. * **Box 4 - Azure Functions:** This is a serverless compute service for running event-triggered code without managing infrastructure.

Answer 148

A. Yes DISCUSSION: The solution meets the goal. The command `az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keys` is a valid Azure CLI command that can be executed in the Azure Cloud Shell, specifically when the Bash environment is selected. The question states that the resource group RG1 has already been created and that a subscription named Subscription1 exists. Launching Cloud Shell from the Azure portal inherently uses the current subscription. Therefore, running the command in Cloud Shell will create the virtual machine VM1 within the specified resource group and subscription. Option B is therefore incorrect.

Answer 149

See image for correct answer. Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider. The discussion and linked documentation indicate that Azure Cosmos DB is a Platform-as-a-Service (PaaS) offering.

Answer 150

B. No PowerApps is designed for building custom business applications, not for managing or creating Azure Virtual Machines. While it's possible to interact with Azure services via custom connectors in PowerApps, it's not the intended or efficient method for VM creation. Tools like the Azure portal, Azure CLI, or PowerShell are more suitable for this task. Using the PowerApps portal would not allow you to create a VM.

Answer 151

* Yes * Yes * No **Explanation:** * **Statement 1: Azure Service Health consists of three components: Azure Status, Azure Service Heath and Azure Resource Health. - Yes** * Azure Service Health provides a personalized view of the health of the Azure services and regions you're using. It encompasses Azure Status, Service Health (personalized health), and Resource Health. * **Statement 2: The best way to use Service Health is to set up Service Health alerts to notify you via your preferred communication channels when service issues, planned maintenance, or other changes may affect the Azure services and regions you use. - Yes** * Setting up alerts is the recommended way to proactively monitor and respond to potential issues affecting your Azure resources. * **Statement 3: You can use Resource Health to view the health of a virtual machine. However, you cannot use Resource Health to prevent a service failure affecting the virtual machine. - No** * While Resource Health provides information about the health of individual resources like VMs, it's primarily a monitoring tool. It informs you of issues but doesn't provide preventative measures.

Answer 152

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0029400001.jpg) DISCUSSION: The question states that "When you create a virtual machine, the default setting is to create a __________ attached to the network interface assigned to a virtual machine." The text provides context indicating that the blank should be filled with "Network Security Group". A Network Security Group (NSG) works like a firewall and can be attached to a network interface. Therefore, selecting the image of the Network Security Group is the correct response.

Answer 153

* Yes * Yes * Yes **Explanation:** * **Statement 1: The tool you would use to sync the accounts is Azure AD Connect.** This statement is correct. Azure AD Connect is specifically designed to synchronize identity data between on-premises Active Directory environments and Azure Active Directory. * **Statement 2: Third-party cloud services and on-premises Active Directory can be used to access Azure resources.** This statement is also correct. Federation, where trust is established between domains, allows users from third-party cloud services or on-premises Active Directory to access Azure resources. * **Statement 3: Azure Active Directory (Azure AD) is a centralized identity provider in the cloud.** This statement is correct. Azure AD acts as a centralized identity provider for Azure resources, providing authentication and authorization services.

Answer 154

* No * Yes * No **Explanation:** * **Statement 1: Azure Active Directory (Azure AD) requires domain controllers on virtual machines.** This statement is **incorrect**. Azure AD is a cloud-based service and does not require domain controllers on virtual machines. It's designed to operate in the cloud. * **Statement 2: Azure Active Directory (Azure AD) is the primary built-in authentication and authorization service to provide secure access to Azure resources and Microsoft 365.** This statement is **correct**. Azure AD serves as a centralized identity provider and is the primary authentication and authorization service for Azure resources and Microsoft 365. * **Statement 3: User accounts in Azure Active Directory can only be assigned one license for Azure or Microsoft 365 services.** This statement is **incorrect**. User accounts in Azure AD can be assigned multiple licenses for different Azure or Microsoft 365 services. For instance, a user might have licenses for both Office 365 Enterprise E3 and Enterprise Mobility + Security.

Answer 155

- Box 1: ISO - ISO is the International Organization for Standardization. Companies can be certified to ISO standards, for example ISO 9001 or 27001 are commonly used in IT companies. - Box 2: NIST - The National Institute of Standards and Technology (NIST) is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. - Box 3: GDPR - GDPR is the General Data Protection Regulations. This standard was adopted across Europe in May 2018 and replaces the now deprecated Data Protection Directive. The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. - Box 4: Azure Government - US government agencies or their partners interested in cloud services that meet government security and compliance requirements, can be confident that Microsoft Azure Government provides world-class security, protection, and compliance services. Azure Government delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. Azure Government services handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks (located in U.S. only).

Answer 156

The correct answer is **Azure Activity Log**. The Azure Activity Log is a service that provides insight into the operations that were performed on resources in your Azure subscription. This includes information about who performed the operation, when it was performed, and the status of the operation. Therefore, it's the appropriate tool to determine which user turned off a specific virtual machine within a given timeframe. Incorrect options, such as Azure Monitor or Access Control, do not provide the same level of detailed audit logging for user activities related to turning off virtual machines. Azure Monitor is more focused on performance monitoring and alerting, while Access Control deals with permissions and access management, not auditing user actions.

Answer 157

Box 1: Yes Box 2: No Box 3: No **Explanation:** * **Box 1: Yes** - With Azure ExpressRoute, all inbound data transfer is free of charge. This statement is correct. While you pay for the ExpressRoute connection itself, inbound data transfer is free. * **Box 2: No** - Inbound data traffic is free but outbound data traffic is not. This statement is the opposite of the truth. Outbound data transfer is not free in Azure. * **Box 3: No** - Data traffic between Azure services located in different regions is free of charge. This statement is incorrect. Data transfer between different Azure regions incurs costs.

Answer 158

A. Azure Event Hubs DISCUSSION: The question asks for a service to collect *events* from multiple resources into a centralized repository. Azure Event Hubs is specifically designed for high-throughput event ingestion. While Azure Monitor collects logs and metrics (which can include events), Event Hubs is the primary service for event ingestion. Azure Analysis Services is for data analytics, and Azure Stream Analytics is for real-time data processing.

Answer 159

B. No DISCUSSION: The solution does not meet the goal. While virtual machine scale sets provide scalability and management benefits, they do not inherently guarantee availability across data centers. If the entire data center where the scale set is deployed fails, the virtual machines within that scale set will become unavailable. To achieve availability across data centers, you need to use Availability Zones or deploy the scale set across multiple regions.

Answer 160

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0014400001.png) be deployed to a separate virtual network. **Explanation:** The correct answer is to deploy the virtual machine to a separate virtual network. Virtual networks in Azure provide a logically isolated network boundary. Virtual machines within the same virtual network can communicate with each other by default, regardless of subnet. To prevent a virtual machine from connecting to others, it must reside in a separate, isolated virtual network. The other options are incorrect because: * **Running a different operating system:** The OS of a VM does not affect network connectivity within the same virtual network. * **Deploying to a separate resource group:** Resource groups are for logical organization and do not provide network isolation. * **Having two network interfaces:** Multiple network interfaces would allow the VM to connect to multiple networks, not prevent connectivity within its primary network.

Answer 161

Box 1: No Box 2: No Box 3: Yes **Explanation:** * **Box 1: You are charged a fee for each Azure resource group that you create. - No** * Resource groups are logical containers for Azure resources and are free of charge. * **Box 2: You are charged data transfer costs for data ingress (inbound) over a VPN gateway. - No** * Data ingress (inbound data transfer) to Azure is generally free. * **Box 3: You are charged data transfer costs for data egress (outbound) over a VPN gateway. - Yes** * Data egress (outbound data transfer) from Azure is generally charged, although some amount is free each month.

Answer 162

D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud DISCUSSION: Option D is the correct answer. Public clouds are based on a shared responsibility model, where multiple organizations use portions of the same infrastructure. This allows for cost savings and scalability. A is incorrect because while the public can access services *in* the cloud, the cloud itself is owned by a provider. B is incorrect because public cloud is not a crowd-sourcing solution. C is incorrect because public cloud resources are not freely accessible to everyone; access is controlled via security measures.

Answer 163

* Yes * No * No **Explanation:** * **Statement 1: An Azure free account has a spending limit. This is currently 200 USD or 150 GBP.** This statement is correct. The Azure free account comes with a credit (typically $200 USD or equivalent) that you can use within the first 30 days. * **Statement 2: Azure free account has a 5 GB blob storage limit and a 5 GB file storage limit.** This statement is incorrect. The Azure free account provides limited free access to storage, but the specific limits for blob and file storage are different. * **Statement 3: Azure free account has a limit of 10 web, mobile or API apps** This statement is incorrect. There are limitations to the services, but not explicitly a limit of 10 web/mobile/api apps.

Answer 164

A. Yes DISCUSSION: The question asks whether the Premier support plan meets the goal of providing phone and email access to support engineers. According to the reference documentation (https://azure.microsoft.com/en-gb/support/plans/), Premier support includes this capability. Therefore, the solution meets the goal. Note however that the Premier support plan is retired, and this question is likely obsolete. Standard and Professional Direct support plans also meet the stated requirement.

Answer 165

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0032400002.png) DISCUSSION: The question relates to Azure Policy and its effect on non-compliant resources. The correct answer is that the VNet will be marked as 'Non-compliant' but will continue to function normally. Azure Policy is designed to enforce standards and assess compliance; it doesn't inherently modify or delete resources that are non-compliant unless remediation tasks are configured within the policy. The discussion entries confirm this understanding, emphasizing that resources are flagged for non-compliance and that the account owner is responsible for remediation.

Answer 166

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0033900002.jpg)

Answer 167

B. No DISCUSSION: The question asks whether recommending a Basic support plan meets the goal of providing access to support engineers by phone or email. The Basic support plan does not offer any technical support from engineers. The Standard, Professional Direct, and Premier support plans do offer access to support engineers via email or phone. Therefore, recommending the Basic support plan does not meet the stated goal.

Answer 168

* No * No * Yes **Explanation:** * **Statement 1: A product that is generally available cannot be updated with new features.** This is **incorrect**. Generally available (GA) means the product is released for public use, but it doesn't preclude future updates and feature additions. Software is constantly updated with new features, bug fixes, and improvements. * **Statement 2: When a new Azure feature is in public preview, you cannot create Azure resources that use the feature.** This is **incorrect**. Public preview is designed to allow users to test and experiment with the new feature. Therefore, you can create Azure resources using the feature. * **Statement 3: Normal service level agreements (SLAs) do not apply to a product that is in public preview.** This is **correct**. According to the reference documentation (Azure Preview Supplemental Terms), services in preview are not covered by standard SLAs.

Answer 169

* Yes * No * Yes **Explanation:** * **Statement 1:** This statement accurately describes the capabilities of Azure Security Center (now Microsoft Defender for Cloud) as a unified security management system for hybrid and multi-cloud environments, including on-premises. * **Statement 2:** This statement is incorrect. While continuous assessment, security recommendations, and secure score are free, there are more than just these two free features in Microsoft Defender for Cloud. * **Statement 3:** This statement correctly identifies that Security Center (Microsoft Defender for Cloud) includes compliance and governance tracking features that measure compliance against defined policies.

Answer 170

* Yes * No * Yes **Explanation:** * **Statement 1: You can use the same account to manage multiple subscriptions. You can create an additional subscription for your account in the Azure portal. You may want an additional subscription to avoid hitting subscription limits, to create separate environments for security, or to isolate data for compliance reasons.** This statement is **TRUE**. Azure allows a single account (typically a Microsoft account or an Azure Active Directory account) to manage multiple Azure subscriptions. * **Statement 2: You can merge two subscriptions into a single subscription. However, you can move some Azure resources from one subscription to another. You can also transfer ownership of a subscription and change the billing type for a subscription.** This statement is **FALSE**. While you can move resources between subscriptions and transfer ownership, Azure does not natively support merging two subscriptions into one. * **Statement 3: A company can have multiple subscriptions and store resources in the different subscriptions. However, a resource instance can exist in only one subscription.** This statement is **TRUE**. Companies often use multiple subscriptions for different environments (dev, test, prod), departments, or projects. A single resource instance (like a VM) can only reside in one subscription.

Answer 171

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0028800002.jpg) DISCUSSION: The question refers to the Just-In-Time (JIT) VM access feature within Azure Security Center. The discussion and linked documentation confirm that Azure Security Center has been renamed to Microsoft Defender for Cloud. Therefore, the correct area to select in the image is where Microsoft Defender for Cloud is located.

Answer 172

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0039100001.png) DISCUSSION: The text in the question describes the conditions under which SLA credits are applied. The image presented as the suggested answer accurately completes the sentence in the initial image, based on the reference article.

Answer 173

* **Azure Synapse Analytics**: Enterprise Data * **Azure Machine Learning**: Predictions * **Azure Functions**: Serverless Compute * **IoT Hub**: Millions of Sensors The correct matches are based on the core functionality of each Azure service: * **Azure Synapse Analytics** is designed for large-scale data warehousing and analytics, suitable for enterprise data needs. * **Azure Machine Learning** focuses on building, training, and deploying machine learning models for predictive analytics. * **Azure Functions** provides a serverless compute environment, allowing code execution without managing infrastructure. * **IoT Hub** is a central message hub for bi-directional communication between IoT applications and the devices (sensors) they manage.

Answer 174

No, Yes, Yes **Explanation:** * **A Platform as a Service (PaaS) solution provides full control of operating systems that host applications.** PaaS abstracts the underlying infrastructure, including the operating system. Therefore, users do not have full control over it. The answer is No. * **A Platform as a Service (PaaS) solution provides additional memory to apps by changing pricing tiers.** PaaS solutions often allow scaling resources like memory and compute power by upgrading to higher pricing tiers. The answer is Yes. * **A Platform as a Service (PaaS) solution can automatically scale the number of instances.** PaaS solutions typically support automatic scaling to handle varying workloads by increasing or decreasing the number of instances. The answer is Yes.

Answer 175

A. private cloud and hybrid cloud only DISCUSSION: The question asks where you can *deploy* physical servers, implying that you have control over the hardware. This is generally the case in private clouds, where an organization owns and manages the infrastructure, and in the private portion of hybrid clouds. Public clouds, on the other hand, typically do not allow customers to directly deploy and manage their own physical servers. Therefore, option A is the most accurate answer. * **A. private cloud and hybrid cloud only:** This is the correct answer, as explained above. * **B. private cloud only:** This is incorrect because hybrid clouds also allow for physical server deployment in their private portion. * **C. private cloud, hybrid cloud and public cloud:** This is incorrect because public clouds generally do not allow customers to deploy their own physical servers. * **D. hybrid cloud only:** This is incorrect because private clouds also allow for physical server deployment.

Answer 176

Yes, No, Yes

Answer 177

- Yes - No - Yes **Explanation:** The first statement is "You can associate a Network Security Group (NSG) to a virtual network subnet." This is TRUE. NSGs can be associated with subnets to filter traffic in and out of the subnet. The second statement is "You can associate a Network Security Group (NSG) to a virtual network." This is FALSE. NSGs cannot be directly associated with a virtual network. They are associated with subnets or network interfaces within the virtual network. The third statement is "You can associate a Network Security Group (NSG) to a network interface." This is TRUE. NSGs can be associated with network interfaces to filter traffic in and out of the specific virtual machine or other resource associated with that network interface.

Answer 178

[Image](https://img.examtopics.com/az-900/image644.png)

Answer 179

A. hybrid DISCUSSION: The correct answer is A. hybrid. A hybrid cloud model combines on-premises infrastructure with a public cloud, allowing data and applications to be shared between them. In this scenario, the on-premises virtual machines and the Azure virtual machines represent a hybrid cloud setup. Options B and C are incorrect because: - A private cloud is infrastructure operated solely for a single organization, which is not the case here since Azure is a public cloud offering. - A public cloud is infrastructure made available to the general public, but the presence of on-premises VMs indicates this is not solely a public cloud.

Answer 180

ABE DISCUSSION: The correct answer is ABE. * **A. Use Bash in Azure Cloud Shell:** Azure Cloud Shell is a browser-based shell accessible from any device with a web browser, including an Android tablet. It provides a command-line interface to manage Azure resources using Bash. * **B. Use PowerShell in Azure Cloud Shell:** Similar to Bash, PowerShell in Azure Cloud Shell is also accessible through a web browser and provides a command-line interface for managing Azure resources using PowerShell. * **E. Use the Azure portal:** The Azure portal is a web-based interface accessible from any device with a web browser, including an Android tablet. It provides a graphical user interface to manage Azure resources. * **C. Use the PowerApps portal:** The PowerApps portal is used for building custom business applications and workflows, not for managing Azure infrastructure like creating VMs. * **D. Use the Security & Compliance admin center:** The Security & Compliance admin center is focused on security and compliance features and does not provide the functionality to create Azure virtual machines.

Answer 181

C. public **Explanation:** The question asks about a cloud model where hardware resources are owned by a third party and shared between multiple tenants. * **C. Public** is the correct answer because public clouds are owned and operated by third-party providers (e.g., AWS, Azure, GCP), and their resources are shared among multiple tenants (customers). * **A. Private** is incorrect because private clouds are dedicated to a single organization and are not shared with other tenants. * **B. Hybrid** is incorrect because hybrid clouds are a combination of public and private cloud resources, not exclusively owned by a third party and shared.

Answer 182

* No * No * No **Explanation:** * **Statement 1: Not all Azure regions support availability zones.** This statement is **false**. While Microsoft is expanding availability zone support, not all Azure regions currently have them. * **Statement 2: Availability zones can be used with many Azure services, not just VMs.** This statement is **false**. Availability Zones support virtual machines running both Windows and Linux operating systems. * **Statement 3: Availability Zones are unique physical locations within a single Azure region.** This statement is **false**. Availability zones are used to replicate data and applications within the same Azure region to provide high availability and fault tolerance. Replicating data and applications to multiple regions is typically handled by other services such as Azure's paired regions or geo-redundant storage.

Answer 183

D. **Explanation:** * **Correct:** Azure Policy allows you to define rules and effects for resource deployments. You can create a policy that denies the creation of virtual machines while allowing other resource types to be created in the resource group. * **Incorrect A:** Locks can prevent deletion or modification, but they typically apply to all resources within a scope. While you *could* lock the resource group, it would prevent the creation of *all* objects, not just VMs. This does not fulfill the requirement that other objects can be created in RG1. * **Incorrect B:** Azure roles control access and permissions. While you could create a custom role, it's not the ideal way to prevent the creation of virtual machines specifically while allowing other resource types. * **Incorrect C:** Tags are metadata that you can apply to resources. They are useful for organization and cost tracking but do not provide a mechanism to prevent resource creation.

Answer 184

* **Public Cloud**: No required CapEx * **Private Cloud**: Complete control over security * **Hybrid Cloud**: Choice between on-premise or cloud-based

Answer 185

* No * Yes * Yes **Explanation:** * **Statement 1: Microsoft operates Microsoft Azure China. - No** * This statement is incorrect. Microsoft Azure China is operated by 21Vianet, a Chinese company. It is a physically separated instance of Azure. * **Statement 2: Microsoft staff who possess United States citizenship operate Microsoft Azure Government. - Yes** * This statement is correct. Microsoft Azure Government is operated by screened U.S. citizens. * **Statement 3: Microsoft operates all Microsoft Azure regions. - Yes** * This statement is correct. Except for Azure China, Microsoft operates all Microsoft Azure regions.

Answer 186

* No * Yes * Yes **Explanation:** * **Statement 1: Building a data center infrastructure is operation expenditure.** * **Correct Answer: No** Building a data center is a major, long-term investment. This aligns with the definition of Capital Expenditure (CapEx), not Operational Expenditure (OpEx). * **Statement 2: OpEx is ongoing costs (costs of operations) such as staff salaries.** * **Correct Answer: Yes** Staff salaries are recurring, day-to-day costs associated with running a business, which falls under the definition of Operational Expenditure (OpEx). * **Statement 3: OpEx is ongoing costs (costs of operations) such as leasing software.** * **Correct Answer: Yes** Leasing software is a recurring cost (usually monthly or annually) that is necessary for business operations, making it an Operational Expenditure (OpEx). A one-off software purchase would be CapEx.

Answer 187

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0010900001.png)

Answer 188

C. Azure Monitor

Answer 189

Box 1: No - Resource groups are logical containers for Azure resources. You do not pay for resource groups. Box 2: No - Data ingress over a VPN is data 'coming in' to Azure over the VPN. You are not charged data transfer costs for data ingress. Box 3: Yes - Data egress over a VPN is data 'going out' of Azure over the VPN. You are charged for data egress. The correct answer is No, No, Yes. * **Box 1: No** - Resource groups are free logical containers. * **Box 2: No** - Data ingress (incoming data) to Azure is free. * **Box 3: Yes** - Data egress (outgoing data) from Azure is charged.

Answer 190

Yes, Yes, No **Explanation:** * **Statement 1: The General Data Protection Regulation (GDPR) defines requirements for organizations that collect and process personal information of EU citizens. - YES:** This is a fundamental and accurate description of the GDPR's purpose. * **Statement 2: The GDPR applies to companies that provide goods and services to individuals in the EU. - YES:** The GDPR applies even if the company is not based in the EU, if they are offering goods and services to EU residents and processing their data. * **Statement 3: The GDPR applies to all organizations, regardless of their location. - NO:** The GDPR has a global reach but doesn't apply to *all* organizations. It specifically targets organizations processing the data of EU residents, regardless of the organization's location. If an organization is not processing data of EU residents, GDPR does not apply to them.

Answer 191

A. Yes DISCUSSION: The question states that the company's support policy requires access to support engineers by phone or email. The Standard support plan offers access to support engineers via both phone and email. Therefore, recommending the Standard support plan does meet the stated goal. Option B is incorrect because the Standard plan does satisfy the requirement.

Answer 192

A. Yes DISCUSSION: Deploying virtual machines to two or more regions does meet the goal of ensuring services are available if a single data center fails. Regions are designed to provide redundancy and fault tolerance across geographically separate locations. While Availability Zones within a region offer protection against data center failures, deploying across regions provides an additional layer of protection against broader regional outages. Therefore, this solution is a valid approach to meet the stated goal. Option B is incorrect because deploying to multiple regions does indeed contribute to higher availability in the event of a data center failure.

Answer 193

D. a pay-as-you-go subscription DISCUSSION: The consensus from the discussion is that a pay-as-you-go subscription (Option D) is sufficient to use Azure Cost Management. Many users confirm that they can access Cost Management with a pay-as-you-go subscription. While an Enterprise Agreement (EA) also supports Cost Management, it is not a strict requirement. A Dev/Test subscription and Software Assurance are not directly related to the requirements for using Azure Cost Management.

Answer 194

B. Platform as a Service (PaaS) DISCUSSION: The question asks for a solution that minimizes administrative effort. PaaS solutions like Azure App Service handle the underlying infrastructure (servers, OS, patching, etc.), allowing developers to focus on deploying and managing the application code itself. Option A (SaaS) provides a complete software solution managed by a third party, which isn't suitable for migrating your own web application. SaaS is for using someone else's application, not managing your own. Option C (IaaS) requires the most administrative overhead, as you are responsible for managing the operating system, virtual machines, and other infrastructure components. Option D (DaaS) is specifically for database solutions and doesn't address the broader requirements of managing a web application.

Answer 195

YNN **Explanation:** * **The cost of Azure resources can vary between regions:** This is **correct (Yes)**. The cost of resources depends on factors such as infrastructure costs, local taxes, and demand in a particular region. * **Azure Reservations allow you to reserve server capacity in a specific data center:** This is **incorrect (No)**. Azure Reservations allow you to reserve capacity for specific Azure services and resources, such as virtual machines, within a region or availability zone. They do not reserve physical server capacity at a specific data center. * **You can stop an Azure SQL Database instance to decrease costs:** This is **incorrect (No)**. While you can scale down an Azure SQL Database to reduce costs, you cannot completely stop it in the same way you can deallocate a virtual machine and stop incurring compute costs. Azure SQL Database is a managed service, and you continue to be billed for provisioned resources. While there appears to be conflicting information, the general consensus is that you cannot simply stop an Azure SQL Database instance to stop billing, instead, you would need to scale it down.

Answer 196

No, Yes, Yes

Answer 197

B. Azure Service Health DISCUSSION: Azure Service Health is the correct answer. It is designed to provide notifications about planned maintenance events that may affect your Azure resources. A. Azure Monitor is used for monitoring and diagnostics, not specifically for planned maintenance notifications. C. Azure Advisor provides recommendations for improving Azure resources but does not primarily focus on maintenance notifications. D. Microsoft Trust Center provides general information about Microsoft's security and compliance practices, not specific notifications about Azure maintenance.

Answer 198

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0030200002.png) DISCUSSION: The question refers to advanced monitoring capabilities for compliance and governance. The correct answer is the image displaying "Microsoft Defender for Cloud" (formerly Azure Security Center). This service provides tools to track and manage compliance, providing a measure of how compliant subscriptions are with policies. The other options don't relate to tracking compliance across an Azure environment.

Answer 199

Box 1: No - Nested resource groups are not allowed. Box 2: No - Each resource can exist in only one resource group. Box 3: Yes - Resources from multiple different regions can be placed in a resource group. The resource group only contains metadata about the resources it contains. The statement in Box 1 is false because nested resource groups are not allowed, and resource groups store metadata, not other resource groups. The statement in Box 2 is false because each resource can only belong to one resource group. The statement in Box 3 is true because a resource group can contain resources from any region, as it only stores metadata.

Answer 200

* **Azure Sphere** -> A secured, high-level application platform with built-in communication and security features for internet-connected devices. * **Azure IoT Central** -> A fully-managed global IoT SaaS solution that makes it easy to connect, monitor, and manage your IoT assets at scale. * **Azure IoT Hub** -> A managed service hosted in the cloud that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. **Explanation of why the answer is correct:** * **Azure Sphere** is designed to secure IoT devices, providing a comprehensive security solution from the hardware to the cloud. The description accurately reflects its purpose of securing internet-connected devices. * **Azure IoT Central** is a SaaS solution focused on simplifying IoT management. The description correctly identifies its role in connecting, monitoring, and managing IoT assets at scale without requiring extensive infrastructure management. * **Azure IoT Hub** serves as the central communication point for IoT solutions, enabling bidirectional communication between devices and applications. The description accurately portrays its function as a message hub.

Answer 201

[Image](https://img.examtopics.com/az-900/image631.png) DISCUSSION: Based on the provided discussion and the most up-to-date information, the correct answer is Microsoft 365 Admin Center. Many users have confirmed that Compliance Manager can be accessed through the Microsoft 365 Admin Center. Some suggest it has moved to Microsoft Purview Compliance Manager. The Microsoft Service Trust Portal is mentioned, but it seems the primary access point has shifted. The Azure portal is not the correct answer as Compliance Manager is not directly accessed from there.

Answer 202

A. Azure Sentinel DISCUSSION: The question asks for a solution to collect and automatically analyze security events from Azure AD. Azure Sentinel is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution. It's designed for intelligent security analytics and threat intelligence across the enterprise, including collecting data from Azure AD. Option B, Azure Synapse Analytics, is an analytics service, but not designed specifically for security event analysis. Option C, Azure AD Connect, is for synchronizing on-premises identities to Azure AD. Option D, Azure Key Vault, is for securely storing secrets, not security event analysis.

Answer 203

No Yes No **Explanation:** * **Azure Backup is an example of Platform as a Service (PaaS).** is **No**. Azure Backup is considered Backup as a Service (BaaS), which falls under Infrastructure as a Service (IaaS) in some contexts and PaaS in others. Many references indicate that it is architected as PaaS. * **Software as a Service (SaaS) provides a complete operating environment for developing and deploying applications.** is **Yes**. PaaS provides the environment for developing and deploying applications, not SaaS. * **With Software as a Service (SaaS), software updates MUST be applied immediately by the user.** is **No**. With SaaS, the provider manages the infrastructure and software, including updates. Users typically do not have to apply updates themselves, and updates are not necessarily applied immediately.

Answer 204

* No * No * Yes **Explanation:** * **Azure Virtual Desktop supports only Windows 10 and Windows 11 operating systems:** This statement is **incorrect**. Azure Virtual Desktop supports other operating systems like Windows 7 Enterprise, Windows Server 2012 R2, 2016, and 2019. The question specifically states "only Windows 10 and Windows 11," making the statement false. * **You can configure a maximum session limit for each host pool:** This statement is **incorrect**. The maximum session limit is configured per session host, not per host pool. * **You can use Azure Virtual Desktop to provide users access to individual applications:** This statement is **correct**. Azure Virtual Desktop supports RemoteApps, allowing users to access individual applications instead of a full desktop.

Answer 205

B. Azure Functions DISCUSSION: Azure Functions is the correct answer because it is a serverless compute service that enables you to run code without provisioning or managing servers. A. Azure Virtual Machines provides virtualized computing resources, but requires you to manage the underlying infrastructure, so it's not serverless. C. Azure Storage Account provides storage services, not compute. D. Azure Dedicated Hosts provide physical servers dedicated to one Azure subscription, which is the opposite of serverless computing.

Answer 206

B. Use Azure Hybrid Benefit. DISCUSSION: The question specifically asks about minimizing *licensing* costs. Azure Hybrid Benefit allows you to use your existing on-premises Windows Server and SQL Server licenses on Azure, thus reducing licensing costs. Option A, deallocating virtual machines during off hours, reduces compute costs, not licensing costs. Option C, configuring Azure Cost Management budgets, helps you track and manage costs but does not directly reduce licensing expenses. Option D, using Azure reservations, reduces the cost of the virtual machines themselves, but not the SQL Server licenses. Therefore, it does not directly address the specific request of minimizing licensing costs.

Answer 207

Yes Yes Yes

Answer 208

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0012700002.png) DISCUSSION: The correct answer is the image showing "Availability Zones ARE unique physical locations within an Azure region.". This is because Availability Zones are defined as physically separate locations within an Azure region that are designed to be isolated from each other, thus providing high availability and fault tolerance. The other image suggests that an availability zone *has* locations, which is not correct. The zone *is* a location.

Answer 209

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0035000002.png)

Answer 210

C. Azure Security Center The question asks about evaluating an Azure environment against regulatory requirements. Azure Security Center (now known as Microsoft Defender for Cloud) provides advanced monitoring capabilities to track and manage compliance and governance. It assesses resources against security benchmarks and regulatory standards, providing a measure of compliance. Option A is incorrect because Azure Service Health informs you about the health of Azure services, not regulatory compliance. Option B is incorrect because Azure Knowledge Center is a general repository of information, not a compliance tool. Option D is incorrect because Azure Advisor provides recommendations for optimizing Azure resources, but it does not focus specifically on regulatory compliance.

Answer 211

B. an Azure policy DISCUSSION: The correct answer is B. Azure Policy allows you to define and enforce rules, including restricting resource creation to specific regions. A read-only lock (Option A) prevents modification or deletion of existing resources but doesn't restrict the creation of new resources. A management group (Option C) is used to organize subscriptions and apply governance conditions, but it does not inherently restrict resource creation to specific regions. A reservation (Option D) is used to prepay for specific services for a defined period and does not restrict resource creation.

Answer 212

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0013600002.png)

Answer 213

No Yes No **Explanation:** * **Statement 1: A solution that uses Microsoft SQL Server installed on an Azure virtual machine (VM) is an example of a software as a service (SaaS) offering.** This statement is incorrect. When you install SQL Server on an Azure VM, you are responsible for managing the operating system, the SQL Server instance, and the underlying infrastructure. This falls under Infrastructure-as-a-Service (IaaS). Therefore, the correct answer is No. * **Statement 2: Azure SQL Database is an example of a platform as a service (PaaS) offering.** This statement is correct. Azure SQL Database is a fully managed database service, meaning Microsoft handles the infrastructure, patching, and backups. This is a key characteristic of PaaS. Therefore, the correct answer is Yes. * **Statement 3: Azure Cosmos DB is an example of a software as a service (SaaS) offering.** This statement is incorrect. Azure Cosmos DB is a fully managed NoSQL database service provided by Azure. It is a Platform-as-a-Service (PaaS) offering, not SaaS. Therefore, the correct answer is No.

Answer 214

Azure Pay-As-You-Go pricing is an example of CapEx. **No** Paying electricity for your datacenter is an example of OpEx. **Yes** Deploying your own datacenter is an example of CapEx. **Yes** **Explanation:** * **Azure Pay-As-You-Go pricing is an example of CapEx: No** - Pay-as-you-go pricing is an example of Operational Expenditure (OpEx) because you are paying for what you use. There is no capital investment required. * **Paying electricity for your datacenter is an example of OpEx: Yes** - Paying for electricity is a recurring cost needed to operate a datacenter, which is an operational expenditure (OpEx). * **Deploying your own datacenter is an example of CapEx: Yes** - Deploying your own datacenter requires significant upfront investment in hardware, real estate, and other infrastructure. This represents a capital expenditure (CapEx).

Answer 215

B. Azure Sentinel DISCUSSION: Azure Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management) solution. * **A. Azure Analysis Services:** Provides enterprise-grade data modeling in the cloud. It's for business intelligence, not SIEM. * **C. Azure Information Protection:** A cloud-based solution that helps organizations classify and protect their documents and emails. It's focused on data protection, not SIEM. * **D. Azure Cognitive Services:** Provides AI algorithms that you can use to develop intelligent applications. It is not a SIEM solution.

Answer 216

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0037200002.png) DISCUSSION: The question states that the composite SLA is 99.95% * 99.99% = 99.94%. The question asks the maximum downtime you would *expect*. The Hot Area provided in the question must be selected. The only option available to select is the one that contains '99.94%'.

Answer 217

BCE DISCUSSION: The question asks for configurations that can run a PowerShell script to create Azure resources. * **Option B is correct:** A Windows 10 computer with the Azure PowerShell module installed can run the script. The Azure PowerShell module provides the necessary cmdlets to manage Azure resources. * **Option C is correct:** A Linux computer with the Azure PowerShell module installed can also run the script. The Azure PowerShell module is cross-platform and supports Linux. PowerShell Core is a prerequisite, and while it's not explicitly mentioned, the presence of the Azure PowerShell module implies PowerShell is present. * **Option E is correct:** Azure Cloud Shell, accessible through a web browser on Chrome OS, provides a pre-configured environment with Azure PowerShell, allowing the script to run. * **Option A is incorrect:** While macOS supports PowerShell, the prompt mentions PowerShell Core 6.0 which might not be compatible with the latest Azure PowerShell module. * **Option D is incorrect:** The Azure CLI is a separate command-line tool and cannot directly execute PowerShell scripts. While it can be used to call PowerShell scripts, it's not a direct solution as requested by the question.

Answer 218

C. an Azure App Service and Azure SQL databases. DISCUSSION: The question requires selecting only PaaS solutions. Azure App Service and Azure SQL Databases are PaaS offerings. Option A is incorrect because Azure Virtual Machines and Azure Storage accounts are IaaS. Option B is incorrect because Azure Virtual Machines are IaaS. Option D is incorrect because Azure storage accounts can be either IaaS or PaaS depending on how they are used, and Azure virtual machines are IaaS. Also a "web server in Azure virtual machines" implies IaaS.

Answer 219

A and D DISCUSSION: The question requires high availability in the event of a single data center failure. Option A is correct because availability zones are physically separate locations within an Azure region. Deploying virtual machines across multiple availability zones ensures that if one data center fails, the virtual machines in the other zones will remain available. Option D is correct because regions are geographically separate. Deploying virtual machines to two or more regions ensures that if an entire region (which contains multiple datacenters) fails, the virtual machines in the other region(s) will remain available. Option B is incorrect because resource groups are logical containers and do not provide any availability benefits. Virtual machines within the same resource group can still be affected by a single data center failure. Option C is incorrect because a scale set, by itself, does not provide protection against a data center failure. While scale sets can improve scalability and management, they typically reside within a single availability zone or region. For higher availability, scale sets need to be combined with availability zones or regions.

Answer 220

Yes, No, Yes. **Explanation:** * **Statement 1: To use Azure Active Directory (Azure AD) credentials to sign in to a computer that runs Windows 10, the computer must be joined to Azure AD.** This statement is correct. To directly sign in to a Windows 10 computer using Azure AD credentials, the computer needs to be Azure AD joined. * **Statement 2: Users in Azure Active Directory (Azure AD) are organized by using resource groups.** This statement is incorrect. Resource groups are used to organize Azure resources, not Azure AD users. Azure AD users are organized using directories, domains, and organizational units (OUs). * **Statement 3: Azure Active Directory (Azure AD) groups support dynamic membership rules.** This statement is correct. Azure AD groups can have dynamic membership rules that automatically add or remove users based on their attributes.

Answer 221

An Azure Policy initiative is a collect of policy definitions.

Answer 222

Yes, No, Yes **Explanation** * **Statement 1: Yes.** Reservations do offer discounted pricing in exchange for a commitment to use a resource for a specified duration (1 or 3 years). * **Statement 2: No.** The size of the virtual machine impacts cost, and so do other factors like attached disks, but the question implies that the disk config could be different *for the same size*. While this is *possible*, the statement is designed to confuse you. The key here is to look at the question literally -- if two VM's are the same size, their only cost differences would be the attached disks. * **Statement 3: Yes.** When a VM is stopped (deallocated), you stop paying for the compute costs, but you are still billed for the storage used by the associated disks. If the VM is only stopped (not deallocated), you continue to pay for the compute.

Answer 223

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0037900002.png) Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the alert condition of the budget. Cost Management budgets are created using the Azure portal or the Azure Consumption API.

Answer 224

A. Yes DISCUSSION: The goal is to reduce Azure costs. Public IP addresses incur costs when they are allocated, regardless of whether they are actively used. Therefore, removing unused public IP addresses will directly contribute to cost reduction. Thus, the solution meets the goal. Option B is incorrect because removing unused resources that incur charges, such as public IP addresses, will reduce costs.

Answer 225

CD Azure Government is designed to meet the compliance and security requirements of US government entities and their contractors. Therefore, options C and D are the correct choices. A: Incorrect. Azure Government is specifically for the US government and its contractors. B: Incorrect. Azure Government is specifically for the US government and its contractors. E: Incorrect. Azure Government is specifically for the US government and its contractors.

Answer 226

B. Management Groups are containers for managing Azure subscriptions and applying policies, but they do not directly automate the creation of Azure resources. While they can help with governance and organization, tools like Azure Resource Manager (ARM) templates, Azure Blueprints, or Infrastructure as Code (IaC) tools are necessary to automate resource creation. Therefore, the proposed solution does not meet the stated goal.

Answer 227

B. The question asks for a strategy that reduces the *effect on users* after migration. While MFA enhances security, it doesn't directly address the user experience of accessing resources post-migration. In fact, it could be argued that it *increases* the effect on users because it requires them to perform an additional authentication step. A better solution would be to synchronize the on-premise AD accounts with Azure AD, so that users can use the same credentials in both environments.

Answer 228

B. No Explanation: A local network gateway is used to connect an on-premises network to an Azure virtual network, not to control connections between servers within Azure. To control connections between web servers and database servers within Azure, Network Security Groups (NSGs) should be used. These allow you to define rules for inbound and outbound traffic. Therefore, the solution does not meet the goal.

Answer 229

B DISCUSSION: The question explicitly states the desire to keep expenses to a minimum. While the Professional Direct support plan does offer design assessments, it is a more expensive option. A less expensive plan, such as the Standard support plan, might also offer design assessments, thus better meeting the "minimum expense" requirement. Therefore, the proposed solution does not necessarily meet the stated goal.

Answer 230

A. Standard DISCUSSION: The correct answer is A. Standard. Here's why: * **Custom Domains:** Basic, Shared, and Standard support custom domains. * **Storage:** Basic and Standard offer sufficient storage. * **Dedicated Compute Instances:** Basic supports up to 3 instances, while Standard supports more and allows for dedicated compute instances for each web app. * **Load Balancing:** Only Standard and above tiers support load balancing. * **Cost:** Standard is more cost-effective than Premium or Isolated while meeting all requirements. Options B, C, and D are incorrect because they do not fulfill all the necessary requirements, especially the load balancing requirement or the ability to have dedicated compute instances for each of the 10 web apps.

Answer 231

B. No DISCUSSION: The correct answer is B. The term "elastic expenditure model" is not a recognized term within Azure's cost management or billing structure. Azure primarily uses "pay-as-you-go" and "reserved instances" as its main expenditure models. Therefore, recommending an "elastic expenditure model" does not align with Azure's established practices, making the solution incorrect. Option A is incorrect because the stated solution does not use a valid expenditure model.

Answer 232

B. the Azure portal C. Azure Cloud Shell DISCUSSION: The question specifies managing an Azure web app from an iPhone. The Azure portal (Option B) can be accessed via a web browser on an iPhone, allowing management of Azure resources. Azure Cloud Shell (Option C) is browser-based and accessible on an iPhone, providing a command-line interface for managing Azure resources. Azure CLI (Option A) requires a command-line interface, which is not directly available on an iPhone without using Cloud Shell or a similar service. Windows PowerShell (Option D) is also not directly available on an iPhone. Azure Storage Explorer (Option E) is a desktop application, not directly usable on an iPhone for managing web app settings.

Answer 233

A. Yes DISCUSSION: The question asks whether using Infrastructure as a Service (IaaS) is an appropriate solution for deploying Azure virtual machines. Since VMs are a prime example of IaaS, the solution does meet the goal. Therefore, option A is correct. Option B is incorrect because IaaS is indeed suitable for deploying virtual machines.

Answer 234

B. No DISCUSSION: The solution does not meet the goal. The term "scalable expenditure model" is not a standard or recognized term within Azure's cost management framework. Azure's pay-as-you-go model is best described as an operational expenditure (OpEx) model, or simply "pay-as-you-go". Option A is incorrect because "scalable expenditure model" is not an accurate or standard term for Azure's pay-as-you-go subscription model.

Answer 235

A. Yes DISCUSSION: The question describes a scenario where a company is migrating to Azure using a pay-as-you-go subscription. The solution recommends using the operational expenditure (OpEx) model. This aligns with the nature of pay-as-you-go subscriptions, where costs are treated as ongoing operational expenses rather than upfront capital investments. Therefore, the solution meets the goal. Option B is incorrect because the operational expenditure model is indeed the correct expenditure model for a pay-as-you-go subscription.

Answer 236

B. No DISCUSSION: To achieve a 99.99% availability SLA in Azure, the virtual machines must be deployed across at least two Availability Zones. Deploying two virtual machines in a single availability zone does not provide the required redundancy to guarantee 99.99% availability, as a single zone can still be a point of failure. Therefore, the proposed solution does not meet the stated goal. Option A is incorrect because the solution does not meet the requirements for 99.99% availability.

Answer 237

A. Yes DISCUSSION: The solution meets the goal. Azure guarantees 99.99% availability when two or more virtual machines are deployed across two or more Availability Zones in the same Azure region. Using two VMs and two Availability Zones is the minimum configuration to achieve this SLA. Therefore, option A is correct. Option B is incorrect because the solution does meet the stated goal.

Answer 238

B. No DISCUSSION: The solution does not meet the goal. To achieve a 99.99% availability SLA, Azure requires at least two virtual machines deployed across two or more Availability Zones within the same region. A single virtual machine, even if associated with multiple availability zones, cannot provide the required redundancy and failover capabilities to meet the 99.99% SLA. Option A is incorrect because deploying a single VM does not meet the availability requirements.

Answer 239

C. Configure a Point-to-Site (P2S) VPN. DISCUSSION: A Point-to-Site (P2S) VPN is the correct solution for allowing individual remote workers to securely connect to an Azure Virtual Network from various locations. * **A (Incorrect):** A Site-to-Site (S2S) VPN connects an entire on-premises network to an Azure virtual network, not individual users. * **B (Incorrect):** A VNet-to-VNet VPN connects two Azure Virtual Networks together. * **D (Incorrect):** DirectAccess is a remote access technology, but it's deprecated and not the recommended approach in Azure. Also, it would require a Windows Server VM. * **E (Incorrect):** A Multi-Site VPN is a variation of Site-to-Site VPN, connecting multiple on-premises networks to an Azure Virtual Network. It does not address the need for individual remote worker access.

Answer 240

B. No DISCUSSION: The solution does not meet the goal. Azure Information Protection (AIP) is designed for classifying, labeling, and protecting documents and emails, not for encrypting administrative credentials used during server deployment. A more suitable solution for securely storing and managing secrets like administrative credentials is Azure Key Vault. Azure Key Vault allows you to safeguard cryptographic keys, certificates, and secrets used by cloud applications and services. Therefore, using AIP would not address the requirement of encrypting administrative credentials during deployment.

Answer 241

A. Yes DISCUSSION: The question asks whether Azure AD Identity Protection can be used to encourage password changes for users connecting from unidentified IP addresses. The discussion and several user comments confirm that Azure AD Identity Protection can detect risks like sign-ins from anonymous IP addresses and can be configured to prompt users for password changes in such scenarios. Therefore, the solution meets the goal. Option B is incorrect because Azure AD Identity Protection is designed to identify and respond to risky sign-in behavior, including those from unidentified IP addresses.

Answer 242

B. No DISCUSSION: The solution does not meet the goal. Azure AD Privileged Identity Management (PIM) is designed to manage, control, and monitor access to important resources in your organization. It is not designed to automatically prompt users to change their passwords based on connecting from an unidentified IP address. The correct service would be Azure AD Identity Protection, which can detect risky sign-ins (like those from unfamiliar locations) and enforce password changes.

Answer 243

B. No DISCUSSION: The proposed solution involves using multiple Azure AD directories. While this would technically segment the resources, it significantly increases administrative overhead. Managing multiple directories requires separate management for each, leading to duplicated efforts and potential inconsistencies. A better approach is to use a single Azure AD directory with features like Management Groups, Subscriptions, Resource Groups, and Role-Based Access Control (RBAC) to delegate permissions and segment resources within the same directory, which minimizes administrative effort. Therefore, the proposed solution does not meet the goal.

Answer 244

A. Yes DISCUSSION: The question asks whether recommending Azure DevTest Labs is a suitable solution to reduce administrative effort for deploying and removing a large number of custom VMs weekly. The discussion and various user comments overwhelmingly support the use of Azure DevTest Labs for this scenario. DevTest Labs is specifically designed for managing development and testing environments, offering features like rapid VM provisioning, cost management, automation, and support for both Windows and Linux VMs. This aligns perfectly with the requirements outlined in the question, making it the correct choice. Therefore, the answer is A. Yes.

Answer 245

B. No DISCUSSION: The correct answer is B. Azure Virtual Machines are an Infrastructure as a Service (IaaS) offering, not a Platform as a Service (PaaS) offering. IaaS provides the infrastructure for you to manage, including the operating system, while PaaS provides a platform for developing and deploying applications without managing the underlying infrastructure.

Answer 246

B. No DISCUSSION: While Azure Machine Learning Studio (classic) could be used to build, test, and deploy predictive analytics solutions, it is now outdated and has been replaced by Azure Machine Learning. Therefore, using only Azure Machine Learning Studio (classic) does not fully meet the goal of deploying a modern AI solution in Azure. Therefore, selecting NO is the correct answer.

Answer 247

B. The solution does not meet the goal. Azure API Management is used for managing and securing APIs, not for automatically creating Azure resources. Azure Resource Manager (ARM) templates, Azure Bicep, Terraform, or Azure Blueprints would be more appropriate for automating the creation of Azure resources. Therefore, recommending Azure API Management for this purpose is incorrect.

Answer 248

A. Yes DISCUSSION: The question asks if recommending Azure Resource Manager (ARM) templates is a suitable strategy for automatically creating identical Azure resources for multiple business units. ARM templates allow you to define infrastructure as code, enabling consistent and repeatable deployments. Therefore, recommending ARM templates does meet the goal of automating Azure resource creation. Option B is incorrect because ARM templates are specifically designed for this type of automation.

Answer 249

B. No DISCUSSION: The solution does not meet the goal. Azure Reserved VM Instances are best suited for long-term, consistent workloads where you commit to using specific VM types for one or three years to receive a discount. They are not designed for short-term, frequently changing deployments like the weekly deployment and removal of VMs described in the scenario. Azure DevTest Labs would be a more appropriate solution for this scenario, as it allows for quick creation of environments using reusable templates and artifacts, specifically designed for development and testing purposes.

Answer 250

A. Yes DISCUSSION: The question asks whether using Network Security Groups (NSGs) meets the goal of controlling connection types between web and database servers in Azure. NSGs allow filtering network traffic to and from Azure resources, including specifying source, destination, port, and protocol. Therefore, using NSGs is an appropriate solution for controlling connections. Option B is incorrect because NSGs are specifically designed for controlling network traffic, which directly addresses the problem.

Answer 251

A. Yes DISCUSSION: The question asks for a strategy to reduce the impact on users during and after a migration to Azure AD, followed by retirement of the on-premises AD. Synchronizing the on-premises AD user accounts to Azure AD using a tool like Azure AD Connect allows users to use the same credentials they were using on-premises, minimizing disruption. Therefore, the solution meets the goal. Option B is incorrect because syncing user accounts is a standard practice to minimize user impact during such a migration.

Answer 252

B. Read-only geo-redundant storage DISCUSSION: The correct answer is B. Read-only geo-redundant storage (RA-GRS). RA-GRS replicates data to a secondary region and provides read access to the data in the secondary region at all times. Option A, Geo-redundant storage (GRS), replicates data to a secondary region, but read access is only available in the secondary region during a failover. Option C, Zone-redundant storage (ZRS), replicates data across multiple availability zones within a single region. This does not meet the requirement of storing data in separate geographic locations. Option D, Locally redundant storage (LRS), replicates data within a single data center. This does not meet the requirement of storing data in separate geographic locations. Note: Many users have pointed out that "Read-only geo-redundant storage" is not the correct term. It should be "Read-access geo-redundant storage".

Answer 253

A. Fault tolerance Fault tolerance is the ability of a system to continue operating without interruption when one or more of its components fail. In this scenario, implementing fault tolerance, likely through Availability Zones, will ensure that if one Azure data center goes offline, the servers in another zone will continue to operate. Elasticity is the ability to dynamically adjust resources to meet changing demands. Scalability is the ability to increase the capacity of a system. Low latency refers to minimizing delays in data transfer. None of these three directly address the requirement of maintaining availability during a data center outage.

Answer 254

D. metered pricing E. self-service management DISCUSSION: The correct answers are D and E. Public clouds are characterized by metered pricing, where users pay for the resources they consume, and self-service management, allowing users to provision and manage resources independently. A is incorrect because public clouds use shared hardware, not dedicated hardware. B is incorrect because public cloud connections are secured through various security measures. C is incorrect because public clouds offer virtually unlimited storage.

Answer 255

C. elasticity

Answer 256

D. A hybrid cloud

Answer 257

D. Standard DISCUSSION: The question requires selecting a support plan that allows for an architectural review of an Azure environment while minimizing costs, given that the company currently has a Basic support plan. Option A, Premier, is incorrect because while it offers architecture support including design reviews, it is the most expensive option. The question explicitly states the need to minimize costs. Additionally, several users in the discussion note that the Premier plan is no longer readily available. Option B, Developer, is incorrect. While it is cheaper than other plans, it is intended for non-production environments and provides only general architectural guidance, not a formal review. Option C, Professional Direct, is incorrect because although it includes architectural guidance based on best practices, it is more expensive than the Standard plan. The question emphasizes minimizing costs. Option D, Standard, is the correct answer. It provides access to architectural reviews and other features suitable for production workloads, making it a cost-effective option compared to Professional Direct and Premier.

Answer 258

B. the public IP addresses DISCUSSION: The correct answer is B, the public IP addresses. Azure charges for public IP addresses, so removing unused ones will reduce costs. A is incorrect because network interfaces themselves do not incur costs when unused. C is incorrect because Azure AD groups do not incur costs. D is incorrect because the base Azure AD license includes a certain number of users, and the question specifies these are unused, implying they're within the included limit.

Answer 259

* No * Yes * Yes **Explanation:** * **Azure Sentinel stores collected events in an Azure Storage account:** No. Azure Sentinel stores collected events in a Log Analytics workspace, not directly in Azure Storage. While it can export logs to Azure Storage, the primary storage location is Log Analytics. * **Azure Sentinel can remediate incidents automatically:** Yes. Azure Sentinel uses Playbooks to automate incident remediation. These playbooks are collections of procedures that can be run automatically in response to security incidents. * **Azure Sentinel can collect Windows Defender firewall logs from Azure VMs:** Yes. Azure Sentinel can collect logs from various sources, including Windows Defender firewall logs from Azure VMs. These logs can then be analyzed to detect potential security threats.

Answer 260

* Box 1: Azure Sentinel - Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. * Box 2: Azure Security Center - The central feature in Security Center that enables you to achieve those goals is secure score. * Box 3: Azure Key Vault - Storing passwords **Explanation:** * **Azure Sentinel** is a SIEM and SOAR solution for security information and event management. * **Azure Security Center** provides a secure score to help manage and improve the security posture of your Azure environment. * **Azure Key Vault** is a service for securely storing secrets, such as passwords, keys, and certificates. The other options are incorrect because: * "Azure Active Directory (Azure AD) is an identity and access management service, which helps your employees sign in and access resources" describes Azure AD, not any of the services in the left column. * "Azure Lighthouse is used for cross- and multi-tenant management." describes Azure Lighthouse, not any of the services in the left column.

Answer 261

A. application data DISCUSSION: The correct answer is A. In a SaaS model, the customer is primarily responsible for providing the application data that is used by the software. The SaaS provider manages the underlying infrastructure, including data storage, compute resources, and the application software itself. Options B, C, and D are all responsibilities of the SaaS provider, not the customer.

Answer 262

Local Network Gateway

Answer 263

The correct answer is the image showing the Microsoft Privacy Statement. The provided reference link and the discussions confirm that the Microsoft Privacy Statement outlines what personal data Microsoft processes, how it's processed, and the purposes for which it's used.

Answer 264

No, No, Yes

Answer 265

* **Azure Synapse Analytics**: Limitless analytics service * **Azure Cosmos DB**: Globally distributed, multi-model database service * **Azure HDInsight**: Provision cloud Hadoop, Spark, R Server, HBase, and Storm clusters

Answer 266

A. A conditional access policy DISCUSSION: The correct answer is A. Conditional Access policies in Azure AD allow you to enforce access controls based on various conditions, including device compliance. By configuring a Conditional Access policy, you can require devices to meet certain security requirements, such as having the latest security patches installed, before granting access to Azure AD-integrated applications. Here's why the other options are incorrect: * **B. Azure Bastion:** Azure Bastion provides secure RDP/SSH access to virtual machines without exposing them to the public internet. It doesn't directly enforce device compliance for application access. * **C. Azure Firewall:** Azure Firewall is a network security service that provides protection against inbound and outbound threats at the network level. It doesn't directly enforce device compliance for application access. * **D. Azure Policy:** Azure Policy helps you enforce organizational standards and assess compliance at scale. While you can use Azure Policy to ensure devices meet certain configuration requirements, it doesn't directly control access to Azure AD-integrated applications based on device compliance status in the same way Conditional Access does.

Answer 267

Yes Yes Yes

Answer 268

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0024300002.jpg)

Answer 269

The correct answer is the image depicting "Azure AD", now known as Microsoft Entra ID. This is because Azure AD (Microsoft Entra ID) provides single sign-on (SSO) services, allowing users to access multiple applications with one username and password. The other options are not directly related to providing single sign-on functionality.

Answer 270

[Image](https://img.examtopics.com/az-900/image637.png) DISCUSSION: The question describes a DDoS attack and the use of Azure DDoS Protection. According to Microsoft documentation, Azure DDoS Protection operates at the perimeter layer to filter large-scale attacks. Therefore, the correct answer is Perimeter layer. Many users in the discussion confirm this with links to Microsoft Learn documentation.

Answer 271

B. No DISCUSSION: The goal is to encrypt administrative credentials during server deployment. Azure Multi-Factor Authentication (MFA) adds an additional layer of security during the authentication process, but it does not encrypt credentials at rest or in transit. A more suitable solution for encrypting and securely storing credentials would be Azure Key Vault. Therefore, the proposed solution does not meet the stated goal.

Answer 272

- A United States government entity. - A United States government contractor. The Azure Government cloud is specifically designed for use by US government entities and their contractors. This ensures that sensitive government data is stored and processed within the United States and meets specific compliance and security requirements.

Answer 273

A. Replacing failed server hardware C. Managing physical server security DISCUSSION: The correct answers are A and C. A. Replacing failed server hardware: Azure handles hardware maintenance and failures in its datacenters, so this becomes Microsoft's responsibility. C. Managing physical server security: Microsoft secures its datacenters, so the customer no longer needs to manage physical security. B. Backing up application data: Backing up application data is still the responsibility of the user, even when using Azure Virtual Machines. D. Updating server operating systems: Updating the OS is still the responsibility of the user with Azure Virtual Machines (IaaS). E. Managing permissions to shared documents: This remains the responsibility of the user.

Answer 274

B. Developer C. Standard D. Professional Direct DISCUSSION: The question asks which Azure support plans allow new support requests to be opened. According to the provided information and discussion, the Basic plan does not allow opening support tickets, and Premier support is no longer available for new customers. Developer, Standard, and Professional Direct plans all allow opening new support requests. * **Developer:** Allows opening new support requests. * **Standard:** Allows opening new support requests. * **Professional Direct:** Allows opening new support requests. * **Basic:** Does not allow opening new support requests. * **Premier:** No longer available for new customers.

Answer 275

A. a subscription DISCUSSION: The first thing you need to create in Azure is a subscription. A subscription provides you with authenticated and authorized access to Azure products and services. Resource groups, virtual networks, and management groups can only be created after a subscription exists. Therefore, option A is the correct answer. Options B, C, and D are incorrect because they all require a subscription to exist first.

Answer 276

The correct order of layers in a defense-in-depth strategy, from outermost to innermost, is: 1. Physical Security 2. Identity and Access 3. Perimeter 4. Network 5. Compute 6. Application 7. Data This layered approach ensures that if one layer is compromised, other layers are in place to provide additional security. * **Physical Security:** This is the first line of defense, controlling physical access to the datacenter. * **Identity and Access:** This layer controls who can access the infrastructure and what they can do. * **Perimeter:** This layer protects the network from external threats, such as DDoS attacks. * **Network:** This layer segments the network and limits communication between resources. * **Compute:** This layer secures access to virtual machines and other compute resources. * **Application:** This layer ensures that applications are secure and free of vulnerabilities. * **Data:** This layer protects the data itself, ensuring its confidentiality, integrity, and availability.

Answer 277

A. Standard DISCUSSION: The correct answer is A. Standard. Here's why: * **Custom Domain:** The Standard plan supports custom domains, allowing the use of miami.weyland.com. * **Multiple Instances:** The Standard plan enables scaling out to multiple instances, fulfilling the requirement for two instances. * **SSL Support:** The Standard plan includes SSL support for secure HTTPS communication. * **Storage:** The Standard plan provides sufficient storage to meet the 12 GB requirement. * **Cost:** While not the cheapest, the Standard plan offers the necessary features, making it the most appropriate choice. Why other options are incorrect: * **B. Basic:** The Basic plan typically offers only 10GB of storage, which does not meet the 12GB requirement. * **C. Free:** The Free plan does not support custom domains or SSL. * **D. Shared:** The Shared plan does not support SSL.

Answer 278

D. Define your strategy. DISCUSSION: The first stage of the Microsoft Cloud Adoption Framework for Azure is "Define your strategy." The mnemonic SPRAGM (Strategy, Plan, Ready, Adopt, Govern, Manage) is a helpful way to remember the order of the stages. Options A, B, and C are all stages in the framework, but they are not the first stage.

Answer 279

Yes Yes Yes **Rationale:** * **Statement 1: Azure Cost Management allows you to view costs associated with management groups.** * **Correct:** Azure Cost Management provides visibility into costs at various scopes, including management groups. * **Statement 2: Azure Cost Management allows you to view costs associated with resource groups.** * **Correct:** Azure Cost Management allows cost tracking at the resource group level. * **Statement 3: Azure Cost Management allows you to view the usage of VMs over a specified period, including the last three months.** * **Correct:** Azure Cost Management offers detailed usage analysis for virtual machines, including historical data.

Answer 280

* No * Yes * No **Explanation:** * **Statement 1: The Archive access tier is set at the storage account level. - NO** The Archive access tier can only be set at the blob level, not at the storage account level. The storage account level can be set to Hot or Cool. * **Statement 2: The Hot access tier is recommended for data that is accessed and modified frequently. - YES** The Hot access tier is designed for data that is accessed and modified frequently. * **Statement 3: The Cool access tier is recommended for long term backups. - NO** The Cool access tier is designed for data that is infrequently accessed and stored for at least 30 days. Archive access tier is more appropriate for long-term backups due to its lower cost, but it has higher latency. The cool access tier is more for short-term backup and disaster recovery.

Answer 281

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0026600002.png)

Answer 282

- Yes - Yes - No **Explanation:** * **Statement 1: Azure Active Directory (Azure AD) can manage on-premises applications.** * **Correct Answer: Yes.** Azure AD can manage on-premises applications using the Application Proxy feature. This allows users to access on-premises web applications from outside the corporate network using Azure AD for authentication. * **Statement 2: Azure AD supports single sign-on (SSO) to cloud applications.** * **Correct Answer: Yes.** Azure AD is a central identity provider that enables SSO to various cloud applications. This means users can use one set of credentials to access multiple cloud applications, improving security and user experience. * **Statement 3: You can join iOS devices directly to Azure AD.** * **Correct Answer: No.** While Windows devices can be joined to Azure AD, iOS and Android devices are generally *registered* with Azure AD (or managed through MDM solutions like Intune that integrate with Azure AD). The term "join" specifically applies to a deeper level of integration primarily used with Windows devices.

Answer 283

B. an Azure Key Vault DISCUSSION: Azure Disk Encryption uses Azure Key Vault to manage encryption keys and secrets. Therefore, an Azure Key Vault must be created before encrypting a virtual machine using Azure Disk Encryption. Option A is incorrect because while a Storage account is necessary for a VM, it's likely already in place and not the first resource needed specifically for disk encryption. Option C is incorrect because Azure Information Protection is not directly involved in Azure Disk Encryption. Option D is incorrect because while an encryption key is needed, the Azure Key Vault is the resource that securely stores and manages the key. You need the Key Vault first before you can create/store the key.

Answer 284

B. an Azure policy DISCUSSION: The question states "You need to create the Azure resource that must be used to meet the policy requirement". The presence of the word "policy" strongly suggests that the answer is "an Azure policy". * **A. a read-only lock:** Read-only locks prevent modification or deletion of resources, but they don't enforce policies. * **C. a management group:** Management groups are used to manage subscriptions, not to enforce specific policies on resources within those subscriptions. * **D. a reservation:** Reservations are used for cost management and do not relate to policy enforcement.

Answer 285

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0026500002.jpg) DISCUSSION: The question is asking about the purpose of playbooks in Azure Sentinel. Based on the provided information and the documentation link, playbooks are used to "automatically respond to threats". They are collections of procedures that automate and orchestrate threat response, and can be triggered automatically by alerts or incidents. The other options are incorrect because: - "Collect and analyze data" is a general function of SIEM systems, but not the primary purpose of playbooks specifically. - "Identify potential threats" is the role of threat detection mechanisms and analytics rules, not playbooks. - "Ensure regulatory compliance" might be an indirect benefit of using playbooks, but it is not their direct or primary purpose.

Answer 286

C. anyone DISCUSSION: The Azure TCO calculator is a public tool available to anyone, regardless of Azure subscription or Azure AD status. Options A, B, and D are therefore incorrect.

Answer 287

B. IP Addresses, Service tags and Application security groups DISCUSSION: The correct answer is B. According to the provided documentation link, a network security group inbound security rule source can be an individual IP address, a CIDR block, a service tag, or an application security group. Options A, C, and D are incorrect because they only list one or two of the possible sources, while the correct answer lists all three.

Answer 288

C. The Microsoft Privacy Statement DISCUSSION: The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes it, and for what purposes. Option A is incorrect because the Data Protection Addendum outlines the obligations of Microsoft and its customers with respect to the processing and security of Customer Data and Personal Data. Option B is incorrect because the Microsoft Online Services Terms describes the terms of use for Microsoft online services. Option D is incorrect because Azure Security Center is a security management tool that helps you prevent, detect, and respond to threats.

Answer 289

No, No, No **Explanation:** * **Statement 1: Not all Azure regions support availability zones.** This is correct. Not all Azure regions have Availability Zones. Some regions are designated as "Alternate" regions and do not support AZs. * **Statement 2: Regions that support availability zones support Linux virtual machines.** This is incorrect. Regions that support Availability Zones support both Linux and Windows virtual machines. * **Statement 3: Availability Zones is a high-availability offering that protects your applications and data from datacenter failures...With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.** This statement is misleading. While the first part accurately describes the purpose of Availability Zones, Availability zones are used to replicate data and applications in the *same* AZ region, not *multiple* regions. The question implies that AZ's protect against multi-regional failure, which is not true. This is better achieved using paired regions. Therefore, the answer is 'No'.

Answer 290

No, Yes, Yes. **Explanation:** * **Statement 1: The Trust Center can only be accessed by Microsoft Employees.** This statement is false. The Microsoft Trust Center is a public-facing website. * **Statement 2: The Trust Center contains audit reports and other compliance-related documents.** This statement is true. The Trust Center provides information about compliance and security offerings across Microsoft products and services. * **Statement 3: To access some resources on the Service Trust Portal, you must sign in as an authenticated user.** This statement is true. Accessing certain resources like compliance materials requires signing in with a Microsoft cloud services account and accepting a non-disclosure agreement.

Answer 291

* Executes Code - Azure Functions * Is Stateful - Azure Logic Apps * Runs only in cloud - Azure Logic Apps **Explanation:** * **Executes Code - Azure Functions:** Azure Functions are designed to execute code in response to events or triggers. * **Is Stateful - Azure Logic Apps:** While Azure Functions can be stateless or stateful (with Durable Functions), Azure Logic Apps are inherently stateful. They maintain state throughout the execution of a workflow. * **Runs only in cloud - Azure Logic Apps:** Azure Functions can be run in various environments, including on-premises, in containers, or in the cloud. Azure Logic Apps, however, are exclusively a cloud-based service.

Answer 292

D. is a distinct separate instance of Microsoft Azure. DISCUSSION: The correct answer is D. Azure China, operated by 21Vianet, is a physically and logically isolated instance of Microsoft Azure specifically designed to comply with Chinese regulations. A is incorrect because Azure China is operated by 21Vianet, not directly by Microsoft. B is incorrect because while Azure China aims for feature parity with Azure Global, there is a known feature parity gap, as stated in the Microsoft documentation. C is incorrect because while Azure China is designed to meet Chinese regulatory requirements, which include data localization, it's an overstatement to say access is restricted to China in the sense that only individuals within China can access it. The primary focus is compliance with local laws regarding data storage and operational control.

Answer 293

No, No, Yes

Answer 294

* Explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. **Microsoft Privacy Statement** * A legal agreement that details the obligations by both parties with respect to the processing and security of customer data and personal data. **Online Services Terms** * Further defines the data processing and security terms for online services. **Data Protection Addendum** The Microsoft Privacy Statement outlines Microsoft's data collection and usage practices. The Online Services Terms (OST) is a legal agreement specifying the obligations of Microsoft and its customers regarding data processing and security. The Data Protection Addendum (DPA) expands upon these terms, focusing on data processing and security details for online services.

Answer 295

Yes, Yes, No **Explanation:** * **Azure PowerShell modules can be installed on MacOS:** This statement is **TRUE**. The Az PowerShell module is cross-platform and can be installed on macOS using package managers like Homebrew or by direct download. * **Azure Cloud Shell can be accessed from a web browser on a Linux computer:** This statement is **TRUE**. Azure Cloud Shell is a browser-based shell accessible from various operating systems, including Linux. * **The Azure portal can only be accessed from Windows:** This statement is **FALSE**. The Azure portal is a web-based console accessible from any modern web browser on any operating system, including Windows, macOS, and Linux. The word "only" makes this statement false.

Answer 296

D. an Azure data center failure DISCUSSION: The correct answer is D. Azure Availability Zones are designed to protect against data center failures by providing redundancy and isolation between different data centers within the same Azure region. While Availability Zones can also mitigate physical server and storage failures, these are less severe than a data center failure, which would impact a broader range of resources and services. An Azure region failure is beyond the scope of what Availability Zones can protect against; region failures are addressed by different disaster recovery strategies, such as Azure paired regions.

Answer 297

While the question is not ideal, the closest answer based on the provided options and the context of Azure Sentinel is **A. adaptive network hardening in Azure Security Center**. Here's why: * **Playbooks (using Azure Logic Apps)** are the primary mechanism for automating responses in Azure Sentinel. However, "Playbooks" or "Azure Logic Apps" is not an option. * **Adaptive network hardening** can be part of an automated response strategy. Although it's more about *prevention* by reducing the attack surface, it can be triggered in response to detected threats. The other options are less directly relevant to automating responses. Here's why the other options are less suitable: * **B. Azure Service Health:** Provides information about the health of Azure services, but it doesn't automate responses to threats within Azure Sentinel. * **C. Azure Monitor workbooks:** Are primarily for visualizing data and creating custom dashboards. They don't directly automate responses. * **D. Adaptive application controls:** Also a preventive control. While helpful, it is less of an immediate automated response to a triggered Sentinel alert than adaptive network hardening might be.

Answer 298

D. The Trust Center is the correct answer. The Microsoft Trust Center provides information about Microsoft's compliance with various global, regional, and industry-specific standards. This allows you to determine if Azure meets the specific regional requirements of your company. A. The Knowledge Center is a general repository of information and doesn't focus specifically on compliance. B. Azure Marketplace is a place to find and deploy third-party solutions and doesn't provide compliance information. C. The MyApps portal is for accessing applications and is not related to compliance.

Answer 299

B. Azure DevTest Labs DISCUSSION: Azure DevTest Labs is designed for quickly creating, using, and managing IaaS virtual machines, using reusable templates and artifacts. This makes it suitable for deploying and removing virtual machines frequently, minimizing administrative overhead. Option A, Azure Reserved Virtual Machine Instances, is a billing option and does not help with deployment and removal. Option C, Azure Virtual Machine Scale Sets, is designed for automatically scaling the number of VMs based on demand and isn't the best fit for intentional, scheduled deployments and removals. Option D, Azure Virtual Desktop, is for providing virtualized desktops and applications, not for managing a fleet of temporary VMs for development purposes.

Answer 300

A. Azure Advisor DISCUSSION: The question asks about identifying underutilized or unused Azure VMs. Azure Advisor analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources. One of its key features is identifying underutilized VMs. Option B, Azure Cost Management + Billing, focuses on analyzing costs and spending, not specifically identifying underutilized VMs, although it can provide data that might indirectly lead to that conclusion. Option C, Azure Reservations, is about pre-purchasing Azure resources to save money and doesn't directly identify underutilized VMs. Option D, Azure Policy, is about enforcing organizational standards and assessing compliance, not identifying underutilized VMs.

Answer 301

C. Azure Marketplace DISCUSSION: The question asks where to *purchase* a third-party virtual appliance for Azure. Azure Marketplace is the correct answer because it is the online store where one can find and purchase such third-party offerings for Azure. A. Azure subscriptions are used to manage access to Azure services and resources, but not to acquire third-party appliances. B. Azure Security Center is a security management tool, not a marketplace. D. Microsoft Store is for applications for Windows devices, not Azure virtual appliances.

Answer 302

A. 0.999 * 0.9999 = 0.9989001 = 99.89001% The composite SLA is calculated by multiplying the SLAs of the individual services. This is because the application is only available if all services are available. Option B is incorrect because it divides the SLAs, which is not the correct way to calculate the composite SLA. Option C is incorrect because it takes the maximum of the SLAs, which would be relevant if the application only needed one of the services to be available. Option D is incorrect because it takes the minimum of the SLAs; while the composite SLA will always be lower than the individual SLAs, simply taking the minimum is not mathematically correct.

Answer 303

* Yes * Yes * No **Explanation:** * **Statement 1: You use Azure Policy to enforce tagging rules and conventions.** * **Correct.** Azure Policy can be used to enforce tagging rules and conventions. This ensures that resources are deployed with the necessary tags, which helps with organization, cost tracking, and compliance. * **Statement 2: Each resource or resource group can have a maximum of 50 tags.** * **Correct.** Azure resources, resource groups, and subscriptions can each have a maximum of 50 tag name-value pairs. * **Statement 3: Tags applied to the resource group or subscription aren't inherited by the resources.** * **Correct.** Resources do not inherit tags from the resource group or subscription they are in. To apply tags from a subscription or resource group to resources, you need to use Azure Policies.

Answer 304

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0031700001.jpg) DISCUSSION: The correct answer is "Locks". Azure Resource Locks are designed to prevent accidental deletion or modification of Azure resources, including resource groups. Applying a lock to the resource group RG1 will prevent accidental deletion of the resources within it. Other settings like Tags, Access control (IAM), or Activity log do not directly prevent resource deletion. Tags are for organization, Access control manages permissions, and Activity log records events.

Answer 305

The correct selections are: * (Maximum Available Minutes – Downtime) / Maximum Available Minutes * x 100 **Explanation:** The formula for calculating monthly uptime percentage is: Monthly Uptime % = (Maximum Available Minutes – Downtime) / Maximum Available Minutes * 100 The other options are incorrect because they do not accurately represent the formula for calculating monthly uptime percentage. Specifically, they are missing the multiplication by 100 to express the result as a percentage. The option "Max Available Mins % Downtime in Mins" isn't mathematically sound and doesn't align with the uptime calculation principles.

Answer 306

* Yes * Yes * No **Explanation:** * **Statement 1:** While 99.9% is a common SLA, it's not the minimum for *all* Azure services. Some services, particularly single instance VMs with standard HDD, have lower SLAs. So, the presence of the word "all" makes the first statement incorrect. * **Statement 2:** Deploying resources across multiple regions increases the SLA by providing redundancy and disaster recovery capabilities. If one region fails, the application can failover to another region, thus minimizing downtime and increasing the overall uptime guarantee. * **Statement 3:** The number of subscriptions does not directly impact the SLA of individual resources. SLAs are tied to the specific services and their configuration, not the subscription they reside in.

Answer 307

B. No DISCUSSION: Modifying a DDoS protection plan will help protect against distributed denial-of-service attacks, but it will not open up HTTP access to the virtual machine. To allow HTTP access from the internet, a Network Security Group (NSG) rule needs to be created to allow inbound traffic on port 80 (HTTP). Therefore, the proposed solution does not meet the goal.

Answer 308

B. Management groups DISCUSSION: The underlined text "Resource groups" is incorrect. Management groups are designed for managing access, policy, and compliance across multiple subscriptions. Resource groups, on the other hand, are logical containers for managing resources within a single subscription. Option A is incorrect because a change is needed. Option C is incorrect because, while Azure Policies are used for compliance, management groups provide the container to manage compliance across multiple subscriptions. Option D is incorrect because Azure App Service plans are for managing web applications and are not related to managing compliance across multiple subscriptions.

Answer 309

A and D. DISCUSSION: The question specifies that there are already Azure virtual machines in an Azure environment. This implies that a virtual network (VNet) may already exist, but that isn't guaranteed. To ensure connectivity between the on-premises network and the Azure VMs, a virtual network and a virtual network gateway are both required resources. * **A. a virtual network gateway:** This is necessary to create a connection between the on-premises network and the Azure virtual network (VNet). It can be a VPN gateway or an ExpressRoute gateway. * **D. a virtual network:** This provides the network in Azure where the VMs reside, and is required for the on-premises network to connect to. The other options are incorrect: * **B. a load balancer:** Load balancers distribute traffic within Azure and are not directly involved in connecting on-premises networks to Azure. * **C. an application gateway:** Application gateways are used for web traffic management and are not required for basic connectivity between on-premises and Azure. * **E. a gateway subnet:** A gateway subnet is a *part* of the virtual network, specifically used to host the virtual network gateway. The question asks about Azure *resources*, and the VNet itself is a necessary resource. The gateway subnet is a configuration *within* the virtual network, not a resource itself.

Answer 310

The correct answer is Disaster recovery. Azure Site Recovery is a service specifically designed for disaster recovery, enabling replication and recovery of VMs to a secondary location. Fault tolerance, while related to high availability, refers to a system's ability to continue operating even if some of its components fail, which isn't the primary function of Azure Site Recovery.

Answer 311

App1: Platform as a service (PaaS) App2: Infrastructure as a service (IaaS) **Explanation:** * **App1 - PaaS:** PaaS allows developers to focus on application development without managing the underlying infrastructure. Since you need to modify the code and minimize OS management, PaaS is the ideal choice. * **App2 - IaaS:** IaaS gives you the most control over the operating system. Because App2 needs to run interactively with the OS, IaaS is the appropriate service model. SaaS is not appropriate for either app. SaaS provides a complete software solution and does not allow the level of control needed to meet the requirements for either App1 or App2. Specifically, you cannot modify the code, nor can you interact with the underlying operating system.

Answer 312

A and D are correct. A. **enables the rapid provisioning of resources:** Cloud computing allows for quick and easy access to computing resources, enabling businesses to scale their infrastructure up or down as needed. D. **shifts capital expenditures (CAPEX) to operating expenditures (OPEX):** Cloud computing shifts the cost model from large upfront investments in hardware and infrastructure (CAPEX) to ongoing operational expenses (OPEX), which can improve cash flow and reduce financial risk. B. is incorrect because cloud computing typically simplifies administrative tasks, rather than increasing complexity, through automation and managed services. C. is incorrect because cloud computing often offers a wider range of configuration options and services than on-premises infrastructure, due to the scale and breadth of cloud provider offerings.

Answer 313

B. infrastructure as a service (IaaS) DISCUSSION: The question states that App1 uses a "legacy database." This implies that the database might have specific requirements or configurations that are not easily supported by higher-level cloud services. * **IaaS** provides the most control over the underlying infrastructure, allowing you to migrate the application and its database with minimal changes. This is the most suitable option for legacy systems where compatibility and control are crucial. * **PaaS** is less suitable because it abstracts away the underlying infrastructure, which might not be compatible with the specific needs of the legacy database. While it's *possible* to connect a PaaS application to a database in IaaS or on-premises, IaaS is the better choice when the app and DB are tightly coupled or require very specific configurations. * **SaaS** is not appropriate because it provides a complete application solution, and you would not be migrating your existing application in that case.

Answer 314

[Image](https://img.examtopics.com/az-900/image638.png) DISCUSSION: The question is asking about which layer Azure DDoS Protection is implemented. Based on the context of defense in depth, Azure DDoS Protection is best categorized as a perimeter security feature as it is designed to defend against large-scale network and transport layer attacks (Layer 3 and Layer 4) and protect the boundary of your network from external threats. The other layers - Physical, Network, Application - are also layers in defense in depth, but DDoS protection is not the primary function of those layers.

Answer 315

Yes, No, Yes **Explanation:** * **Statement 1: Microsoft Defender for Cloud can monitor security vulnerabilities and threats in other cloud environments and on-premises environments.** This statement is TRUE. Microsoft Defender for Cloud is designed to protect not only Azure resources but also on-premises and multi-cloud environments (e.g., AWS, GCP). * **Statement 2: All Microsoft Defender for Cloud features are free.** This statement is FALSE. While Microsoft Defender for Cloud has a free tier that offers basic security posture management, the advanced features and workload protection capabilities require a paid subscription. * **Statement 3: Microsoft Defender for Cloud can create reports for regulatory compliance standards.** This statement is TRUE. Microsoft Defender for Cloud provides the capability to generate and download audit reports for various regulatory compliance standards.

Answer 316

* Yes * Yes * Yes **Explanation:** * **Statement 1:** The Microsoft documentation states, "To access some of the resources on the Service Trust Portal, you must sign in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account). You'll need to review and accept the Microsoft non-disclosure agreement for compliance materials." Therefore, the statement is true. * **Statement 2:** Microsoft Purview Compliance Manager assists in managing multi-cloud compliance requirements. The statement aligns with the description of Compliance Manager. Therefore, the statement is true. * **Statement 3:** The Service Trust Portal provides information about Microsoft's controls and processes for protecting cloud services and customer data. Therefore, the statement is true.

Answer 317

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0008800001.png) DISCUSSION: The correct answer is "hybrid". The scenario describes an application that uses both cloud resources (Azure Web App) and on-premises resources (MS SQL Server). This combination of public and private infrastructure is the definition of a hybrid cloud environment. The other options are incorrect because: * **Private:** A private cloud would mean the entire application and its data reside within an organization's own infrastructure, which isn't the case here due to the Azure Web App. * **Public:** A public cloud would mean the entire application and its data reside on a third-party provider's infrastructure, which isn't the case here due to the on-premises SQL Server.

Answer 318

B. Layer 3

Answer 319

[Image](https://img.examtopics.com/az-900/image647.png) DISCUSSION: The correct answer is to select "Stop" for the virtual machine from the Azure portal. This action deallocates the compute resources, which stops the billing for those resources. Shutting down the machine from within the OS (via RDP session) will not deallocate the resources, and you will continue to be billed for the compute resources. Disconnecting from the RDP session simply closes the connection but leaves the VM running and billing.

Answer 320

D. Azure Advisor Azure Advisor analyzes your resource usage and configurations, and provides personalized recommendations to help optimize your resources for high availability, security, performance, and cost. It is the best tool for comparing your cloud usage to industry standard best practices. Azure Monitor is a monitoring service that collects telemetry data from a variety of sources. Azure Service Health provides information about the health of Azure services. Application Insights is an extension of Azure Monitor and provides application performance monitoring.

Answer 321

D. high availability DISCUSSION: The correct answer is **D. high availability**. High availability refers to a system's ability to remain operational and accessible for a high percentage of time, minimizing downtime. This ensures continuous user access to applications. * **A. agility** refers to the ability to quickly and easily adapt to changing business needs. * **B. scalability** refers to the ability to increase or decrease resources as needed to handle varying workloads. * **C. elasticity** is closely related to scalability but emphasizes the ability to automatically and dynamically adjust resources in real-time based on demand.

Answer 322

D. isolation and segmentation DISCUSSION: The correct answer is D. Azure virtual networks (VNets) provide isolation between different networks and allow for segmentation within a network using subnets. A is incorrect because resource cost analysis is a feature of Azure Cost Management, not specifically VNets. B is incorrect because while you can use tools to perform packet inspection in Azure, it is not an inherent feature of VNets themselves. Network Security Groups (NSGs) can filter traffic, but that is not packet inspection. C is incorrect because while you can design for geo-redundancy using multiple VNets in different regions, VNets themselves are regional resources and do not inherently provide geo-redundancy.

Answer 323

* No * Yes * No **Explanation:** * **Statement 1: "Services in private preview can be viewed in the regular Azure portal. However, you need to be signed up for the feature in private preview before you can view it. Access to private preview features is usually by invitation only." - No** * Private previews often require a separate preview portal or specific access granted by Microsoft, not the regular Azure portal. * **Statement 2: "You can use services in public preview in production environments. However, you should be aware that the service may have faults, is not subject to an SLA and may be withdrawn without notice." - Yes** * While not recommended, it is technically possible to use public preview services in production. Microsoft's documentation states this. * **Statement 3: "Public previews are excluded from SLAs and in some cases, no support is offered." - No** * Public Previews are excluded from SLAs.

Answer 324

D. agility DISCUSSION: The question asks what *enables* a cloud service to adapt quickly to changing requirements. Agility, the ability to react quickly and efficiently to changes, is the most direct answer. Cloud services are designed to allocate and deallocate resources quickly, provisioned on-demand via self-service, which aligns with the concept of agility. A. High availability refers to the service being consistently accessible and operational, but it doesn't directly relate to adapting to changing requirements. B. Predictability implies consistent performance, which is valuable but doesn't necessarily enable quick adaptation to changing requirements. C. Manageability refers to the ease with which the cloud service can be managed, monitored, and maintained, which contributes to overall efficiency, but agility is the more direct enabler of adapting to changing requirements.

Answer 325

A. a virtual network DISCUSSION: A virtual network is essential for an Azure virtual machine to function, as it provides the necessary networking capabilities. While a public IP address allows external access, it is not mandatory. Service endpoints and Azure Firewall are additional security or connectivity options, but not a base requirement. Therefore, the correct answer is A. B is incorrect because a service endpoint provides secure and direct connectivity to Azure services, but isn't required for a VM to function. C is incorrect because Azure Firewall is a network security service, but not a base requirement for a VM to function. D is incorrect because a public IP address is only needed if the VM requires direct internet access. Internal VMs do not need a Public IP.

Answer 326

Yes, Yes, No Azure Functions is a PaaS service, which allows developers to run code without managing the infrastructure. It is also ideal for event-driven code. However, Azure Functions are not suitable for long-running processes due to execution time limits.

Answer 327

Here's the breakdown of the correct matches, based on the provided context: * **Single sign-on (SSO)**: The ability to use the same credentials to access multiple resources and applications from different providers. SSO allows users to authenticate once and access multiple related, but independent, software systems. * **Authorization**: The process of identifying the access level of a user or service. Authorization determines what a user is allowed to do within a system, based on their identity and assigned permissions. * **Multi-factor authentication (MFA)**: Requires several elements to identify a user or a service. MFA enhances security by requiring users to provide multiple verification factors to prove their identity.

Answer 328

B. vertical scaling DISCUSSION: The question asks for the term that describes increasing a VM's capacity by adding memory or CPUs. This is the definition of vertical scaling. * **A. agility:** Agility refers to the ability to respond quickly and adapt to changes, but not specifically to increasing VM capacity. * **B. vertical scaling:** This is the correct answer. Vertical scaling (or scaling up) involves adding more resources (CPU, memory) to an existing virtual machine. * **C. horizontal scaling:** Horizontal scaling (or scaling out) involves adding more virtual machines to a system to distribute the load. * **D. elasticity:** Elasticity is the ability to automatically scale resources (both vertically and horizontally) in response to changing demands. While related to scaling, it's not the specific term for adding resources to a single VM.

Answer 329

No-No-Yes. **Explanation:** * **Statement 1: Cloud computing allows you to use virtualized resources without the need for physical servers on-premises.** This statement is correct. Cloud computing abstracts away the underlying physical infrastructure, allowing users to consume virtualized resources (compute, storage, etc.) without directly managing physical servers. Therefore, the answer is No, because the statement claims this is something cloud computing *allows*, when it is actually a *requirement*. * **Statement 2: You must have Internet connectivity to use cloud computing.** This is generally true for public cloud offerings. However, private clouds and hybrid cloud scenarios may leverage private network connections (e.g., Azure ExpressRoute) that bypass the public internet. Therefore, the statement is not universally true. The answer is No. * **Statement 3: The costs to increase cloud computing capacity are less than the costs to increase the computing capacity of an on-premises datacenter.** This statement is generally true. Cloud computing offers economies of scale, allowing organizations to scale resources up or down as needed without incurring the significant capital expenditures associated with expanding on-premises infrastructure. The answer is Yes.

Answer 330

- Azure Virtual Machines: Provide operating system virtualization - Azure Container Instances: Provide a portable environment for virtualized applications - Azure App Service: Used to build, deploy, and scale web apps - Azure Functions: Provide a platform for serverless code **Explanation:** * **Azure Virtual Machines:** VMs virtualize hardware and provide a complete operating system environment. * **Azure Container Instances:** ACIs offer containerization, which virtualizes the OS, providing a portable environment for running applications. * **Azure App Service:** This service is designed for hosting web applications and APIs, focusing on build, deployment, and scaling. * **Azure Functions:** Azure Functions provide a serverless compute platform, allowing you to run code without managing the underlying infrastructure.

Answer 331

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0027400001.png)

Answer 332

* **Azure Policy** = Restrict resource deployment to specific regions * **Azure Tags** = Identify resource ownership and purpose * **Azure Blueprints** = Deploy a repeatable set of resources that implements and supports an organization's standards, patterns, and requirements

Answer 333

Box: within a single Azure region

Answer 334

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0015500001.png)

Answer 335

D. availability zones DISCUSSION: Availability Zones are physically separate locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. This means that if one datacenter fails, the services in other availability zones will continue to operate. Option A is incorrect because Availability Sets provide redundancy within a single datacenter. If that datacenter fails, the Availability Set will not be available. Option B is incorrect because Proximity Placement Groups are used to reduce latency between VMs, not to provide high availability in case of datacenter failure. Option C is incorrect because Host Groups enable you to deploy your Azure virtual machines on dedicated physical servers. They do not provide protection against datacenter failure.

Answer 336

* No * No * No **Explanation:** * **Statement 1:** The statement "You can assign service administrators and co-administrators in the Azure Portal but there can only be one account administrator" is **false**. While it is true that you can assign service administrators and co-administrators, the part about only one account administrator is correct. Each Azure subscription is limited to one account administrator. * **Statement 2:** The statement "You need an Azure Active Directory account to manage a subscription, not a Microsoft account" is **false**. You can sign up for Azure with either a Microsoft account or an Azure Active Directory (work or school) account. * **Statement 3:** The statement "Resource groups contain multiple Azure subscriptions" is **false**. Resource groups are logical containers *within* a subscription, and a subscription can contain multiple resource groups. The relationship is the reverse of what is stated.

Answer 337

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0008900001.png)

Answer 338

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0039900002.png)

Answer 339

A. hybrid DISCUSSION: The correct answer is A, hybrid. A hybrid cloud computing model combines on-premises infrastructure (private cloud) with public cloud resources. Option B is incorrect because a public cloud is entirely cloud-based and doesn't include on-premises resources. Option C is incorrect because a private cloud is hosted on-premises (or in a dedicated environment) and does not include public cloud resources.

Answer 340

configuring the Saas Solution

Answer 341

C. Azure Marketplace The Azure Marketplace is the correct place to find and purchase third-party virtual appliances for deployment in Azure. A. Azure subscriptions are the containers for your Azure resources, not a marketplace. B. Microsoft Defender for Cloud is a security management tool, not a marketplace for appliances. D. Microsoft Store is for consumer software, not Azure virtual appliances.

Answer 342

D. DISCUSSION: The question specifies securing websites from attacks and generating reports. The keyword "attack" strongly suggests DDoS protection, as it is designed to mitigate Distributed Denial of Service attacks. DDoS Protection also provides mitigation reports. Azure Firewall filters traffic, but the question specifically mentions securing from attacks. NSGs control traffic flow within a network. Azure Information Protection is for data classification and protection.

Answer 343

[Image](https://img.examtopics.com/az-900/image633.png)

Answer 344

- Cloud-based file server -> IaaS - Cloud-based accounting system -> SaaS - Cloud-based custom app -> PaaS **Explanation of Correct Answers:** * **Cloud-based file server -> IaaS:** IaaS (Infrastructure as a Service) provides the infrastructure components necessary for file storage and retrieval, such as servers and storage devices. The user has more control over the operating system, file system, and installed software. * **Cloud-based accounting system -> SaaS:** SaaS (Software as a Service) delivers accounting software as a fully managed service over the internet. Users access the software through a web browser without needing local installation or maintenance. * **Cloud-based custom app -> PaaS:** PaaS (Platform as a Service) offers a platform for developers to build, deploy, and manage custom applications without managing the underlying infrastructure. **Explanation of Incorrect Answers:** The other combinations are incorrect because they don't align with the typical use cases of each cloud service model. For example, using IaaS for a custom app would require managing the entire infrastructure, which PaaS abstracts away. Similarly, using SaaS for a file server would limit the control and customization options available with IaaS.

Answer 345

* Increase the compute capacity of apps in the cloud. **-> Scalability** * Provide a continuous user experience with no apparent downtime. **-> High Availability** * Ensures that users always have the best experience by deploying apps to all the regions where there are users. **-> Geo-Distribution** **Explanation:** * **Scalability:** Refers to the ability to increase or decrease compute resources as needed, allowing applications to handle varying levels of traffic and workload. * **High Availability:** Ensures that applications remain accessible to users even if some components fail. This is achieved through redundancy and failover mechanisms, leading to a continuous user experience without apparent downtime. Note the word "apparent" is important because some downtime may exist, but it is not noticed by the end user. * **Geo-Distribution:** Involves deploying applications and data across multiple geographic regions. This brings applications closer to users, reducing latency and improving performance. It also helps with compliance and disaster recovery.

Answer 346

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0022600001.jpg) DISCUSSION: The question asks which node is used to assign the Reader role, and the correct answer is "Access control (IAM)". The documentation excerpt clearly states "Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources." The Overview blade does not directly facilitate role assignments.

Answer 347

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0039400004.jpg)

Answer 348

A. Each service defines its own SLA DISCUSSION: The correct answer is A. According to the Azure documentation and user feedback, normal service level agreements do not apply during public preview. While the documentation states SLAs do not apply, each service will have its own support during the preview phase. This implies that the SLA is determined by the specific service. Options B, C, and D are incorrect because they specify a fixed SLA percentage, which does not apply to services in public preview.

Answer 349

No, Yes, No **Explanation:** * **Statement 1: No.** The cost of resources like energy can vary from region to region, so prices vary between regions. * **Statement 2: Yes.** This is a benefit of using Azure with an Enterprise Agreement. * **Statement 3: No.** The pricing for third-party solutions in the Azure Marketplace is set by the publishers of those solutions. Microsoft provides the platform for these solutions to be sold, but the vendors themselves are responsible for determining the pricing, subscription models, and terms for their offerings.

Answer 350

* **Agility**: Applications can be deployed, tested and launched rapidly * **Geo-Distribution**: Applications and data can be deployed to multiple regions * **Scalability**: Resources can be provisioned dynamically to meet changing demands The question asks to match cloud computing benefits with their descriptions. The correct matches are: * **Agility** refers to the speed and ease with which resources can be deployed. * **Geo-Distribution** involves deploying applications and data across multiple geographical regions. * **Scalability** is the ability to adjust resources dynamically to meet changing demands.

Answer 351

D. Azure Container Instances E. Azure Kubernetes Service (AKS) DISCUSSION: The correct answers are D and E. * **D. Azure Container Instances (ACI)** is a service that allows you to run Docker containers directly on Azure without managing virtual machines, offering a fast and simple way to run containers. * **E. Azure Kubernetes Service (AKS)** is a managed Kubernetes service that simplifies the deployment and management of containerized applications at scale. Options A, B, and C are incorrect because: * **A. Azure Virtual Desktop** is for desktop and application virtualization. * **B. Azure Virtual Machines** are general-purpose virtual machines, not specifically for container management. * **C. Azure Functions** is a serverless compute service.

Answer 352

[Image](https://img.examtopics.com/az-900/image642.png)

Answer 353

Yes Yes Yes **Explanation:** * **Statement 1: Cloud computing reduces capital expenditures.** This is generally TRUE. Cloud computing shifts costs from upfront capital expenditures (CapEx) to ongoing operational expenditures (OpEx). * **Statement 2: Cloud computing provides the same configuration options as on-premises deployments.** This is generally TRUE. Cloud computing can offer the same configurations as on-premises deployments. * **Statement 3: Cloud computing allows you to scale IT resources to meet changing demand.** This is TRUE. Scalability is a core benefit of cloud computing.

Answer 354

* Yes * No * Yes **Explanation:** * **Statement 1: True.** The Pay-As-You-Go model in Azure bills on a consumption basis, allowing users to start/stop services at any time and pay only for what they use. * **Statement 2: False.** The statement describes characteristics of Capital Expenditures (CapEx), not Return on Investment (ROI). ROI is related to both CapEx and OpEx. * **Statement 3: True.** Operational Expenditures (OpEx) are ongoing costs, and cloud service subscriptions are considered OpEx because the cloud provider handles the infrastructure investment.

Answer 355

A. adding an additional CPU to an existing Azure virtual machine DISCUSSION: Vertical scaling involves increasing the resources (CPU, memory, etc.) of an existing machine. Adding a CPU to an existing Azure virtual machine is a direct example of this. Options B, C, and D describe horizontal scaling, which involves adding more instances of a resource.

Answer 356

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0015700001.png)

Answer 357

storage The question asks what Azure resource continues to incur charges when a VM is stopped (deallocated). The correct answer is "storage" because even when the VM is not running, the storage used by the OS disk and any attached data disks still consumes resources and incurs charges.

Answer 358

The correct answer is the area of the image labeled "Geo-distribution". The text refers to deploying apps and data to regional datacenters around the globe to ensure the best performance for customers in their region. Geo-distribution is the concept that directly addresses this.

Answer 359

- Azure App Service >> Platform as a Service (PaaS) - Azure Virtual Machines >> Infrastructure as a Service (IaaS) - Microsoft Dynamics 365 >> Software as a Service (SaaS) **Explanation:** * **Azure App Service** is a platform for building and deploying web applications, which aligns with the definition of Platform as a Service (PaaS). PaaS provides the environment for developers to build, run, and manage applications without managing the underlying infrastructure. * **Azure Virtual Machines** allows users to create and manage virtual machines in the cloud. This falls under Infrastructure as a Service (IaaS), where users have control over the operating systems, storage, and networking, but the cloud provider manages the underlying infrastructure. * **Microsoft Dynamics 365** is a suite of business applications delivered over the internet. This fits the definition of Software as a Service (SaaS), where users access software applications over the internet, and the provider manages all aspects of the application, including infrastructure and maintenance.

Answer 360

Elasticity

Answer 361

File. The Azure File Sync agent synchronizes data between a Windows Server and an Azure File share. The other options would not logically fit in the context of file synchronization with Azure.

Answer 362

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0016900001.jpg)

Answer 363

1. Locally-redundant storage (LRS) 2. Zone-redundant storage (ZRS) 3. Geo-redundant storage (GRS) The redundancy options, ordered from least to most redundant, are LRS, ZRS, and GRS. * **LRS (Locally-redundant storage):** Replicates your data three times within a single data center. This offers the least redundancy as data is only protected against hardware failures within that data center. * **ZRS (Zone-redundant storage):** Replicates your data across three availability zones in a single region. Availability zones are physically separate locations, so ZRS offers protection against data center failures. * **GRS (Geo-redundant storage):** Replicates your data to a secondary region that is hundreds of miles away from the primary region. This offers the highest level of redundancy, protecting against region-wide disasters.

Answer 364

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0017100001.jpg) DISCUSSION: The question states "Application Insights is a feature of Azure Monitor". The hot area image requires the test taker to select the Azure Monitor logo.

Answer 365

C. Azure DevTest Labs DISCUSSION: The question emphasizes the need to minimize administrative effort for deploying and removing VMs, specifically in a developer environment. Azure DevTest Labs is designed for this purpose, allowing developers to quickly provision and deprovision environments. Option A, Azure Reserved Virtual Machines (VM) Instances, is incorrect because it focuses on cost savings for long-term VM usage, not on simplifying deployment and removal. Option B, Azure virtual machine scale sets, is designed for automatically scaling VMs based on demand, not necessarily for easy deployment and removal in a development/test environment. Option D, Microsoft Managed Desktop, is a service for managing Windows desktops, not for deploying and removing VMs.

Answer 366

Box 1: Yes Box 2: No Box 3: Yes **Explanation:** * **Box 1: Yes** - To manage cloud services through the Azure portal, which is a web-based interface, you need internet connectivity to access the portal. * **Box 2: No** - While management apps can be used, they are not always required. Many cloud services can be managed directly through web browsers, as stated in the reference document. * **Box 3: Yes** - Cloud services, especially those provided by Azure, are designed to be accessible and manageable through any modern web browser, providing flexibility and ease of access for administrators.

Answer 367

D. one Azure firewall The question asks for a solution to limit *inbound* traffic to *all* virtual networks. An Azure Firewall is a centralized, managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection. Option A is incorrect because an application security group (ASG) is used to group virtual machines and apply network security rules based on application, not to limit inbound traffic to all virtual networks. Option B is incorrect because a virtual network gateway is used to connect Azure virtual networks to other Azure virtual networks, on-premises networks, or other cloud networks. It doesn't limit inbound traffic. Option C is incorrect because Azure ExpressRoute circuits are used to create private connections between on-premises infrastructure and Azure datacenters. They do not limit inbound traffic to virtual networks.

Answer 368

Azure Databricks

Answer 369

An Azure region contains one or more data centers that are connected by using a low-latency network. This statement aligns with the definition of an Azure region as a geographical area containing one or more datacenters networked together with low latency. The other options are incorrect because they misrepresent the characteristics or global presence of Azure regions.

Answer 370

C. provides a connection from an on-premises VPN device to an Azure VPN gateway DISCUSSION: The correct answer is C. A Site-to-Site VPN creates a secure connection between an on-premises network and an Azure Virtual Network (VNet) via an Azure VPN Gateway. Option A is incorrect because it describes a Point-to-Site VPN. Option B is incorrect because it describes Azure ExpressRoute.

Answer 371

B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) **Explanation:** The goal is to minimize the impact on users after migrating from an on-premises Active Directory to Azure. * **Option B (Correct):** Synchronizing all Active Directory user accounts to Azure AD allows users to use their existing credentials (username and password) to access resources in Azure. This provides a seamless transition and minimizes disruption. Azure AD Connect is a tool designed for this purpose. * **Option A (Incorrect):** Implementing Azure Multi-Factor Authentication (MFA) adds an extra layer of security but doesn't address the fundamental need to migrate user accounts to Azure AD. While MFA is a good security practice, it's not the primary solution for minimizing user impact during migration. * **Option C (Incorrect):** Instructing all users to change their passwords would create a significant burden on users and increase the risk of forgotten passwords and support calls. It doesn't address the need to migrate the user accounts to Azure AD. * **Option D (Incorrect):** Creating guest user accounts for each user would be impractical and create separate identities for users in Azure AD. This would prevent them from seamlessly accessing resources with their existing credentials and would significantly increase administrative overhead.

Answer 372

- **Provide security Information event management (SIEM) functionality** - Microsoft Sentinel - **Display the secure score for an Azure subscription** - Microsoft Defender for Cloud - **Store passwords for use by Azure Function applications** - Azure Key Vault **Explanation of Correct Answers:** * **Microsoft Sentinel:** As the description states, Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution. * **Microsoft Defender for Cloud:** Defender for Cloud provides a secure score to help you understand your current security posture across your Azure subscriptions. * **Azure Key Vault:** Azure Key Vault is a service designed to securely store secrets, such as passwords, API keys, and certificates, used by applications and services, including Azure Functions.

Answer 373

D. Create a new support request DISCUSSION: The correct answer is D. To increase Azure subscription limits, you should create a new support request. This is the standard procedure for requesting quota increases for Azure services. Option A is incorrect because service health alerts monitor the health of Azure services, not subscription limits. Option B is incorrect because upgrading your support plan does not automatically increase subscription limits; it primarily provides faster response times and additional support features. Option C is incorrect because Azure policies enforce organizational standards and compliance, but do not directly modify subscription limits.

Answer 374

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0017600002.jpg)

Answer 375

* Yes * Yes * Yes **Explanation:** * **Statement 1:** Single sign-on (SSO) indeed allows users to authenticate once and access multiple applications. This simplifies password management and enhances security by reducing the number of credentials users need to manage. Therefore, the statement is true. * **Statement 2:** Authorization is precisely the process of determining the level of access a user has. It defines what resources or actions a user is permitted to access or perform. Therefore, the statement is true. * **Statement 3:** Conditional Access uses signals (various attributes and contextual information about the user and their access attempt) to make access decisions. It then enforces these decisions by either granting or denying access or by requiring MFA. Therefore, the statement is true.

Answer 376

B. role-based access control (RBAC) roles DISCUSSION: The correct answer is B. Role-based access control (RBAC) is the Azure mechanism used to grant permissions to Azure resources, including Azure Virtual Desktop resources. A. Tags are metadata used for organizing and managing Azure resources, not for granting permissions. C. Resource groups are containers for Azure resources, but do not directly grant permissions. Permissions are applied to resources within the resource group using RBAC. D. Application security groups are used to group virtual machines for network security purposes, not for granting permissions to Azure Virtual Desktop resources.

Answer 377

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0024000002.jpg) DISCUSSION: The question refers to using Azure to manage on-premise resources. The content clearly states, "Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform." Therefore, the correct answer is Azure Arc. The incorrect answers relate to Azure AD Connect (for directory synchronization), VPN Gateway (for secure network connections), and Pipeline Agent (for build automation), which are not directly related to the described scenario of managing on-premise resources within Azure.

Answer 378

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0039800002.png) DISCUSSION: The question asks to select the area that completes the sentence related to the Microsoft Online Services Privacy Statement. The provided text states: "Your privacy is important to us. This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes." The correct answer is the area that highlights "processes, how Microsoft processes it, and for what purposes" because it directly relates to explaining Microsoft's handling of personal data as stated in the privacy statement.

Answer 379

- No - Yes - No DISCUSSION: The correct answer is No, Yes, No. * **Azure virtual networks deployed to the same Azure region are connected by default:** This statement is false. Azure Virtual Networks, even within the same region, are isolated by default and need explicit peering or a Virtual Network Gateway to communicate. * **All Azure resources have a name. The name must be unique within a scope:** This statement is true. All Azure resources must have a name, and the name must be unique within a certain scope, which varies based on the resource type (e.g., a virtual network name must be unique within a resource group). * **The Azure virtual network's address space must be unique within a subscription:** This statement is false. You can have multiple virtual networks within the same subscription that have the same address space, as long as they are not peered.

Answer 380

D. three years DISCUSSION: The correct answer is D. Azure Reserved VM Instances can be purchased for a duration of one or three years. Therefore, the longest term available is three years. Option B is incorrect because while there are exceptions that allow for 5-year terms, they are not standard. The question doesn't specify that we should consider those exceptions. Options A and C are incorrect as they are shorter than the maximum available term.

Answer 381

Box 1: No Box 2: Yes Box 3: Yes **Explanation** * **Box 1: No** - The statement says "Easily manage your Azure storage accounts in the cloud, from Windows, macOS, or Linux, using Azure Storage Explorer." This is incorrect because it contains the word "only". Azure Storage Explorer can be used on Windows, macOS, and Linux, but there are other ways to manage Azure storage accounts. * **Box 2: Yes** - "Azure cloud services can be managed in Azure Automation by using the PowerShell cmdlets that are available in the Azure PowerShell tools." This is a true statement. Azure Automation allows you to manage cloud services using PowerShell cmdlets. * **Box 3: Yes** - "You can manage cloud services by using a web browser." This is a true statement. The Azure portal, accessed through a web browser, provides a graphical interface for managing Azure cloud services.

Answer 382

B. Microsoft Sentinel **Explanation:** Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) solution. It provides intelligent security analytics and threat intelligence across the enterprise. * **A. Azure Analysis Services:** This is a platform for data analytics and business intelligence, not SIEM. * **C. Azure Information Protection:** This service focuses on data classification, labeling, and protection, but it is not a SIEM solution. * **D. Azure Cognitive Services:** This provides AI and machine learning capabilities, but it's not designed for SIEM.

Answer 383

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0027200002.png) (Box: collection of policy definitions) DISCUSSION: The question asks to complete the sentence about Azure Policy initiative. The provided text states that an Azure Policy initiative is a collection of Azure Policy definitions. Therefore, the correct answer is the image showing "collection of policy definitions".

Answer 384

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0027500002.png)

Answer 385

Azure Active Directory (Azure AD) **Explanation:** Azure Active Directory (Azure AD) is the correct answer because it provides single sign-on (SSO) capabilities, allowing users to authenticate to multiple applications with one set of credentials. Application Security Groups are for network security, not SSO.

Answer 386

No, Yes, Yes **Explanation:** * **Box 1: No** - Azure creates default rules that *allow* some traffic, not block all traffic. The statement says the rules *allow* traffic, but an NSG blocks all traffic by default. This is contradictory, hence "No". * **Box 2: Yes** - A network security group can indeed contain zero rules (at creation) or as many as desired (within limits), and these rules can reference application security groups (ASGs). * **Box 3: Yes** - Azure creates default inbound and outbound rules in each NSG, which can be seen and modified. These rules handle basic connectivity.

Answer 387

A. Azure Key Vault Azure Key Vault is the correct solution because it is designed to securely store and manage secrets, such as passwords, API keys, and certificates. It allows for encryption of administrative credentials during deployment. Options B, C, and D are incorrect because: * Azure Information Protection focuses on classifying and protecting sensitive documents and emails. * Microsoft Defender for Cloud provides threat protection for cloud resources. * Azure Multi-Factor Authentication (MFA) adds an extra layer of security during user sign-in. None of these services directly address the need to encrypt administrative credentials during server deployment.

Answer 388

network Security group (NSG)

Answer 389

A. 3 DISCUSSION: The correct answer is A. Locally-redundant storage (LRS) replicates your storage account three times within a single data center in the primary region. Options B, C, and D are incorrect because they represent the number of copies used in other Azure Storage redundancy options, or are simply incorrect numbers.

Answer 390

D. Microsoft Defender for Cloud DISCUSSION: The question asks about reviewing the secure score, which is a feature of Microsoft Defender for Cloud. Defender for Cloud continually assesses your resources for security issues and provides a secure score. Option A is incorrect because Azure Monitor is used for collecting and analyzing telemetry data, not for reviewing secure scores. Option B is incorrect because Azure Advisor provides recommendations for optimizing Azure resources, but not security scores. Option C is incorrect because Help + support is a general resource for getting help with Azure, but it does not provide secure score information.

Answer 391

C. Microsoft Defender for Cloud DISCUSSION: The correct answer is C. Microsoft Defender for Cloud continually compares the configuration of your resources with requirements in industry standards, regulations, and benchmarks. It provides tools to assess regulatory compliance by identifying security vulnerabilities and ensuring your cloud environment meets industry standards and regulatory requirements. A is incorrect because Azure Service Health informs you about the health of Azure services. B is incorrect because the Azure Knowledge Center provides general information about Azure. D is incorrect because Azure Advisor provides recommendations to optimize your Azure deployments.

Answer 392

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0033000001.jpg)

Answer 393

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0039600002.png) The selected area contains the text "excluded from SLA". The provided context states that during the Public Preview phase, normal service level agreements do not apply. Therefore, features in Public Preview are "excluded from SLA".

Answer 394

Yes Yes No **Explanation:** * **A company has complete control of the resources and security for its private cloud - Yes:** A private cloud is infrastructure dedicated to a single organization. This gives the company greater control over its resources and security policies compared to a public cloud where resources are shared. While a third party *can* manage the private cloud, the question doesn't specify this is the case, so the *most* likely scenario is the company does have complete control. * **A Hybrid Cloud solution enables a company to control whether its applications run on-premises or in the cloud - Yes:** The key benefit of a hybrid cloud is the flexibility to choose where to run applications. Companies can leverage on-premises infrastructure for sensitive workloads while using the public cloud for less critical or more scalable applications. * **Companies are responsible for capital expenditure when they scale up a virtual machine hosted in a public cloud - No:** Public clouds operate on a pay-as-you-go model. Companies avoid capital expenditure (CapEx) because they only pay for the resources they consume. The cloud provider is responsible for the infrastructure costs.

Answer 395

Azure TCO calculator

Answer 396

The question is incomplete, as the question text and options, and the "hot area" image, are missing. Based on the discussion, the question likely asks to identify **Azure Databricks** in a list of services, or to complete a sentence about Azure Databricks.

Answer 397

A. the Azure portal DISCUSSION: The Azure portal is the most direct and common way to start Azure Cloud Shell. While Azure CLI and PowerShell can be used from within Cloud Shell, they are not used to start Cloud Shell itself. ARM templates are for infrastructure as code and not for launching Cloud Shell.

Answer 398

A. Microsoft Sentinel DISCUSSION: The question asks for a tool to collect and automatically analyze security events from Azure AD. Microsoft Sentinel is a security information and event management (SIEM) and security orchestration, automated response (SOAR) solution that is designed for this purpose. It integrates with Azure AD and other security solutions to provide a unified view of security events and automate threat response. Option B, Azure Synapse Analytics, is a data analytics service for big data and is not specifically designed for security event analysis. Option C, Azure AD Connect, is used to synchronize on-premises Active Directory with Azure AD and doesn't primarily focus on security event analysis. Option D, Azure Key Vault, is a service for securely storing and managing secrets, keys, and certificates, and is not directly related to security event analysis.

Answer 399

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0028400001.png) DISCUSSION: The question asks to complete the sentence regarding the purpose of playbooks in Microsoft Sentinel. The text describes playbooks as collections of procedures that can automate and orchestrate responses to threats. The phrase "automatically respond to threats" accurately reflects this capability. The provided reference link also supports this answer, stating that playbooks can "automatically respond to threats."

Answer 400

Yes Yes No **Explanation:** * **Statement 1: Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment.** * Many users in the discussion claim that Azure Advisor provides recommendations related to Azure AD security, such as enabling MFA. Therefore, the answer is Yes. * **Statement 2: Azure Advisor identifies opportunities to reduce your Azure spending.** * The Azure Advisor documentation states that it helps optimize and reduce overall Azure spending by identifying idle and underutilized resources. So the answer is Yes. * **Statement 3: Azure Advisor provides recommendations on how to configure the network settings on Azure VMs.** * While Azure Advisor gives recommendations for Azure Virtual Machines, it does *not* provide specific recommendations on how to configure network settings on Azure virtual machines. Thus, the answer is No.

Answer 401

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0035500002.jpg) **Explanation:** The image shows the correct answer to be "Public Preview". The provided text states: "Public Preview means that the service is in public beta and can be tried out by anyone with an Azure subscription. Services in public preview are often offered at a discount price. Public previews are excluded from SLAs and in some cases, no support is offered." The other image shows "Private Preview", which is incorrect. Services in private preview are only available to selected people, not generally to the public. The text also mentions "Services in development are not available to the public." and "Services provided under an Enterprise Agreement (EA) subscription are available only to the subscription owner," which are not related to the question.

Answer 402

* No * Yes * Yes **Explanation:** * **Statement 1: A PaaS solution provides access to the operating system.** This is **incorrect**. PaaS abstracts the underlying infrastructure, including the operating system. Users do not have direct access or control over the OS. * **Statement 2: A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically.** This is **correct**. Azure PaaS services, such as Azure App Service, offer autoscaling capabilities to dynamically adjust resources based on demand. * **Statement 3: PaaS provides professional development services to continuously add features to custom applications.** This is **correct**. PaaS provides a framework and tools that developers can use to build, customize, and continuously develop cloud-based applications. PaaS solutions offer pre-coded application components that speed up development.

Answer 403

A. Azure Data Lake D. Azure IoT Hub DISCUSSION: The correct answers are A and D. * **Azure IoT Hub:** This is the central component for connecting, monitoring, and managing IoT devices. Since the scenario involves deploying millions of sensors, IoT Hub is essential for handling the scale and management of these devices. * **Azure Data Lake:** This is a suitable storage solution for the large volumes of data generated by the sensors. Data Lake is designed for storing large amounts of unstructured or semi-structured data, making it ideal for IoT data that may need to be analyzed later. *Incorrect Options:* * **Azure Queue Storage:** While queues can be used in IoT solutions for buffering messages, they are not the primary storage solution for large volumes of data. They are typically used for asynchronous processing and decoupling services. * **Azure File Storage:** Azure File Storage is designed for file shares and is not suitable for the ingestion and storage of high-volume IoT data. * **Azure Notification Hubs:** Notification Hubs are used for sending push notifications to mobile devices and are not relevant to the storage or processing of sensor data.

Answer 404

D. server applications DISCUSSION: The original statement incorrectly states that Azure Key Vault is used to store secrets for Azure AD user accounts. Azure Key Vault is designed to store configuration secrets for server applications, as well as other secrets, keys, and certificates used by applications and services. Option A is incorrect because the statement needs to be corrected. Option B is incorrect because, while Azure Key Vault *could* be used to store secrets for administrative accounts, the best answer is the broader, more common use case. Option C is incorrect because, while PII could potentially be stored *indirectly* using Azure Key Vault by controlling access to it, it is not the *primary* purpose. Option D is correct because Azure Key Vault is primarily used to store configuration secrets for server applications.

Answer 405

B. operational DISCUSSION: The correct answer is B. Operational expenditure (OpEx) represents the ongoing costs of running a business or system. A pay-as-you-go cloud model aligns with OpEx because you only pay for the resources you consume. A. Scalable refers to the ability of a system to handle increasing workloads, not an expenditure model. C. Elastic refers to the ability of a system to automatically adjust resources based on demand, not an expenditure model. D. Capital expenditure (CapEx) refers to upfront investments in fixed assets like hardware, which is not the case with a pay-as-you-go cloud model.

Answer 406

A. Yes Professional Direct support plan provides access to support engineers by both phone and email, thus meeting the stated goal. While there may be cheaper options that also satisfy the requirement, the question only asks if the proposed solution meets the goal, not if it is the most cost-effective solution.

Answer 407

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0035100002.jpg)

Answer 408

* No * Yes * No The first statement is incorrect. A company doesn't *always* have to migrate *from* a private cloud. They could start with a public cloud and then add private cloud resources. The second statement is correct. Public clouds can be used to extend the capacity of an internal network. For example, connecting an on-premise network to a cloud environment using a VPN. The third statement is incorrect. Access to cloud resources is not limited to guest users. Users with accounts in Azure Active Directory (AAD), including those synced from on-premise Active Directory, can also access cloud resources.

Answer 409

Yes, No, Yes **Explanation:** * **Statement 1: Azure provides flexibility between capital expenditure (CapEx) and operational expenditure (OpEx).** This is **correct (Yes)**. Azure offers options like reserved instances (CapEx) and pay-as-you-go (OpEx), providing financial flexibility. * **Statement 2: If you create two Azure virtual machines that use the B2S size, each virtual machine will always generate the same monthly costs.** This is **incorrect (No)**. Even with the same VM size, costs can vary based on factors like data transfer, storage usage (different disk configurations), and actual usage time. * **Statement 3: When an Azure virtual machine is stopped, you continue to pay storage costs associated with the virtual machine.** This is **correct (Yes)**. Stopping a VM stops compute costs, but you still pay for the storage used by the VM's disks.

Answer 410

Azure virtual machines are IaaS (Infrastructure as a Service), and Azure SQL databases are PaaS (Platform as a Service). Therefore, in the image, the top box should be selected in the first column, and the bottom box should be selected in the second column. The correct answer is: [Image](https://www.examtopics.com/assets/media/exam-media/04227/0004100001.jpg) DISCUSSION: Azure virtual machines provide a raw infrastructure where the user manages the operating system, storage, and other components, which is characteristic of IaaS. Azure SQL databases are a managed database service where Azure handles the underlying infrastructure, patching, and backups, which aligns with the PaaS model.

Answer 411

B DISCUSSION: The provided command `az vm create ...` is an Azure CLI command, designed to be executed in a Bash environment or the Azure CLI environment. Although Azure Cloud Shell allows you to choose between PowerShell and Bash, selecting PowerShell means you are in a PowerShell environment. The Azure CLI command will not run natively in PowerShell, and should be run in a Bash environment. Therefore, the solution does not meet the goal.

Answer 412

A. Yes DISCUSSION: Deploying virtual machines across multiple availability zones ensures that if one data center fails, the virtual machines in the other availability zones will remain available, thus meeting the goal of ensuring service availability in the event of a data center failure. Therefore, option A is correct. Option B is incorrect because deploying to availability zones *does* address the stated goal.

Answer 413

B. No DISCUSSION: The question states that the goal is to reduce Azure costs. The proposed solution is to remove unused network interfaces. According to the provided reference and the discussion, unused network interfaces do not incur charges. Therefore, removing them will not reduce Azure costs. Public IP addresses, however, do incur costs, but the proposed solution does not address these.

Answer 414

[Image](https://www.examtopics.com/assets/media/exam-media/04227/0040400001.jpg) DISCUSSION: The question is incomplete and lacks context, but based on the provided discussion, the image selected should depict "NAT rules". The first image likely represents a scenario where NAT is needed (private to public IP translation), and the second image presumably visualizes the NAT rule itself. Therefore, selecting the second image completes the sentence, implying that NAT rules are the correct answer.

Answer 415

No, No, No **Explanation:** * **Statement 1: "Azure Advisor generates a list of virtual machines that ARE protected by Azure Backup." - NO** * Azure Advisor identifies VMs that are *not* protected by Azure Backup, and recommends enabling backup. It does *not* generate a list of VMs that are *already* protected. You can view VMs protected by backup through the Azure Recovery Services Vault. * **Statement 2: "If you implement the security recommendations provided by Azure Advisor, your company's secure score will decrease." - NO** * Implementing security recommendations will *increase* your secure score, as it improves your security posture. * **Statement 3: "You are required to implement the security recommendations provided by Azure Advisor." - NO** * Azure Advisor provides recommendations, but there is no requirement to implement them. They are suggestions to improve your environment.

Answer 416

[Image](https://img.examtopics.com/az-900/image460.png)

Answer 417

A, C, D DISCUSSION: The correct answers are A, C, and D. * **A. the volume of outbound data:** Azure charges for outbound data transfer. The more data that leaves an Azure region, the higher the cost. * **C. the service tier:** Azure services offer different tiers (e.g., Basic, Standard, Premium) with varying features, performance, and costs. Choosing a lower tier can reduce costs. * **D. the Azure region:** The cost of Azure resources can vary between regions due to factors like infrastructure costs, taxes, and currency exchange rates. **Why the other options are incorrect:** * **B. the volume of inbound data:** Inbound data transfer is generally free in Azure. * **E. the type of processed data:** Azure generally does not charge based on the type of data being processed. Costs are typically based on storage used and compute resources consumed, regardless of data type.

Answer 418

No, No, Yes **Explanation:** * **Statement 1: The archive access tier for Azure Storage can be set at the account level.** This statement is **false**. The archive access tier can only be set at the blob level, not at the storage account level. Hot and cool access tiers can be set at the account level, serving as the default tier for newly created blobs without an explicitly defined tier. * **Statement 2: The hot access tier is the least expensive storage option.** This statement is **false**. The archive access tier is the least expensive for storage, while the hot access tier is the most expensive for storage but the least expensive for access. * **Statement 3: Hot, cool, and archive tiers can be set at the blob level.** This statement is **true**. You can change the tier of a blob after it has been created.

Answer 419

D. a service endpoint DISCUSSION: The correct answer is **D. a service endpoint**. Service endpoints provide secure and direct connectivity to Azure services over an optimized route on the Azure backbone network, ensuring traffic from the virtual network to the Azure Storage account does not traverse the public internet. * **A. a network security group (NSG)**: NSGs control inbound and outbound traffic to network interfaces, VMs, and subnets, but they don't inherently prevent traffic from being routed over the internet. They can filter traffic but do not change the routing path. * **B. a public endpoint**: Public endpoints, by definition, expose the storage account to the internet, which is the opposite of the requirement. * **C. Azure VPN Gateway**: Azure VPN Gateway is used to create secure connections between on-premises networks and Azure virtual networks, or between different Azure virtual networks, and is not directly relevant to preventing VNet to Azure Storage traffic from going over the internet.

Answer 420

C. tags DISCUSSION: The correct answer is C, tags. Tags are name-value pairs that you can apply to Azure resources to organize them and to provide metadata. In this scenario, you can use tags to identify the department responsible for the cost of each resource. You can then use Azure Cost Management to generate reports and analyze costs based on these tags. Option A is incorrect because budgets are used to set spending limits for Azure resources, but they don't directly identify which department is responsible for costs. Option B is incorrect because alerts are used to notify you when certain events occur in Azure, such as when a budget is exceeded, but they don't directly identify which department is responsible for costs.

Answer 421

C. budgets DISCUSSION: The question asks about tracking the *costs* of Azure resources. Option A, Azure Quickstart templates, is incorrect because these templates are used for deploying resources, not tracking costs. Option B, tags, is incorrect because while tags can help organize and categorize resources, making it easier to *analyze* costs based on specific criteria, they do not directly track costs. Option C, budgets, is correct because Azure budgets allow you to set spending limits and track your spending against those limits. You can configure alerts to notify you when you are approaching or exceeding your budget. Option D, usage and quotas, is incorrect because while they provide information on resource consumption and service limits, they are not specifically designed for tracking costs.

Answer 422

The correct answer is Azure Active Directory (now Microsoft Entra ID). Azure AD is the identity and access management service used to create and manage user accounts. While you can assign users to subscriptions within the Subscriptions area, you must first create the user account in Azure AD. The question specifically asks about *creating* a new user.

Answer 423

- No - Yes - Yes **Explanation:** * **Statement 1: "Authorization to access Azure resources can be provided only to Azure Active Directory (AD) users." - No** * This statement is incorrect because authorization to access Azure resources can be provided to various entities, including Azure AD groups, service principals, managed identities, and guest users, in addition to Azure AD users. The presence of "only" makes the statement false. * **Statement 2: "Third-party cloud services and on-premises Active Directory cannot be used to access Azure resources." - Yes** * This statement is correct, as federation allows third-party cloud services and on-premises Active Directory to be used to access Azure resources. Federation establishes trust between domains for authentication and authorization. * **Statement 3: "Azure has built-in authentication and authorization services to provide secure access to Azure resources." - Yes** * This statement is correct. Azure Active Directory (Azure AD) serves as a centralized identity provider, offering built-in authentication and authorization services for secure access to Azure resources.

Answer 424

* **Azure Blob Storage** - Provides scalable, cost-efficient object storage in the cloud. Store and access unstructured data for your most demanding workloads. It is configured using tiers. * **Azure Disk Storage** - Designed to be used with Azure Virtual Machines and Azure VMware Solution, offers high-performance, durable block storage for your mission- and business-critical applications. * **Azure Files** - Offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. * **Azure Queue Storage** - A service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. **Explanation of Correct Answers:** * **Azure Blob Storage:** Blob storage is designed for storing large amounts of unstructured data like text or binary data. The description accurately reflects its purpose and tiering capabilities. * **Azure Disk Storage:** Disk storage provides block-level storage for Azure VMs, offering high performance and durability. * **Azure Files:** Azure Files allows you to create file shares in the cloud that can be accessed using standard protocols like SMB and NFS, making it suitable for file sharing between VMs and other services. * **Azure Queue Storage:** Queue storage is a messaging service for storing and retrieving messages. It enables asynchronous communication between application components.

Answer 425

[Image](https://img.examtopics.com/az-900/image472.png)

Answer 426

C. software as a service (SaaS) DISCUSSION: The question asks which cloud service model minimizes the management responsibility of the customer. Option A, infrastructure as a service (IaaS), provides the customer with the most control over the infrastructure, requiring them to manage the operating system, storage, deployed applications, and networking. Therefore, it does not minimize management responsibility. Option B, platform as a service (PaaS), provides a platform for developing, running, and managing applications. The customer manages the applications and data, but the provider manages the underlying infrastructure. While it reduces management responsibility compared to IaaS, it doesn't minimize it to the greatest extent. Option C, software as a service (SaaS), provides the customer with ready-to-use software applications over the internet. The provider manages all aspects of the infrastructure, platform, and application. The customer only needs to use the software. This model minimizes the management responsibility for the customer, making it the correct answer.

Answer 427

The correct answer is the image showing "JSON format": [Image](https://img.examtopics.com/az-900/image480.png) **Explanation:** Azure Resource Manager (ARM) templates, used for infrastructure as code in Azure, are written in JSON (JavaScript Object Notation) format. This format defines the infrastructure and configuration for a project using a declarative syntax.

Answer 428

* **Requirement: Provide a continuous user experience in the event of a resource failure.** should be matched with **High Availability.** * **Requirement: Resources are available in different geographic locations.** should be matched with **Geo-distribution.** * **Requirement: Ability to increase or decrease resources to meet demand.** should be matched with **Scalability.** **Explanation:** * **High Availability:** This ensures that the system remains operational and accessible even if a component fails. Redundancy and failover mechanisms automatically switch to backup components, providing a continuous user experience. * **Geo-distribution:** Distributing resources across different geographic locations ensures availability and reduces latency for users in those regions. * **Scalability:** Cloud resources can be adjusted to meet fluctuating demands. This allows for adding more resources during peak traffic or reducing them during low usage periods, optimizing performance and cost.

Answer 429

B. Azure Blueprints Explanation: Azure Blueprints is designed to enforce organizational standards and compliance. A key feature is its ability to apply resource locks during deployment. If a lock applied by a Blueprint is removed, the Blueprint can automatically reapply it, ensuring that the resources remain protected according to the defined standards. A. Azure Information Protection (AIP) focuses on data classification and protection, not resource locking. C. Azure Backup is a service for backing up and restoring data, not for managing resource locks. D. Azure Advisor provides recommendations for optimizing Azure resources, but it doesn't automatically manage resource locks.

Answer 430

C. Azure Monitor E. Log Analytics DISCUSSION: The correct answers are C and E. * **C. Azure Monitor:** Azure Monitor is a comprehensive monitoring solution that collects data from various sources, including Azure VMs. It provides a central location to analyze and visualize telemetry data. * **E. Log Analytics:** Log Analytics is a feature within Azure Monitor specifically designed for querying and analyzing log data. It allows users to write queries to compare event details collected from multiple VMs. **Why the other options are incorrect:** * **A. Azure Service Health:** Azure Service Health provides information about the health of Azure services, not individual VMs or their event details. * **B. Azure Service Bus:** Azure Service Bus is a messaging service and is not used for monitoring or analyzing event details. * **D. Azure Advisor:** Azure Advisor provides recommendations for optimizing Azure resources, but it's not a tool for collecting or querying event details.

Answer 431

a commitment to performance standards DISCUSSION: The correct answer is "a commitment to performance standards." A Service Level Agreement (SLA) defines the level of service expected by a customer from a service provider, including performance metrics like uptime and availability. It is a commitment by the provider to meet these standards. The other options are incorrect because: * "a minimum monthly charge" is related to pricing, but not the core definition of an SLA. * "a maximum resource allocation" might be part of a service agreement, but it's not the primary definition of an SLA. * "a technology roadmap" describes future technology plans, not current service performance guarantees.

Answer 432

[Image](https://img.examtopics.com/az-900/image462.png)

Answer 433

Predictability

Answer 434

[Image](https://img.examtopics.com/az-900/image464.png)

Answer 435

Yes Yes No **Explanation:** The first statement is true. Premium storage accounts are designed for high-performance Azure virtual machines and offer better performance for file shares compared to standard storage accounts. The second statement is true. Premium storage accounts provide better performance and reliability for block blobs compared to standard storage accounts, and block blobs can store unstructured data up to 4.75 TB. The third statement is false. Premium storage accounts cannot be configured as StorageV2 storage accounts. StorageV2 is a newer generation of General Purpose storage accounts and is not compatible with premium storage which is already optimized for high performance.

Answer 436

Yes Yes No **Explanation:** * **Statement 1: Azure Resource Manager (ARM) templates enable you to implement infrastructure as code for your Azure solutions.** This is **TRUE**. ARM templates allow you to define your infrastructure in a declarative way using code, typically JSON. * **Statement 2: An ARM template can define the infrastructure and configuration for your Azure project.** This is **TRUE**. ARM templates specify the resources to deploy and their configurations. * **Statement 3: You must use a separate ARM template for each Azure resource that you want to deploy.** This is **FALSE**. A single ARM template can define and deploy multiple Azure resources.

Answer 437

[Image](https://img.examtopics.com/az-900/image486.png)

Answer 438

* **VPN Gateway** -> Creates a secure connection between an Azure Virtual Network and an on-premises location over the public Internet. * **ExpressRoute** -> Creates a private connection between an Azure infrastructure and an on-premises location. * **Virtual Network Peering** -> Connects two Azure Virtual Networks.

Answer 439

To create a new Azure file share, you need a Storage Account. You also need a Resource Group to contain the storage account. Therefore, the correct selections are: 1. Resource Groups 2. Storage Accounts

Answer 440

B. Azure Cloud Shell C. the Azure portal **Explanation:** * **B. Azure Cloud Shell:** Azure Cloud Shell is accessible through a browser, and the Azure mobile app provides an interactive, authenticated, browser-accessible terminal for managing Azure resources. Thus, it can be used on an iPhone. * **C. the Azure portal:** The Azure portal is web-based and accessible through any supported browser on any device, including iPhones. * **A. Windows PowerShell:** Windows PowerShell does not natively run on iPhones. * **D. Azure Storage Explorer:** Azure Storage Explorer is primarily for managing Azure Storage resources (blobs, files, queues, tables) and not for managing web app settings.

Answer 441

A. Operational DISCUSSION: The correct answer is A. Operational expenditure (OpEx) is the appropriate expenditure model for a pay-as-you-go Azure subscription. * **A. Operational:** Correct. OpEx refers to the ongoing costs associated with running a business, such as paying for cloud services based on consumption. Azure's pay-as-you-go model aligns with this, as you only pay for the resources you use. * **B. Elastic:** Incorrect. Elasticity is a characteristic of cloud computing, referring to the ability to scale resources up or down as needed. It's not an expenditure model. * **C. Capital:** Incorrect. Capital expenditure (CapEx) involves upfront investments in physical assets, such as servers and hardware. This model is more typical of on-premises data centers. * **D. Scalable:** Incorrect. Scalability, like elasticity, is a characteristic of a system's ability to handle increasing workloads. It's not an expenditure model.

Answer 442

* No * No * No **Explanation:** * **The price of Azure storage varies by region:** The price of Azure storage indeed varies by region, as different regions have different infrastructure costs and demand. Therefore the statement is TRUE, and the correct selection is NO, since the question asks to select YES if the statement is true. * **You are charged for read and write operations in general-purpose v2 storage accounts:** You are charged for read and write operations in general-purpose v2 storage accounts. Therefore the statement is TRUE, and the correct selection is NO, since the question asks to select YES if the statement is true. * **You would be charge for the read operations of the source storage account and write operations in the destination storage account:** You would be charged for both read operations on the source and write operations on the destination storage accounts when transferring data between regions. Therefore the statement is TRUE, and the correct selection is NO, since the question asks to select YES if the statement is true.

Answer 443

The correct answer is to select all three options (Azure CLI, Azure portal, and Azure PowerShell) for each of the operating systems (Windows 10, Ubuntu, and macOS Mojave). * **Azure CLI:** The Azure CLI is cross-platform and can be installed on Windows, Linux (including Ubuntu), and macOS. * **Azure Portal:** The Azure portal is a web-based application accessible from any web browser on any OS. * **Azure PowerShell:** PowerShell Core is also cross-platform and can be installed on Windows, Linux (including Ubuntu), and macOS. The Azure PowerShell module can then be installed.

Answer 444

A. Azure Resource Manager templates DISCUSSION: The question asks for a solution to automate the creation of Azure resources. Option A is correct because Azure Resource Manager (ARM) templates are ideal for deploying and managing infrastructure as code. Since all business units require the same type of Azure resources, an ARM template can be defined once and then reused for each business unit, ensuring consistency and repeatability. Option B is incorrect because virtual machine scale sets are specifically for deploying and managing multiple identical VMs, not for provisioning a variety of different Azure resources. Option C is incorrect because the Azure API Management service is used for managing APIs, not for provisioning general Azure resources. Option D is incorrect because management groups are used for organizing and governing Azure subscriptions, not for automating resource creation.

Answer 445

To achieve a 99.99% availability SLA, the minimum requirement is to deploy two or more virtual machines across two or more Availability Zones within the same Azure region.

Answer 446

D. Premier, Professional Direct, Standard, Developer, and Basic DISCUSSION: The question asks about opening a "new support request" in general, and doesn't specify that it must be a *technical* support request. According to the majority of the discussion and the Azure support plans documentation, all Azure support plans, including Basic, allow you to submit support requests, although the level and type of support available varies. Therefore, the correct answer is D. Options A, B, and C are incorrect because they exclude the Basic support plan, which does allow for opening support requests, particularly for billing and subscription-related issues. Some comments suggest C is correct because Basic doesn't allow *technical* support requests, but the question does not specify this.

Answer 447

B. No Explanation: Deploying virtual machines to multiple resource groups does not provide high availability in the event of a data center failure. Resource groups are logical containers for managing Azure resources but do not provide physical separation or redundancy across data centers. To ensure high availability, you should deploy the virtual machines across Azure Availability Zones or regions.

Answer 448

C. a logic app Explanation: Azure Logic Apps is a serverless computing solution designed for automating workflows, making it suitable for sending email notifications based on rules. It offers built-in connectors for email services and other applications. A web app (Option A) is primarily used for hosting web applications and not ideal for automated workflows. A server image in Azure Marketplace (Option B) requires managing infrastructure, which contradicts the serverless requirement. An API app (Option D) is for building APIs, not necessarily for workflow automation like sending notifications.

Practice Questions - exam-az-900 Flashcards

(486 cards)