Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AZ-900 > Tutorial Dojo Test 1 > Flashcards

Tutorial Dojo Test 1 Flashcards

1
Q

A company is planning to deploy its suite of enterprise applications to Microsoft Azure, where each application has several dependencies and subcomponents. The company must also control and manage the patching activities of the underlying operating system of the servers.

What type of cloud deployment solution should you recommend?

Platform as a Service (PaaS)
Infrastructure as a Service (laaS)
Functions as a service (FaaS)
Software as a Service (SaaS)

A

The correct answer is Infrastructure as a Service (IaaS). This is the best option when a company needs control over the operating system, including managing patching, and wants to deploy applications with complex dependencies and subcomponents. IaaS provides virtual machines, networking, and storage, allowing full control of the OS and the software stack.

The other answers are incorrect because Platform as a Service (PaaS) abstracts away the OS layer, so you wouldn’t manage patching directly. Functions as a Service (FaaS) is a serverless model for running small pieces of code without managing infrastructure or operating systems. Software as a Service (SaaS) provides fully managed applications where you have no control over the underlying OS or patching at all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company is migrating all its applications and data to Microsoft Azure. There is a strict requirement that the Azure environment must only be comprised of platform-as-a-service (PaaS) solutions to minimize the amount of administrative effort in managing the underlying resources.

Solution: Deploy the applications using the Azure App Service and migrate the data to Azure SQL databases.

Does this solution comply with the requirement?

Yes
No

A

The correct answer is Yes. Deploying the applications using Azure App Service and migrating the data to Azure SQL databases fully complies with the requirement to use only platform-as-a-service (PaaS) solutions. Both services are managed by Microsoft, meaning the underlying infrastructure, operating system, and patching are handled for you, significantly reducing administrative overhead.

The answer No would be incorrect because this solution does not involve infrastructure management and fits the goal of using only PaaS components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Azure App Service and Azure Virtual Machines are services that you can use in Azure. For each service, you have to determine its correct type of cloud service model.

Azure Virtual Machines
Azure App Service

Paas
Iaas
Saas

A

Azure Virtual Machines is an Infrastructure as a Service (IaaS) offering because it gives you full control over the operating system and the virtual machine, including patching and configuration.

Azure App Service is a Platform as a Service (PaaS) offering because it allows you to deploy applications without managing the underlying infrastructure or operating system.Azure App Service and Azure Virtual Machines are services that you can use in Azure. For each service, you have to determine its correct type of cloud service model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following are considered vertical scaling in a cloud environment?

Provision additional containers
Increase the number of virtual machines
Provision an additional Azure dedicated host
Increase the CPU and RAM of a virtual machine

A

The correct answer is “Increase the CPU and RAM of a virtual machine.” This is considered vertical scaling, which means increasing the capacity of a single resource (like a VM) by adding more power—such as CPU, RAM, or storage—rather than adding more instances.

The other choices are incorrect because provisioning additional containers, increasing the number of virtual machines, and provisioning an additional Azure dedicated host all represent horizontal scaling, where you add more instances to distribute the workload rather than making a single instance more powerful.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A company wants to migrate to the cloud. The requirement is to have a VPN connection to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel.

What is the most suitable type of VPN connection that you should use?

ExpressRoute Connection
Point-to-Site VPN connection
VNet peering connection
Site-to-Site VPN Connection

A

The correct answer is Site-to-Site VPN Connection, because it is designed for securely connecting an entire on-premises network to an Azure virtual network over an IPsec/IKE VPN tunnel. It establishes a persistent, encrypted connection between your local network and Azure, which is exactly what the requirement describes.

The other options are incorrect because ExpressRoute provides a private connection that does not use the public internet or VPN protocols like IPsec/IKE. Point-to-Site VPN is for connecting individual client devices, not whole networks. VNet peering is used to connect two virtual networks within Azure, not to connect Azure with an on-premises environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Yes or No to each question.

If you edit the Subscription’s IAM and add an Owner role assignment to John’s user, he can now inherit the Contributor’s Role, including the resources.

If you edit the Subscription’s IAM and add a Contributor role assignment to John’s user, he can now manage everything such as granting access to the resources.

If you edit the Subscription’s IAM and add a Reader role assignment to John’s user, he can now view all the resources, but not make any changes.

If you edit the Subscription’s IAM and add a Virtual Machine Contributor role assignment to John’s user, he can now manage virtual machines but not access them, and not the virtual network or storage account they’re connected to.

A

If you edit the Subscription’s IAM and add an Owner role assignment to John’s user, he can now inherit the Contributor’s Role, including the resources. – No.
The Owner role already includes all permissions of the Contributor role plus the ability to manage role assignments. It’s not about “inheriting” the Contributor role; the Owner simply has more privileges.

If you edit the Subscription’s IAM and add a Contributor role assignment to John’s user, he can now manage everything such as granting access to the resources. – No.
The Contributor role allows management of all resources but does not allow assigning roles or granting access to others. That permission is exclusive to the Owner role.

If you edit the Subscription’s IAM and add a Reader role assignment to John’s user, he can now view all the resources, but not make any changes. – Yes.
The Reader role provides read-only access to all resources, meaning John can view but cannot modify any resources.

If you edit the Subscription’s IAM and add a Virtual Machine Contributor role assignment to John’s user, he can now manage virtual machines but not access them, and not the virtual network or storage account they’re connected to. – Yes.
The Virtual Machine Contributor role lets users manage VMs (start, stop, restart, etc.) but not access them via RDP or SSH, nor manage related resources like virtual networks or storage unless separately assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What service enables you to correlate trace events from multiple Azure VMs and other resources into a centralized repository?

Azure Repos
Azure Monitor
Azure Resource Manager
Azure Event Hubs

A

The correct answer is Azure Monitor, because it enables you to collect, analyze, and correlate telemetry data like logs and metrics from multiple Azure VMs and other resources into a centralized repository for observability, performance monitoring, and diagnostics.

The other answers are incorrect because:

Azure Repos is used for source code version control, not telemetry or logging.

Azure Resource Manager is the deployment and management service for Azure, but it doesn’t correlate trace events.

Azure Event Hubs is used to ingest large volumes of data in real time (like telemetry from IoT), but it doesn’t analyze or correlate logs like Azure Monitor does.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which service analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability, and security of your Azure resources?

Azure Advisor
Azure Resource Manager
Azure Information Protection
Compliance Manager

A

The correct answer is Azure Advisor, because it analyzes your resource configuration and usage telemetry and provides personalized recommendations to help you improve cost-effectiveness, performance, reliability, and security of your Azure resources.

The other answers are incorrect because:

Azure Resource Manager is used for deploying and managing Azure resources, not for providing optimization recommendations.

Azure Information Protection focuses on classifying and protecting sensitive data, not on resource configuration or performance.

Compliance Manager helps manage compliance with regulations and standards, not resource optimization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which service enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements?

Azure Advisor
Azure Blueprints
Compliance Manager
Azure Monitor

A

The correct answer is Azure Blueprints, because it enables cloud architects and central IT groups to define a repeatable set of Azure resources—such as role assignments, policies, ARM templates, and resource groups—that adhere to an organization’s standards and requirements.

The other answers are incorrect because:

Azure Advisor provides recommendations for optimizing resources but doesn’t define reusable environments.

Compliance Manager is used to assess and manage regulatory compliance, not to create templates for resource deployment.

Azure Monitor is for collecting, analyzing, and acting on telemetry data from Azure resources, not for setting up resource patterns or standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Your company is currently hosting a web application in an Azure virtual machine.

The application is processing mission-critical workloads.

They plan to reduce the costs by migrating it to a new instance.

Solution: Purchase a reserved instance.

Does the solution meet the goal?

Yes
No

A

Yes, the solution meets the goal.

Purchasing a reserved instance in Azure allows you to save money compared to pay-as-you-go pricing by committing to a one- or three-year term for a virtual machine. Since the application is already hosted in an Azure VM and processes mission-critical workloads, using a reserved instance is a cost-effective solution that does not compromise performance or availability.

So yes, this solution meets the goal of reducing costs while continuing to host the application on a virtual machine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Your company is currently hosting a web application in an Azure virtual machine.

The application is processing mission-critical workloads.

They plan to reduce the costs by migrating it to a new instance.

Solution: Purchase a reserved capacity.

Does the solution meet the goal?

Yes
No

A

No

Azure Reservations help you save money by committing to one-year or three-year plans for multiple products. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs by up to 72% from pay-as-you-go prices. Reservations provide a billing discount and don’t affect the runtime state of your resources. After you purchase a reservation, the discount automatically applies to matching resources.

A reserved capacity is different from a reserved instance. A reserved capacity is mainly used for Azure database services such as Azure SQL Database, Azure Cosmos DB, Azure Synapse Analytics, and Azure Cache for Redis. Also, the scenario stated that the company will migrate to a new instance and not to a reserved capacity.

By purchasing a reserved instance, you can significantly reduce costs up to 72 percent compared to pay-as-you-go pricing. A reserved instance has a one-year or three-year term on Windows and Linux virtual machines. You can pay for a reservation upfront or monthly. The total cost of up-front and monthly reservations is the same, and you don’t pay any extra fees when you choose to pay monthly.

Hence, the correct answer is: No.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What service provides security tokens that you can use for the authentication flow of your cloud-based applications?

Microsoft Entra ID
Azure Key Vault
Microsoft Defender for Cloud
Azure Storage account

A

The correct answer is Microsoft Entra ID (formerly known as Azure Active Directory).

Microsoft Entra ID provides security tokens that are used for authenticating cloud-based applications, enabling secure user and application access through various authentication flows like OAuth, OpenID Connect, and SAML.

The other services are incorrect because:

  • Azure Key Vault is used for managing secrets, keys, and certificates, not for providing security tokens.
  • Microsoft Defender for Cloud is a security management service for monitoring and protecting your cloud resources but does not issue security tokens.
  • Azure Storage account is a service for storing data but does not handle authentication tokens for applications.

So, Microsoft Entra ID is the service that provides the necessary security tokens for authenticating cloud-based applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company needs to implement various security features to its Azure cloud environment. The appropriate Azure services must be used to meet the following security requirements:

Directly monitor the domain controller traffic and detect security threats using a sensor.
Enable Azure Multi-Factor Authentication with conditional access policies for more granular controls.

Which of the following Azure services should you use to satisfy each requirement?

Directly monitor the domain controller traffic and detect security threats using a sensor (XXXXX)
Enable Azure Multi-Factor Authentication with conditional access policies for more granular controls. (XXXXX)

A

To meet the specified security requirements, the correct Azure services are:

  1. Directly monitor the domain controller traffic and detect security threats using a sensor:
    • The appropriate service for this requirement is Microsoft Defender for Identity. It monitors traffic from domain controllers, detects threats, and uses a sensor to analyze the data and identify potential security issues.
    Answer: Microsoft Defender for Identity
  2. Enable Azure Multi-Factor Authentication with conditional access policies for more granular controls:
    • The service to enable Azure Multi-Factor Authentication (MFA) with conditional access policies is Microsoft Entra ID (formerly Azure Active Directory). This service allows you to configure MFA and apply conditional access policies based on various conditions.
    Answer: Microsoft Entra ID

Thus, the correct answers are:
- Microsoft Defender for Identity for monitoring domain controller traffic and detecting security threats.
- Microsoft Entra ID for enabling MFA with conditional access policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

If a resource group has been applied with a CanNotDelete lock, then

the administrator must remove the lock first before it can be deleted.
the administrator can directly delete it without removing the lock
the administrator must modify the associated Azure Policy first before it can be deleted
the administrator must delete the associated CanNotDelete tag first before it can be deleted

A

If a resource group has been applied with a CanNotDelete lock, then:

** The admin must remove the lock before it can be deleted**
No one can delete the resource group or the resources within it, including administrators or users with sufficient permissions. This lock prevents accidental or intentional deletion of the resource group and its resources.
- However, the resources in the locked resource group can still be modified, updated, or scaled. The lock only prevents deletion, not modification or configuration changes.

In summary, the CanNotDelete lock ensures that the resource group and its contents are protected from deletion, but still allows other operations like updates or changes to the resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your company plans to deploy several virtual machines that will host its business-critical application to Azure.
You need to recommend a solution to ensure that if a single data center fails, the application will not be affected.

Solution: Deploy virtual machines to multiple resource groups with the same availability zone.
Does this meet the goal?

Yes
No

A

The answer is No.

Explanation:

Deploying virtual machines (VMs) to multiple resource groups within the same availability zone does not meet the goal of ensuring high availability in case of a data center failure.

  • Availability Zones are designed to provide high availability by distributing resources across multiple physically separate data centers within an Azure region. If VMs are deployed in the same availability zone, they are still located in the same data center, so a failure in that data center could impact all the VMs in that zone.

To meet the goal of ensuring that the application is not affected by a single data center failure, you would need to deploy the virtual machines across multiple availability zones within the same region. This ensures that even if one availability zone (and its corresponding data center) fails, the application will continue to run from the other zones.

Thus, the correct solution would involve deploying virtual machines to multiple availability zones rather than just multiple resource groups within the same zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Your company plans to deploy several virtual machines that will host its business-critical application to Azure.

You need to recommend a solution to ensure that if a single data center fails, the application will not be affected.

Solution: Deploy virtual machines to a scale set in at least two zones.

Does this meet the goal?

No
Yes

A

The answer is Yes.

Explanation:

Deploying virtual machines (VMs) to a scale set in at least two availability zones ensures high availability and fault tolerance.

  • Scale sets automatically distribute VMs across multiple zones within the same region.
  • Availability Zones are physically separated data centers within an Azure region. By placing VMs in different availability zones, you ensure that if one zone or data center fails, the application will continue to run on VMs in the other zone(s), preventing downtime and ensuring application availability.

Therefore, using a scale set across multiple availability zones meets the goal of ensuring that a single data center failure does not affect the business-critical application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Your company plans to deploy several virtual machines that will host its business-critical application to Azure.
You need to recommend a solution to ensure that if a single data center fails, the application will not be affected.
Solution: Deploy virtual machines to multiple subscriptions.
Does this meet the goal?

No
Yes

A

The answer is No.

Explanation:

Deploying virtual machines (VMs) to multiple subscriptions does not inherently provide high availability or fault tolerance across data centers. While it is possible to separate resources across different subscriptions for management purposes, this does not ensure that the application will remain unaffected if a data center fails.

To meet the goal of ensuring the application is not affected by a single data center failure, you would need to deploy the virtual machines across multiple availability zones within the same region, or across regions. This ensures that if a data center (zone) or region goes down, the application can still run on the VMs located in other zones or regions.

Simply using multiple subscriptions does not address the issue of fault tolerance or high availability across data centers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What Azure service should you use if you want your application to have a higher level of availability and to evenly distribute internal traffic across virtual machines within a VNET?

Network Security Group
Application Gateway
Public Load Balancer
Private Load Balancer

A

The correct answer is Private Load Balancer.

Explanation:

A Private Load Balancer is used within a Virtual Network (VNET) to distribute internal traffic across virtual machines (VMs). It helps ensure higher availability by evenly distributing traffic to multiple VMs in a VNET.

  • Network Security Group (NSG): NSGs are used to control inbound and outbound traffic to network interfaces (NICs), VMs, and subnets. They do not perform load balancing.
  • Application Gateway: This is a web traffic load balancer (Layer 7) designed for applications to manage and distribute HTTP/HTTPS traffic. It is used for routing and securing web traffic but not for distributing internal VNET traffic.
  • Public Load Balancer: This is used to distribute traffic to VMs across the internet, but in this scenario, where the need is for internal traffic distribution, a Private Load Balancer would be the correct choice.

So, for internal traffic distribution and high availability within a VNET, you should use a Private Load Balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A news agency company plans to migrate its WordPress application to Azure. As a Support Engineer of the company, you have to suggest a service that can monitor your application, automatically detect performance anomalies, diagnose issues, and understand user behavior.

Which Azure service can do this?

Microsoft Entra Connect
Azure Application Insights
Azure App Service
Azure Application Gateway

A

The correct answer is Azure Application Insights.

Explanation:

  • Azure Application Insights is an Azure service that can monitor the performance, availability, and usage of your applications. It automatically detects performance anomalies, diagnoses issues, and helps you understand user behavior. It’s particularly useful for monitoring and troubleshooting your WordPress application in real-time.
  • Microsoft Entra Connect: This is a service for integrating on-premises directories with Azure AD, so it’s not related to application monitoring.
  • Azure App Service: This is a platform for building and hosting web applications, including WordPress, but it is not primarily a monitoring tool.
  • Azure Application Gateway: This is a web traffic load balancer for managing traffic to your applications, but it does not focus on monitoring application performance or detecting issues.

Thus, Azure Application Insights is the right service for monitoring, detecting performance anomalies, diagnosing issues, and understanding user behavior for your WordPress application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which Azure Service enables various types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the Internet, and on-premises networks?

Microsoft Sentinel
Azure Virtual Network
Public IP
Azure Content Delivery Network (CDN)

A

The correct answer is Azure Virtual Network.

Explanation:

  • Azure Virtual Network (VNet) is the service that enables secure communication between various Azure resources, such as Azure Virtual Machines (VMs), within a private network. It allows resources to communicate with each other securely and provides connectivity to the Internet and on-premises networks.
  • Microsoft Sentinel: This is a security information and event management (SIEM) service, which is used to analyze and detect threats, not for managing communication between Azure resources.
  • Public IP: This provides a static IP address for communication with the Internet, but it doesn’t enable secure communication between Azure resources within a private network.
  • Azure Content Delivery Network (CDN): This is used for distributing content (such as images, videos, etc.) to users globally, but it is not used to secure communication between Azure resources.

Therefore, Azure Virtual Network is the correct answer for enabling secure communication between Azure resources, the Internet, and on-premises networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

The process of verifying the credentials of the user is:

Authentication.
Authorization
Synchronization
Federation

A

The correct answer is Authentication.

Explanation:

  • Authentication is the process of verifying the credentials of a user to ensure they are who they claim to be. This is typically done by checking the user’s username and password, or using other forms of identity verification like multi-factor authentication (MFA).
  • Authorization comes after authentication and refers to granting the user access to specific resources or actions based on their permissions or roles.
  • Synchronization refers to the process of keeping data consistent across different systems, such as syncing user accounts or directories.
  • Federation refers to linking multiple identity systems so that a user can authenticate across different domains or services using a single set of credentials.

So, Authentication is the process of verifying the credentials of a user.

22
Q

Which Azure feature enables organizations to manage the access, policies, and compliance of their resources in Azure across multiple subscriptions.

Azure Policies
Management Groups
Azure Support Plans
Resource Groups

A

The correct answer is Management Groups.

Explanation:

  • Management Groups enable organizations to manage access, policies, and compliance across multiple Azure subscriptions. They allow you to organize subscriptions into a hierarchy for efficient management of resources and compliance policies at scale.
  • Azure Policies are used to enforce organizational standards and to assess compliance across resources in Azure, but they apply at the resource or subscription level.
  • Azure Support Plans provide technical support but are not directly related to managing policies or access.
  • Resource Groups are used to group resources within a subscription for easier management but do not handle access, policies, or compliance across multiple subscriptions.

So, Management Groups are the right feature for managing access, policies, and compliance across multiple Azure subscriptions.

23
Q

Your company is currently hosting a web application in an Azure virtual machine.
The application is processing mission-critical workloads.
They plan to reduce the costs by migrating it to a new instance.

Solution: Launch a new Azure Spot Virtual Machine
Does the solution meet the goal?

No
Yes

A

The correct answer is No.

Explanation:
Azure Spot Virtual Machines are a cost-effective option for running non-critical workloads, as they use unused capacity in Azure’s data centers. However, Spot VMs can be deallocated at any time when Azure needs the capacity back, which makes them unsuitable for mission-critical workloads that require high availability and stability.

For mission-critical workloads, it’s better to use standard Azure Virtual Machines with appropriate service-level agreements (SLAs) to ensure consistent performance and availability. Spot VMs do not provide this level of reliability, so the solution would not meet the goal of reducing costs while maintaining the stability needed for mission-critical applications.

24
Q

Which cloud computing term represents the ability of a system to recover from failures and continue to function?

Agility
Reliability
High availability
Scalability

A

The correct answer is Reliability.

Explanation:
Reliability refers to a system’s ability to consistently perform its intended functions and recover from failures. In the context of cloud computing, it means that a system can handle disruptions and continue to operate effectively.

While high availability is related to minimizing downtime, reliability is a broader concept that includes the ability to recover from failures, not just prevent them.

25
In the Azure Shared Responsibility Model, whose responsibility is it to maintain the application in an Azure virtual machine? Customer Azure Neither Azure nor the customer Both Azure and the customer
The correct answer is **Customer**. Explanation: In the Azure Shared Responsibility Model, the customer is responsible for maintaining and managing the application that runs on Azure virtual machines (VMs). While Azure provides the underlying infrastructure, such as the physical servers, network, and virtualization layers, the customer is responsible for managing the operating system, applications, data, and the overall security of the virtual machine, including updates and patches for the application. So, the customer must ensure that the application is properly maintained, secured, and monitored within the Azure VM.
26
An organization has successfully migrated its SQL Database to Azure and they want to prevent other users in the organization from accidentally deleting or modifying critical resources. What Azure feature should they use? Microsoft Entra ID Azure Policy Azure Resource Manager Locks Azure role-based access control
The correct answer is **Azure Resource Manager Locks**. Explanation: Azure Resource Manager (ARM) Locks allow you to lock resources, resource groups, or subscriptions to prevent accidental deletion or modification. By applying a "CanNotDelete" lock, users will not be able to delete the resource, and by applying a "ReadOnly" lock, users will be able to view the resource but not modify it. This ensures that critical resources, like the SQL Database, cannot be changed or deleted accidentally by other users within the organization. While Azure Policy and Azure role-based access control (RBAC) are important for governance and managing access, ARM Locks specifically prevent accidental deletion or modification of resources.
27
Match the cloud models to their correct definitions. Computing resources used exclusively by one business or organization. Combine on-premises infrastructure, or private clouds, with public clouds so organizations can reap the advantages of both. All hardware, software, and other supporting infrastructure is owned and managed by the cloud provider.
Here are the correct matches for the cloud models to their definitions: 1. **Private Cloud**: *Computing resources used exclusively by one business or organization.* 2. **Hybrid Cloud**: *Combine on-premises infrastructure, or private clouds, with public clouds so organizations can reap the advantages of both.* 3. **Public Cloud**: *All hardware, software, and other supporting infrastructure is owned and managed by the cloud provider.*
28
For each of the following items, choose Yes if the statement is true or choose No if the statement is false. When you delete a virtual machine in Azure, by default, any disks that are attached to the VM are deleted. Azure virtual machines are billed on a per-hour basis. Disks attached to stopped virtual machines do not incur costs.
Here are the correct answers for each statement: **Questions:** 1. **When you delete a virtual machine in Azure, by default, any disks that are attached to the VM are deleted.** **No** (When you delete a virtual machine in Azure, the disks are not deleted by default unless you specifically choose to delete them.) 2. **Azure virtual machines are billed on a per-hour basis.** **Yes** (Azure virtual machines are billed based on the time they are running, typically on a per-minute or per-hour basis, depending on the pricing model.) 3. **Disks attached to stopped virtual machines do not incur costs.** **No** (Even if a virtual machine is stopped, the attached disks continue to incur costs because they are still allocated and storing data.)
29
A company issues MacBooks, Windows laptops, and other types of workstations to its cloud engineers. Which Azure management tools can be used for the following operating systems? Select the correct answer from the drop-down list of options. Each correct selection is worth one point. MacOS Linux Windows Azure Portal, Azure CLI, and Azure PowerShell. Azure Portal and Azure CLI only Azure Portal and Azure CLI only
The correct answers for each operating system are: - **MacOS**: Azure Portal, Azure CLI, and Azure PowerShell. - **Linux**: Azure Portal, Azure CLI, and Azure PowerShell. - **Windows**: Azure Portal, Azure CLI, and Azure PowerShell. All three management tools—Azure Portal, Azure CLI, and Azure PowerShell—are compatible across these operating systems.
30
For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point. Virtual networks deployed in the same resource group can have the same name. The address space for two virtual networks can overlap if you plan on peering them. By default, multiple virtual networks in a resource group can communicate with each other.
Here are the correct answers: - **Virtual networks deployed in the same resource group can have the same name.** **Yes** Virtual networks in the same resource group can have the same name, but they must be in different regions or have different virtual network identifiers. - **The address space for two virtual networks can overlap if you plan on peering them.** **No** The address spaces of two virtual networks must not overlap if you plan on peering them. Overlapping address spaces can cause routing issues. - **By default, multiple virtual networks in a resource group can communicate with each other.** **No** By default, virtual networks in the same resource group cannot communicate with each other unless you configure peering or set up other network routing methods.
31
Match the Azure pricing concepts to the correct description. Estimate the costs of Azure products. Maximizes the value of your existing on-premises Windows Server and/or SQL Server license in Azure. Significantly reduce compute costs with one-year or three-year terms on Windows and Linux virtual machines (VMs). Estimate the cost savings you can realize by migrating your workloads to Azure. Azure Pricing Calculator Azure Hybrid Benefit Azure Reservations Azure TCO Calculator
Here’s the correct match for the Azure pricing concepts: - **Estimate the costs of Azure products.** **Azure Pricing Calculator** - **Maximizes the value of your existing on-premises Windows Server and/or SQL Server license in Azure.** **Azure Hybrid Benefit** - **Significantly reduce compute costs with one-year or three-year terms on Windows and Linux virtual machines (VMs).** **Azure Reservations** - **Estimate the cost savings you can realize by migrating your workloads to Azure.** **Azure TCO Calculator**
32
A company plans to migrate to Azure. Compliance requirements mandate them to have a cloud infrastructure with low latency and high availability to support their business-critical workloads. The appropriate Azure concepts must be taken into consideration during the planning phase. A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. XXXXXXX Unique physical locations within a region. Each is made up of one or more data centers equipped with independent power, cooling, and networking XXXXXXX
Here are the correct Azure concepts that match each description: - **A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.** **Azure Region** - **Unique physical locations within a region. Each is made up of one or more data centers equipped with independent power, cooling, and networking** **Availability Zone**
33
For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point. Microsoft Defender for Cloud can only protect Microsoft Azure workloads. Microsoft Defender for Cloud advanced security management features are enabled by default. Microsoft Defender for Cloud allows you to investigate and respond to a security alert.
Here are the correct answers: **Microsoft Defender for Cloud can only protect Microsoft Azure workloads.** **No** – Microsoft Defender for Cloud can protect not only Azure workloads but also hybrid and multicloud environments, including AWS and Google Cloud. **Microsoft Defender for Cloud advanced security management features are enabled by default.** **No** – Advanced features like enhanced security (Defender plans) must be manually enabled for each subscription or resource. **Microsoft Defender for Cloud allows you to investigate and respond to a security alert.** **Yes** – It provides tools to investigate security alerts and take appropriate actions for mitigation or remediation.
34
Cloud computing is the delivery of computing services over the Internet to offer faster innovation, flexible resources, pay-as-you-go pricing, and economies of scale. over the Internet that needs an upfront cost on physical infrastructure over the Internet and the security of data and identities are entirely managed by the cloud provider over the Internet that allows you to manage the underlying infrastructure
The correct answer is **over the Internet to offer faster innovation, flexible resources, pay-as-you-go pricing, and economies of scale** because this describes the core benefits of cloud computing—agility, scalability, cost-efficiency, and access to global infrastructure. The other answers are incorrect because cloud computing avoids large upfront costs, does not make the provider fully responsible for all security (it's shared), and doesn't always give customers control over the underlying infrastructure unless using IaaS.
35
For each of the following items, choose Yes if the statement is true or choose No if the statement is false. Take note that each correct item is worth one point. You can add or remove a resource to a resource group at any time. Resources can connect to other resources located in another resource group. The region of the resources must be the same as the region where the resource group was created.
You can add or remove a resource to a resource group at any time – Yes. Resources in Azure are flexible and can be added to or removed from a resource group whenever needed, as long as the resource supports being moved. Resources can connect to other resources located in another resource group – Yes. Azure resources are not limited in connectivity by their resource group. As long as network configurations allow it, resources in different groups can interact with each other. The region of the resources must be the same as the region where the resource group was created – No. Resource groups are a logical container and do not require resources within them to be in the same region. You can deploy resources in different regions than the resource group itself.
36
Match the Azure Storage service to its correct description. Shared access that utilizes the Server Message Block (SMB) protocol Structured NoSQL data in the cloud Block-level storage volumes Object store for text and binary data Azure Disks Azure Table Azure Blob Azure Files
Shared access that utilizes the Server Message Block (SMB) protocol – Azure Files. Azure Files provides fully managed file shares in the cloud that can be mounted by machines using the SMB protocol. Structured NoSQL data in the cloud – Azure Table. Azure Table offers a NoSQL key-value store for rapid development using structured datasets that don’t require complex joins. Block-level storage volumes – Azure Disks. Azure Disks are used as durable block storage for Azure virtual machines, similar to hard drives. Object store for text and binary data – Azure Blob. Azure Blob Storage is designed for storing large amounts of unstructured data like documents, images, videos, and backups.
37
You have hundreds of servers hosted in your on-premises environment. You plan to migrate some of the servers to an Azure pay-as-you-go-subscription. Which expenditure model should you use? Azure Reservations Public cloud Capital expenditure Operating expenditure
The correct answer is **Operating expenditure**, because pay-as-you-go cloud services are billed based on usage, meaning you treat the cost as an ongoing operational expense rather than a large upfront investment. The other answers are incorrect because **Azure Reservations** involve prepaying for resources to get a discount, which is more like a capital expenditure. **Public cloud** refers to a deployment model, not an expenditure model. **Capital expenditure** involves large upfront investments in physical infrastructure, which doesn’t apply to the flexible, usage-based nature of Azure pay-as-you-go subscriptions.
38
An organization is migrating its servers to Azure. The organization plans to reduce the following on-premises datacenter responsibilities of its administrators: Patching security vulnerabilities Managing on-premises datacenter security Backup of sensitive data. Managing permissions of its data Procurement of additional server hardware Maintenance of cooling systems Which three responsibilities above should you identify? (Select THREE.)
The correct answers are **Maintenance of cooling systems**, **Managing on-premises datacenter security**, and **Procurement of additional server hardware**, because these are all physical infrastructure responsibilities that shift to Microsoft when moving to Azure. Azure, as a cloud provider, takes care of the physical maintenance, security of datacenters, and hardware procurement. The other answers are incorrect because **Managing permissions of its data**, **Patching security vulnerabilities**, and **Backup of sensitive data** remain the customer’s responsibility under the Azure shared responsibility model. The organization still needs to control who accesses data, secure applications, and manage backups unless they explicitly configure services to handle that.
39
TutorialsDojo is planning to migrate its application servers and database servers hosted on their on-premises datacenter hosted in Manila to Azure. What is the primary benefit of using the public cloud for its servers? Public cloud is used exclusively by a single business or organization. Public cloud is a free shared entity that is crowdfunded by the public and is accessible by everyone. Public cloud is owned by the public and not a private organization or corporation. Public cloud is a shared entity operated by a third-party cloud service provider that various corporations can use.
The correct answer is **Public cloud is a shared entity operated by a third-party cloud service provider that various corporations can use**. The public cloud is a model where resources such as compute, storage, and networking are owned and operated by a third-party provider (e.g., Microsoft Azure, AWS, or Google Cloud), and these resources are shared across multiple customers. The other answers are incorrect because **Public cloud is not exclusive to a single business** (it’s shared by many), **Public cloud is not free or crowdfunded** (it operates on a pay-as-you-go model), and **Public cloud is not owned by the public** but by cloud service providers.
40
Your colleague is working on a project and informed you that he needs RDP access to the server hosted on Azure. He gave you his workstation’s IP address. Where should you whitelist his IP address? Load Balancer Application Security Group Activity Log Network Security Group
The correct answer is **Network Security Group**. A Network Security Group (NSG) is used to control inbound and outbound traffic to Azure resources, including virtual machines. To allow RDP access to the server, you would whitelist the specific IP address (in this case, your colleague’s workstation IP) in the NSG associated with the virtual machine’s network interface or subnet. The other options are incorrect because: - **Load Balancer** is used to distribute traffic across multiple instances, not for access control. - **Application Security Group** is used to group virtual machines for easier application-level network security, but NSG is still where the IP whitelisting occurs. - **Activity Log** is used for monitoring and tracking changes or activities, not for controlling access.
41
You have a storage account and a virtual network in your Azure subscription. You must ensure that the data between the storage account and the virtual network must pass through the Azure backbone network. What should you use? VPN gateway ExpressRoute Service endpoint VNet peering
The correct answer is **Service endpoint**. A service endpoint allows you to extend your virtual network's private address space to Azure services over the Azure backbone network. This ensures that traffic between your storage account and the virtual network remains on the Azure backbone network, thus enhancing security and performance. The other options are incorrect because: - **VPN gateway** is used to connect your on-premises network to Azure over a secure VPN connection, not for connecting Azure services. - **ExpressRoute** provides a private, dedicated connection between your on-premises network and Azure, but it is not specifically used for connecting virtual networks to Azure services like storage. - **VNet peering** connects two virtual networks in Azure, but it doesn't specifically ensure that traffic to Azure services (like a storage account) stays on the Azure backbone network.
42
Your organization has multiple virtual machines in your Azure subscriptions. You need to be able to monitor the CPU and memory usage of your virtual machines and run log queries when needed. Which two Azure services/features should you use? (Select TWO.) Microsoft Cost Management Azure Blueprints Azure Monitor Azure Resource Manager templates Log Analytics Azure Service Health
The correct answers are **Azure Monitor** and **Log Analytics**. **Azure Monitor** is a comprehensive monitoring service that collects, analyzes, and acts on telemetry data from your Azure resources. It provides insights into the performance and health of your virtual machines, including CPU and memory usage, and allows you to set up alerts and monitoring dashboards. **Log Analytics** is a feature within Azure Monitor that collects and analyzes log data from Azure resources. It enables you to run queries to analyze and troubleshoot performance issues, such as CPU and memory utilization, across your virtual machines. The other options are incorrect because: - **Microsoft Cost Management** is focused on tracking and managing Azure costs, not performance metrics. - **Azure Blueprints** helps define a repeatable set of Azure resources, not for monitoring. - **Azure Resource Manager templates** are used for automating the deployment of resources, not for monitoring. - **Azure Service Health** provides alerts and guidance when there are issues affecting Azure services, but it doesn't monitor resource performance like CPU and memory usage.
43
What should you use to track the costs of certain resources located in different resource groups? Metered Pricing Tags Azure Advisor Azure Monitor
The correct answer is **Tags**. **Tags** allow you to categorize and track resources based on various attributes, such as department, project, or environment. By applying tags to resources across different resource groups, you can track the costs associated with specific resources more effectively. Tags are useful for organizing and filtering resources, which enables cost tracking across multiple resource groups. The other options are incorrect because: - **Metered Pricing** refers to the way Azure charges for usage based on the specific resources you consume, but it does not provide a way to track costs across different resources or groups. - **Azure Advisor** provides recommendations to optimize Azure resources for cost, security, reliability, and performance, but it doesn't directly track or manage costs across resource groups. - **Azure Monitor** is used for monitoring the performance and health of Azure resources, but it does not provide direct cost tracking or cost allocation across different resources.
44
When you migrate your static public website to an Azure storage account, you need to ______ pay for the monthly Azure usage. pay for the data to be migrated to Azure provision a site-to-site VPN connection provision an Azure disk for the media assets
The correct answer is **pay for the monthly Azure usage**. When you migrate a static public website to an Azure storage account, you'll typically pay for the monthly usage based on the amount of data stored and the bandwidth consumed for serving the website. Azure storage costs are calculated based on the storage type (e.g., Blob storage) and the amount of data you store and transfer. The other options are incorrect because: - **Pay for the data to be migrated to Azure**: Azure does not typically charge for data migration itself, but you might incur costs based on the amount of data you store after migration. - **Provision a site-to-site VPN connection**: A VPN connection is not necessary for hosting a static website in Azure storage. VPNs are used for secure communication between on-premises networks and Azure, not for hosting static websites. - **Provision an Azure disk for the media assets**: For a static website, using Azure Blob storage is more appropriate than using an Azure disk, as blobs are designed for storing large amounts of unstructured data, like media files.
45
______ is an Azure service that runs code without the need of provisioning and managing a server. Azure Functions. Azure Container Registry Azure Dedicated Host Azure Service Fabric
The correct answer is **Azure Functions**. Azure Functions is a serverless compute service that allows you to run code without having to provision or manage servers. You simply write your code and set it up to trigger on specific events or actions, and Azure Functions handles the scaling and execution of that code automatically. The other options are incorrect because: - **Azure Container Registry**: This is a service for storing and managing container images, not for running code. - **Azure Dedicated Host**: This service provides physical servers in Azure for running virtual machines, but it requires provisioning and management of the infrastructure. - **Azure Service Fabric**: This is a platform for building and managing microservices applications, but it still requires you to manage the infrastructure to some extent.
46
You have been tasked with reducing your organization’s monthly Azure usage. You need to recommend which factors may contribute to reducing the cost of Azure resources. Solution: You recommend limiting the inbound data transfer to your Azure resources. No Yes
The correct answer is **No**. Limiting inbound data transfer does not significantly reduce Azure costs. In Azure, inbound data transfer (data coming into Azure from external sources) is typically free. The costs usually come from outbound data transfer (data leaving Azure to the internet or other locations). To reduce costs, you should focus on optimizing resource usage, selecting appropriate pricing models, reducing outbound data transfer, and using features like Reserved Instances, auto-scaling, or spot VMs where applicable.
47
You have been tasked with reducing your organization’s monthly Azure usage. You need to recommend which factors may contribute to reducing the cost of Azure resources. Solution: You recommend moving your resources to a cheaper Azure region. Yes No
The correct answer is **Yes**. Moving your resources to a cheaper Azure region can help reduce costs. Different Azure regions have different pricing, and selecting a region with lower costs can directly affect your expenses. However, you should also consider factors like latency, compliance, and data residency requirements when choosing a region.
48
You have been tasked with reducing your organization’s monthly Azure usage. You need to recommend which factors may contribute to reducing the cost of Azure resources. Solution: You recommend lowering the size of the Azure resources. No Yes
The correct answer is **Yes**. Lowering the size of Azure resources can contribute to reducing costs. By selecting smaller, more appropriate sizes for your virtual machines, storage, or other resources based on actual usage, you can reduce the amount you are paying for underutilized resources. However, you should ensure that the new sizes still meet the performance and availability requirements of your workloads.
49
Virtual machine scale sets is an example of ____
Virtual machine scale sets are an example of **high availability** in Azure. They provide automatic distribution of virtual machines across multiple fault domains and update domains, ensuring that the application remains available even if one or more virtual machines fail. This ensures continuous operation of your workloads without any downtime, enhancing the reliability of your application.
50
You can mount an Azure file share to your on-premises windows server using the _______ protocol. SMB. FTP SSH RDP
You can mount an Azure file share to your on-premises Windows server using the **SMB** protocol. SMB (Server Message Block) is specifically designed for sharing files over a network, which is exactly what you need for mounting an Azure file share. It allows Windows-based systems to access files and share resources over a network. The other options are incorrect because FTP (File Transfer Protocol) is used for transferring files, not for mounting a share. SSH (Secure Shell) is used for secure remote access to Linux servers, not for mounting file shares. RDP (Remote Desktop Protocol) allows you to access a desktop environment on a remote machine but does not allow for mounting file shares.

AZ-900 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions