Practice Test 2 Flashcards by Don L

Select all features part of Azure AD?

Single sign-on

Smart lockout

Log Alert Rule

Custom banned password list

Device Management

Single Sign-on

Smart Lockout

Custom Banned password list

Device Management

How well did you know this?

Not at all

Perfectly

Which Azure pricing model allows you to pay for compute resources by the second, with no long-term commitment?

Reserved Instances

Spot Pricing

Pay-As-You-Go

Enterprise Agreement

Pay-as-you-go

Explanation
The Pay-As-You-Go pricing model in Azure allows you to pay for compute resources by the second, with no long-term commitment. This model is flexible and ideal for users who want to pay only for what they use without any upfront costs or termination fees.

How well did you know this?

Not at all

Perfectly

What is the concept of Big Data?

A set of Azure services that allow you to use execute code in the cloud but don’t require (or even allow) you to manage the underlying server

A small sensor or other device that constantly sends it’s status and other data to the cloud

An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products

A form of artificial intelligence (AI) that allows systems to automatically learn and improve from experience without being explicitly programmed.

An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products.

Overall explanation

Big Data - a set of open source (Apache Hadoop) products that can do analysis on millions and billions of rows of data; current tools like SQL Server are not good for this scale

How well did you know this?

Not at all

Perfectly

In what way does Multi-Factor Authentication increase the security of a user account?

It requires users to be approved before they can log in for the first time.

It requires the user to possess something like their phone to read an SMS, use a mobile app, or biometric identification.

It requires single sign-on functionality
It doesn’t. Multi-Factor Authentication is more about access and authentication than account security.

It requires the user to possess something like their phone to read an SMS, use a mobile app, or biometric identification.

Overall explanation

MFA requires that the user have access to their mobile phone for using SMS or an app.

How well did you know this?

Not at all

Perfectly

Which of the following is a good example of a Hybrid cloud?

Your code is a mobile app that runs on iOS and Android phones, but it uses a database in the cloud.

Technology that allows you to grow living tissue on top of an exoskeleton, making Terminators impossible to spot among humans.

A server runs in your own environment, but places files in the cloud so that it can extend the amount of storage it has access to.

Your users are inside your corporate network but your applications and data are in the cloud.

A server runs in your own environment, but places files in the cloud so that it can extend the amount of storage it has access to.

Overall explanation

Hybrid Cloud - A mixture between your own private networks and servers, and using the public cloud for some things. Typically used to take advantage of the unlimited, inexpensive growth benefits of the public cloud.

How well did you know this?

Not at all

Perfectly

What is the concept of being able to get your applications and data running in another environment quickly?

Business Continuity / Disaster Recovery (BC/DR)

Azure Blueprint

Reproducible deployments

Azure Devops

Business Continuity / Disaster Recovery (BC/DR)

Overall explanation

Disaster Recovery - the ability to recover from a big failure within an acceptable period of time, with an acceptable amount of data lost

How well did you know this?

Not at all

Perfectly

Which Azure service is the recommended Identity-as-a-Service offering inside Azure?

Identity and Access Management (IAM)

Microsoft Entra ID (formerly Azure Active Directory)

Azure Portal

Azure Front Door

Microsoft Entra ID (Formerly Azure Active Directory)

Overall explanation

Microsoft Entra ID (formerly Azure Active Directory) is the identity service designed for web protocols, that you can use for your applications.

How well did you know this?

Not at all

Perfectly

Which Azure Storage service is best suited for storing unstructured data such as text or binary data?

Azure File Storage

Azure Blob Storage

Azure Queue Storage

Azure Table Storage

Azure Blob Storage

Explanation
Azure Blob Storage is the best choice for storing unstructured data such as text or binary data. It is designed to store large amounts of unstructured data, making it perfect for documents, images, videos, and other file types.

How well did you know this?

Not at all

Perfectly

Approximately how many regions does Azure have around the world?

60+

Overall explanation

There are 60+ Azure regions currently, in 10+ geographies

How well did you know this?

Not at all

Perfectly

You are learning to use the command line to manage your Azure resources. Which of the following commands would you use to log in to your Azure account using Azure CLI?

az login

az account login

az connect

az account connect

az login

Explanation
The correct command to log in to your Azure account using Azure CLI is ‘az login’. This command initiates the login process and prompts you to enter your Azure account credentials to authenticate and access your resources.

How well did you know this?

Not at all

Perfectly

True or false: Azure Cloud Shell allows access to the Bash and Powershell consoles in the Azure Portal

FALSE

TRUE

True

Overall explanation

Cloud Shell - allows access to the Bash and Powershell consoles in the Azure Portal

How well did you know this?

Not at all

Perfectly

Why is a user id and password sometimes not enough to prove someone is who they say they are?

User id and password can be used by anyone such as a co-worker, ex-employee or hacker half-way around the world

Passwords are usually easy to forget

Passwords must be encrypted before being stored

Some people might choose the same user id and password

User id and password can be used by anyone such as a co-worker, ex-employee or hacker half-way around the world

Overall explanation

The truth is that someone can find a way to get a user id and password, even guess it, and that can be used by another person.

How well did you know this?

Not at all

Perfectly

What is the minimum charge for having an Azure Account each month, even if you don’t use any resources?

$200

Negotiated with your enterprise manager

Overall explanation

An Azure account can cost nothing if you don’t use any resources or only use free resources

How well did you know this?

Not at all

Perfectly

What does it mean if a service is in Public Preview mode?

Anyone can use the service but it must not be for production use

The service is generally available for use, and Microsoft will provide support for it

Anyone can use the service for any reason

You have to apply to get selected in order to use that service

Anyone can use the service but it must not be for production use

Overall explanation

Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available

How well did you know this?

Not at all

Perfectly

Which of the following is not a feature of Azure Functions?

Can edit the code right in the Azure Portal using a code editor

Can trigger the function based off of Azure events such as a new file being saved to a storage account blob container

Can possibly cost you nothing as there is a generous free tier

Designed for backend batch applications that are continuously running

Overall explanation

Functions are designed for short pieces of code that start and end quickly.

How well did you know this?

Not at all

Perfectly

What is the concept of paired regions?

Each region in the world has at least one other region in which is shares an extremely high speed connection, and where there is coordinated action by Azure not to do anything that will bring them both down at the same time.

Azure employees in those regions sometimes go on picnics together.

When you deploy your code to one region of the world, it is automatically deployed to the paired region as an emergency backup.

Each region of the world has one other region, usually in a completely separate country and geography, where it makes the most sense to place your backups. Like East US 2 is paired with South Korea.

Overall explanation

Paired regions are usually in the same geo (not always) but are the most logical place to store backups because they have a high speed connection and Azure staggers the service updates to those regions.

How well did you know this?

Not at all

Perfectly

Question 17Incorrect
How many regions does Azure have in Brazil?

Overall explanation

There is 1 region in Brazil.

How well did you know this?

Not at all

Perfectly

Each person has their own user id and password to log into Azure. But how many subscriptions can a single account be associated with?

250 per region

One

No limit

Overall explanation

There is not a limit to the number of subscriptions a single user can be included on.

How well did you know this?

Not at all

Perfectly

Where do you go within the Azure Portal to find all of the third-party virtual machine and other offers?

Bing

Choose an image when creating a VM

Azure mobile app

Azure Marketplace

Overall explanation

Azure Marketplace contains thousands of services you can rent within the cloud

How well did you know this?

Not at all

Perfectly

What is the primary purpose of Microsoft Purview in Azure?

To provide virtual machine scalability and performance monitoring.

To offer a unified data governance solution for managing on-premises, multi-cloud, and SaaS data.

To automate the deployment of infrastructure as code (IaC).
Explanation

Automating the deployment of infrastructure as code (IaC) is not the primary purpose of Microsoft Purview. Purview is more focused on data governance, data discovery, and compliance rather than infrastructure automation.

To enable real-time data analytics and visualization.

To offer a unified data governance solution for managing on-premises, multi-cloud, and SaaS data.

Explanation
While real-time data analytics and visualization are important aspects of data management, they are not the primary purpose of Microsoft Purview. Purview focuses more on data governance, compliance, and data discovery.

How well did you know this?

Not at all

Perfectly

Windows servers use “remote desktop protocol” (RDP) in order for administrators to get access to manage the server. Linux servers use SSH. What is the recommendation for ensuring the security of these protocols?

Do not enable SSH access for Linux servers

Disable RDP access using the Windows Services control panel admin tool

Do not allow public Internet access over the RDP and SSH ports directly to the server. Instead use a secure server like Bastion to control access to the servers behind.

Ensure strong passwords on your Windows admin accounts

Study These Flashcards

Do not allow public Internet access over the RDP and SSH ports directly to the server. Instead use a secure server like Bastion to control access to the servers behind.

Overall explanation

You need to either control access to the RDP and SSH ports to a very specific range of IPs, enable the ports only when you are using it, or use a Bastion server/jump box to protect those servers.

Which tool within Azure is comprised of : Azure Status, Service Health and Resource Health?

Azure Service Health

Azure Dashboard

Azure Advisor

Azure Monitor

Study These Flashcards

Azure Service Health

Overall explanation

Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime

Why is Azure App Services considered Platform as a Service?

You give Azure the code and configuration, and you have no access to the underlying hardware

You can decide on what type of virtual machine it runs - A-series, or D-series, or even H-series

You are responsible for keeping the operating system up to date with the latest patches

Azure App Services is not PaaS, it’s Software as a Service.

Study These Flashcards

You give Azure the code and configuration, and you have no access to the underlying hardware

Overall explanation

You give Azure the code and configuration, and you have no access to the underlying hardware

If you are a US federal, state, local, or tribal government entities and their solution providers, which Azure option should you be looking to register for?

Azure Department of Defence

Azure Public Portal

Azure Government

Azure is not available for government officials

Study These Flashcards

Azure Government

Overall explanation

Hopefully, it’s clear that US Federal, State, Local and Tribal governments can use the US Government portal

What two types of DDoS protection services does Azure provide? Select two. DDoS Advanced Protection DDoS IP Protection DDoS Network Protection DDoS Premium Protection

DDoS IP Protection DDoS Network Protection Overall explanation Azure DDoS Protection offers two types of DDoS protection services: Network Protection protects against volumetric attacks that target the network infrastructure. This type of protection is available for all Azure resources that are deployed in a virtual network. IP Protection protects against volumetric and protocol-based attacks that target specific public IP addresses. This type of protection is available for public IP addresses that are not deployed in a virtual network.

Which of the following scenarios would Azure Policy be a recommended method for enforcement? Add an additional prompt when creating a resource without a specific tag to ask the user if they are really sure they want to continue? Allow only one specific roles of users to have access to a resource group Require a virtual machine to always update to the latest security patches Prevent certain Azure Virtual Machine instance types from being used in a resource group

Prevent certain Azure Virtual Machine instance types from being used in a resource group Overall explanation Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure.

What Azure product allows you to autoscale virtual machines from 1 to 1000 instances, and also provides load balancing services built in? Azure App Services Virtual Machine Scale Sets Application Gateway Azure Virtual Machines

Virtual Machine Scale Sets Overall explanation Virtual Machine Scale Sets - these are a set of identical virtual machines (from 1 to 1000 instances) that are designed to auto-scale up and down based on user demand; IaaS

How do you get access to services in Private Preview mode? You must apply to use them. You must agree to a terms of use first. You cannot use private preview services. They are available in the marketplace. You simply use them.

You must apply to use them Overall explanation Private Preview means you must apply to use them.

What does ARM stand for in Azure? Advanced RISC Machine Azure Resource Manager Availability, Reliability, Maintainability Account Resource Manager

Azure Resource Manager Overall explanation Azure Resource Manager (ARM) - this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, powershell or the SDK, the Azure Resource Manager takes those commands and executes them

Within the context of privacy and compliance, what does the acronym ISO stand for, in English? Information Systems Officer Intelligence and Security Office Instead of International Organization for Standardization

International Organization for Standardization Overall explanation ISO is a standards body, International Organization for Standardization

What database service is specifically designed to be extremely fast in responding to requests for small amounts of data (called low latency)? SQL Server in a VM SQL Data Warehouse SQL Database Cosmos DB

Cosmos DB Overall explanation Cosmos DB - extremely low latency (fast) storage designed for smaller pieces of data quickly; SaaS

Which of the following elements is considered part of the "perimeter" layer of security? Keep operating systems up to date with patches Separate servers into distinct subnets by role Locks on the data center doors Use a firewall

Use a firewall Overall explanation Firewall is part of the perimeter security

What Azure resource allows you to evenly split traffic coming in and direct it to several identical virtual machines to do the work and respond to the request? Azure Logic Apps Virtual Network Azure App Services Load Balancer or Application Gateway

Load Balancer or Application Gateway Overall explanation This is the core feature of either a Load Balancer or Application Gateway

Which of the following cloud computing models requires the highest level of involvement in maintaining the operating system and file system by the customer? FaaS IaaS SaaS PaaS

Iaas Overall explanation IaaS or Infrastructure as a service requires you to keep your OS patched, close ports, and generally protect your own server

Which of the following is not an example of Infrastructure as a Service? Virtual Machine Scale Sets Virtual Machine Azure SQL Database Virtual Network SQL Server in a VM

Azure SQL Database Overall explanation With Azure SQL Database, the infrastructure is not in your control

Select the way(s) to increase the security of a traditional user id and password system? Require users to change their passwords more frequently. Require longer and more complex passwords. Use multi-factor authentication which requires an additional device (something you have) to verify identity. Do not allow users to log into an application except using a company registered device.

Require users to change their passwords more frequently. Require longer and more complex passwords. Use multi-factor authentication which requires an additional device (something you have) to verify identity. Do not allow users to log into an application except using a company registered device. Overall explanation All of these are ways to increase the security on an account.

What is a benefit of economies of scale? Big companies don't need to make a profit on every sale Prices of cloud servers and services are always going down. It'll be cheaper next year than it is this year. The more you buy of something, the cheaper it is for you Big companies don't need to make a profit on the first product they sell you, because they will make a profit on the second

The more you buy of something, the cheaper it is for you Overall explanation Economies of Scale - the more of an item that you buy, the cheaper it is per unit

What is the primary purpose of Azure Regions in Microsoft Azure? To provide physical data centers in specific geographic locations for hosting Azure services. To automate the deployment of applications using Infrastructure as Code (IaC). To monitor and optimize the performance of virtual machines. To manage user access and permissions for Azure resources.

To provide physical data centers in specific geographic locations for hosting Azure services. Explanation Azure Regions are physical locations around the world where Microsoft Azure data centers are located. These regions provide geographic diversity and redundancy, allowing users to host their Azure services in specific locations for data residency, compliance, and low-latency access reasons.

Besides Azure Service Health, where else can you find out any issues that affect the Azure global network that affect you? Azure will email you Install the Azure app on your phone Azure Updates Blog Each Virtual Machine has a Resource Health blade

Each Virtual Machine has a Resource Health blade Overall explanation Each Virtual Machine has a Resource Health blade

What would be a good reason to have multiple Azure subscriptions? There is one person/credit card paying for resources, but many people who have accounts in Azure, and you need to separate out resources between clients so that there is absolutely no chance of resources being exposed between them. There is one person/credit card paying for resources, and only one person who logs into Azure to manage the resources, but you want to be able to know which resources are used for which client project.

There is one person/credit card paying for resources, but many people who have accounts in Azure, and you need to separate out resources between clients so that there is absolutely no chance of resources being exposed between them. Overall explanation Having multiple subscriptions can technically be done for any reason, but it only makes sense if you have to separate billing directly, or have actual clients logging into the Portal to manage their resources.

What is the service level agreement for two or more Azure Virtual Machines that have been manually placed into different Availability Zones in the same region? 99.99% 100% 99.95% 99.90%

99.99% Overall explanation 99.99%

Which of the following is considered a downside to using Capital Expenditure (CapEx)? You are not guaranteed to make a profit You can deduct expenses as they occur It does not require a lot of up front money You must wait over a period of years to depreciate that investment on your taxes

You must wait over a period of years to depreciate that investment on your taxes Overall explanation One of the downsides of CapEx is that the money invested cannot be deducted immediately from your taxesOverall explanation

What is the Azure SLA for two or more Virtual Machines in an Availability Set? 99.95% 100% 99.90% 99.99%

99.95% Overall explanation 99.95%

What types of files can a Content Delivery Network speed up the delivery of? Images JavaScript files PDFs Videos

Images JavaScript files PDFs Videos Overall explanation All of them. Any static file that doesn't change.

What is the benefit of using a command line tool like Powershell or CLI as opposed to the Azure portal? Automation Quicker to deploy VMs Cheaper

Automation Overall explanation The real benefit is automation. Being able to write a script to do something is better than having to do it manually each time.

Which free Azure security service checks all traffic traveling over a subnet against a set of rules before allowing it in, or out. Azure DDoS Protection Network Security Group Azure Firewall Advanced Threat Protection (ARP)

Network Security Group Overall explanation Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network

Application Gateway contains what additional optional security feature over a regular Load Balancer? Azure AD Advanced Information Protection Advanced DDoS Protection Web Application Firewall (or WAF) Multi-Factor Authentication

Web Application Firewall (or WAF) Overall explanation Application Gateways also comes with an optional Web Application Firewall (or WAF) as a security benefit

What is the concept of Availability? A system that can scale up and scale down depending on customer demand A system that has a single point of failure A system must have 100% uptime to be considered available The percentage of time a system responds properly to requests, expressed as a percentage over time

The percentage of time a system responds properly to requests, expressed as a percentage over time Overall explanation Availability - what percentage of time does a system respond properly to requests, expressed as a percentage over time

What does it mean if a service is in General Availability (GA) mode? Anyone can use the service but it must not be for production use Anyone can use the service for any reason The service has now reached public preview, and Microsoft will provide support for it You have to apply to get selected in order to use that service

Anyone can use the service for any reason Overall explanation Anyone can use a GA service. It is fully supported and can be used for production.

Which Azure pricing option provides significant discounts for committing to a specific amount of resource usage for a 1-year or 3-year term? Reserved Instances Pay-As-You-Go Spot Pricing Free Tier

Reserved Instances Explanation Reserved Instances is the correct choice as it provides significant discounts for committing to a specific amount of resource usage for a 1-year or 3-year term. By committing to a reservation, you can save costs compared to Pay-As-You-Go pricing for the same resources.

Practice Test 2 Flashcards

(50 cards)