Tutorial Dojo Test 3 Flashcards
A company is migrating all its applications and data to Microsoft Azure. There is a strict requirement that the Azure environment must only be comprised of platform-as-a-service (PaaS) solutions to minimize the amount of administrative effort in managing the underlying resources.
Solution: Deploy the applications using Azure Storage accounts and Azure App Service.
Does this solution comply with the requirement?
Yes
No
The correct answer is Yes, because Azure App Service is a platform-as-a-service (PaaS) offering that allows you to host web applications without managing the underlying server infrastructure, and Azure Storage is a fully managed service for storing data, also falling under PaaS.
The other possible answer, No, is incorrect because both Azure App Service and Azure Storage meet the definition of PaaS and minimize the administrative overhead that comes with managing virtual machines or other infrastructure components.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
ARM templates are deployed using JSON files.
ARM templates does not allow you to declare variables.
ARM templates allows you to export the templates.
ARM templates are deployed using JSON files, so the answer is Yes.
ARM templates do allow you to declare variables to simplify and reuse values within the template, so the answer to “ARM templates does not allow you to declare variables” is No.
ARM templates allow you to export the templates from existing resources in Azure to use them later for redeployment or modification, so the answer is Yes.
Which of the following lets you extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider?
Azure Private Link
Azure ExpressRoute
Azure Content Delivery Network (CDN)
Azure Virtual WAN
The correct answer is Azure ExpressRoute, because it allows you to extend your on-premises networks into the Microsoft cloud over a private, dedicated connection provided by a connectivity provider, bypassing the public internet for better security and reliability.
The other answers are incorrect because Azure Private Link is mainly used to privately access Azure services over the Microsoft backbone network without exposing them to the internet, Azure Content Delivery Network (CDN) is designed for delivering content faster to users by caching it closer to them, and Azure Virtual WAN is a networking service that connects branch offices and remote users but not specifically through a private connection like ExpressRoute does.
A company has a resource group named TutorialsDojoRG and an Azure virtual network named TutorialsDojoVNET. A new Azure policy has been assigned to TutorialsDojoRG stipulating that any virtual network resource type is not allowed in the resource group. The existing TutorialsDojoVNET virtual network will
continue to work properly.
be automatically deleted after a few minutes
be deleted after 24 hours
be moved to the default resource group
The correct answer is continue to work properly, because Azure Policy prevents new resources that violate the policy from being created, but it does not automatically delete or modify existing resources that were created before the policy was applied.
The other answers are incorrect because Azure Policy does not automatically delete resources after a few minutes or 24 hours, and it does not move resources to a default resource group; it only blocks non-compliant new resources and can optionally report on or remediate existing ones if specifically configured.
You manage an application that operates across geo-clustered sites, requiring high availability and data redundancy. To ensure data durability and protection against regional failures, an Azure storage account is configured to use geo-zone-redundant storage (GZRS). This storage redundancy option replicates data across multiple availability zones within the primary region and asynchronously replicates it to a secondary region.
How many copies of data will be maintained by the Azure storage account that uses geo-zone-redundant storage (GZRS) at the minimum?
3 copies
2 copies
9 copies
6 copies
The correct answer is 6 copies, because Geo-Zone-Redundant Storage (GZRS) maintains three copies of your data across multiple availability zones within the primary region and then asynchronously replicates another three copies to a secondary region. This ensures durability and high availability even in case of a full regional outage.
The other answers are incorrect because 2 copies would not provide zone and regional redundancy, 3 copies would only cover a single region without secondary replication, and 9 copies is too many for the standard GZRS configuration.
You have an application running in the cloud. What service should you use to make routing decisions based on additional attributes of an HTTP request such as its URI path or host headers?
Azure Application Gateway
Azure App Service
Azure Application Insights
Microsoft Entra Connect
The correct answer is Azure Application Gateway, because it is a web traffic load balancer that can make routing decisions based on attributes like the URI path or host headers. This is known as application layer (OSI Layer 7) routing, and it’s exactly what Application Gateway is designed to handle.
The other answers are incorrect because Azure App Service is a platform for hosting web apps but does not handle advanced traffic routing, Azure Application Insights is a monitoring tool for tracking application performance, and Microsoft Entra Connect is used for syncing on-premises directories with Microsoft Entra ID (formerly Azure Active Directory), not for traffic routing.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
You can recover deleted data within Azure storage accounts that have versioning enabled.
Data uploaded to an Azure storage account is automatically replicated to another region
Data uploaded to an Azure storage account is only copied once within a single physical location in the primary region
The first statement is Yes, because if versioning is enabled on an Azure storage account, you can recover deleted or previous versions of the data.
The second statement is No, because by default, data uploaded to an Azure storage account is only replicated within the primary region unless you configure it for geo-redundant storage (GRS or GZRS) to replicate to another region.
The third statement is No, because even with the default locally redundant storage (LRS), Azure still keeps three copies of the data within a single physical location in the primary region, not just a single copy.
Which Azure service is application insights a feature of?
Azure Service Health
Azure Advisor
Azure Resource Manager templates
Azure Monitor
The correct answer is Azure Monitor, because Application Insights is a feature within Azure Monitor that helps you monitor the performance, usage, and errors of your applications.
The other answers are incorrect because Azure Service Health provides information about Azure service issues and planned maintenance, Azure Advisor gives recommendations to optimize your Azure environment, and Azure Resource Manager templates are used for deploying and managing Azure resources through code, not monitoring applications.
What are the types of locks in Azure that protect you from accidentally deleting a resource? (Select TWO.)
Microsoft Entra ID – Conditional Access
Management Locks – CanNotDelete
Management Locks – Read-only
Microsoft Entra ID – smart lockout
SMB File Locking
The correct answers are Management Locks – CanNotDelete and Management Locks – Read-only, because these types of management locks help protect Azure resources by restricting what actions can be taken. “CanNotDelete” means authorized users can read and modify a resource but cannot delete it, while “Read-only” means users can only read the resource without making any changes.
The other answers are incorrect because Microsoft Entra ID – Conditional Access manages user access and not resource protection, Microsoft Entra ID – smart lockout deals with account security during sign-in attempts, and SMB File Locking is related to file sharing, not Azure resource management.
If you delete a resource group, what will happen to the resources inside it?
The resources inside will be transferred to Azure Storage Account.
The resources inside will be transferred to Azure Site Recovery.
The resources inside it will not be deleted.
The resources inside it will be deleted.
The correct answer is the resources inside it will be deleted, because when you delete a resource group in Azure, all the resources contained within that group are automatically deleted along with it.
The other answers are incorrect because Azure does not transfer the resources to a Storage Account or Site Recovery when a resource group is deleted, and the resources definitely do not remain intact — they are fully deleted with the resource group.
What Azure Service would you use if the project requires you to ship faster, operate with ease, scale confidently, and accelerate containerized application development?
Public Load Balancer
Azure Container Registry
Azure Kubernetes Service
Private Load Balancer
The correct answer is Azure Kubernetes Service (AKS). AKS is a managed container orchestration service that simplifies the deployment, management, and scaling of containerized applications using Kubernetes. It is specifically designed to help with accelerating containerized application development, scaling efficiently, and managing the underlying infrastructure with ease, which aligns with the project requirements of shipping faster and scaling confidently.
The other options are not suited for containerized application management at the same level. Azure Container Registry is used for storing container images, while Public Load Balancer and Private Load Balancer are used for distributing traffic to services but don’t specifically handle container orchestration like AKS.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Two virtual machines that use D2d v4 instance will always be billed the same monthly costs.
Operating expenditures are ongoing costs of doing business. Consuming cloud services in a pay-as-you-go model could qualify as an operating expenditure.
Capital expenditures generate benefits over a long period. These expenditures are generally nonrecurring and result in the acquisition of permanent assets.
- No. The costs of virtual machines using the same instance type (like D2d v4) can vary depending on factors like the duration of usage, storage, and network traffic. Variations in usage patterns, regions, or additional resources like public IPs or disks can impact the overall cost.
- Yes. Operating expenditures (OPEX) are indeed ongoing costs associated with running the business. In the case of the cloud, the pay-as-you-go model fits within OPEX since it involves recurring costs based on usage, rather than upfront capital investments.
- Yes. Capital expenditures (CAPEX) involve the purchase of assets that provide long-term benefits, like equipment or property, and are typically nonrecurring. These expenditures are not usually tied to ongoing operations but represent long-term investments.
A company has several Windows virtual machines deployed in Microsoft Azure and Linux servers in their on-premises datacenter as part of their hybrid cloud strategy.
The company plans to manage their on-premises Linux servers using the Azure portal.
What should the company use to monitor and manage the Linux servers as if they are running in Azure?
Azure Site Recovery
Azure App Service
Azure Arc
Azure Migrate
The correct answer is Azure Arc.
Azure Arc allows you to manage and monitor resources outside of Azure, including on-premises Linux servers, through the Azure portal. It extends Azure management capabilities to hybrid and multi-cloud environments, enabling you to manage these resources as if they were natively within Azure.
The other options are incorrect because:
- Azure Site Recovery is used for disaster recovery and business continuity, not for managing Linux servers.
- Azure App Service is a platform for hosting web apps, not for managing on-premises Linux servers.
- Azure Migrate helps with migrating workloads to Azure but does not provide ongoing management after the migration.
A company plans to migrate an application to Azure. The application will host the banking records of its users and you need to recommend a security information event management (SIEM) and security orchestration automated response (SOAR) solution.
What Azure service will fit your recommendation?
Microsoft Defender for Cloud
Azure CycleCloud
Azure Sphere
Microsoft Sentinel
The correct answer is Microsoft Sentinel.
Microsoft Sentinel is a SIEM and SOAR solution that provides intelligent security analytics, threat detection, and automated response capabilities. It helps organizations monitor, detect, and respond to security threats across their entire environment, including Azure. It can aggregate security data from multiple sources, provide insights, and automate response workflows.
The other options are incorrect because:
- Microsoft Defender for Cloud provides security management and threat protection for cloud workloads, but it’s not specifically a SIEM or SOAR solution.
- Azure CycleCloud is a service for managing high-performance computing (HPC) workloads, not related to security or SIEM/SOAR.
- Azure Sphere is a security solution for connected devices, mainly IoT, and is not a SIEM or SOAR solution.
Match the Azure service to the correct description.
A DNS-based traffic load balancer
Layer 4 regional load balancer
Layer 7 regional load balancer
Global load balancing and site acceleration service
Azure Front Door
Application Gateway
Azure Traffic Manager
Azure Load Balancer
Here is the correct matching of Azure services to their descriptions:
-
A DNS-based traffic load balancer: Azure Traffic Manager
Azure Traffic Manager uses DNS to direct traffic to different Azure regions and endpoints based on policies, ensuring optimal traffic distribution. -
Layer 4 regional load balancer: Azure Load Balancer
Azure Load Balancer operates at Layer 4 (TCP/UDP) and is used for distributing traffic within a single Azure region, offering high availability. -
Layer 7 regional load balancer: Application Gateway
Azure Application Gateway operates at Layer 7 (HTTP/HTTPS) and provides advanced traffic routing, such as URL-based routing and SSL termination, within a region. -
Global load balancing and site acceleration service: Azure Front Door
Azure Front Door provides global load balancing and accelerates the delivery of your site by caching content at global points of presence, improving performance and availability.
Which Azure service allows you to use just-in-time (JIT) VM access?
Microsoft Sentinel
Azure Information Protection
Azure Monitor
Microsoft Defender for Cloud
The correct answer is Microsoft Defender for Cloud.
Microsoft Defender for Cloud offers Just-In-Time (JIT) VM access, which helps you reduce the exposure of your virtual machines to unauthorized access by allowing access only when needed and for a limited time. This security feature minimizes the attack surface by closing inbound ports automatically when they are not in use.
The other services mentioned do not provide JIT VM access:
- Microsoft Sentinel is a SIEM and SOAR service used for threat detection and response.
- Azure Information Protection is used for classifying, labeling, and protecting data.
- Azure Monitor is used for monitoring the performance and health of Azure resources, not for controlling VM access.
Your organization has resources in an Azure Subscription that contains the following unused resources:
20 Public IP addresses
15 route tables
5 network security groups
10 Virtual Networks
As part of cost-cutting activities, you need to determine what unused resources are incurring costs.
Solution: Delete the unused public IP addresses.
Does this meet the goal?
Yes
No
The correct answer is Yes.
Deleting unused public IP addresses will indeed help cut costs, as public IP addresses in Azure incur charges when they are reserved but not associated with a resource (such as a virtual machine or load balancer). Removing unused public IP addresses will stop the associated costs.
The other resources mentioned, such as route tables, network security groups, and virtual networks, typically do not incur charges unless they are actively in use with other resources. Therefore, deleting them won’t directly impact costs unless they are tied to active resources. However, if these resources are not in use and are just sitting idle, they likely aren’t incurring costs either.
A company plans to migrate to Azure.
The company has multiple departments, and each department has its own support team led by a department administrator.
What are possible solutions to ensure segmentation between departments? (Select TWO.)
Deploy multiple subscriptions
Deploy multiple virtual machines
Deploy multiple Microsoft Entra ID
Deploy multiple resource groups
The correct answers are Deploy multiple subscriptions and Deploy multiple resource groups.
Deploying multiple subscriptions can be an effective way to segment resources between different departments, as each department can have its own subscription with its own billing, access controls, and resource management policies.
Deploying multiple resource groups within a single subscription can also provide segmentation at the resource level, where each department can have its own resource group to manage and control its resources independently. Resource groups allow for the organization of resources and help manage access, policies, and deployment.
The other options are incorrect:
- Deploy multiple virtual machines would not provide segmentation at the organizational or department level, as virtual machines are just individual resources and don’t provide control over entire departments.
- Deploy multiple Microsoft Entra ID is unnecessary unless the company wants completely separate identity management across departments. It’s usually more efficient to use a single Entra ID with different groups and roles for segmentation.
Your company plans to migrate its application and MS SQL database servers to Microsoft Azure.
Your company needs to have the highest level of flexibility and management control over its Azure resources. Therefore, you need to recommend a migration plan to only use Infrastructure as a Service solution in your Azure deployment.
What migration plan should you recommend?
Solution: Deploy an Azure virtual machine for your application server and an Azure SQL Database for your database server.
Does this meet the goal?
No
Yes
The correct answer is No.
The solution does not meet the goal of using only Infrastructure as a Service (IaaS). Azure SQL Database is a Platform as a Service (PaaS) offering, which provides a managed database service with automated tasks like patching, backup, and scaling. Since you need to maintain the highest level of flexibility and management control over your resources, a virtual machine would be appropriate for the application server, but the database server should also use an Azure virtual machine running SQL Server, rather than Azure SQL Database, to align with the IaaS requirement.
The correct solution should involve deploying Azure virtual machines for both the application and SQL database servers, ensuring that you have full control over the infrastructure and management.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
Microsoft Entra ID helps your employees to sign in and have external access to resources such as the Azure portal.
Microsoft Entra ID does not support seamless single sign-on to cloud-based applications.
On-premises Active Directory identities cannot be synchronized to Microsoft Entra ID.
- Yes. Microsoft Entra ID allows employees to sign in and access resources like the Azure portal, enabling secure authentication and access management.
- No. Microsoft Entra ID supports seamless single sign-on (SSO) to both cloud-based and on-premises applications, providing a streamlined user experience.
- No. On-premises Active Directory identities can be synchronized to Microsoft Entra ID using tools like Azure AD Connect, allowing a unified identity system.
Your company plans to migrate its application and MS SQL database servers to Microsoft Azure.
Your company needs to have the highest level of flexibility and management control over its Azure resources. Therefore, you need to recommend a migration plan to only use Infrastructure as a Service solution in your Azure deployment.
What migration plan should you recommend?
Solution: Deploy an Azure virtual machine for your application server and SQL Server on Azure virtual machine for your database server.
Does this meet the goal?
Yes
No
Yes. Deploying an Azure virtual machine for your application server and SQL Server on an Azure virtual machine for your database server would meet the goal. This approach ensures that the company is using Infrastructure as a Service (IaaS) for both the application and database, providing the highest level of flexibility and control over the resources.
A company has three subscriptions for each department named TDHR, TDIT, and TDAccounting.
You need to recommend a solution that will allow you to manage policies across multiple subscriptions.
What Azure solution would you recommend?
Azure policies
Azure advisor
Azure management groups
Azure resource groups
The correct answer is Azure management groups. Azure management groups allow you to organize and manage policies, access, and compliance across multiple subscriptions, making it easier to apply policies at scale across departments or regions.
Azure policies are used to enforce specific rules and effects on resources, but they don’t manage resources across subscriptions like management groups do. Azure Advisor provides personalized best practices and recommendations to optimize Azure resources but doesn’t handle policy management. Azure resource groups are used to organize resources within a subscription, not across multiple subscriptions.
You need to execute a command using Azure Cloud Shell.
Which Azure management tool will you use?
Azure PowerShell
Azure Portal
Azure Command-Line Interface (CLI)
Azure Advisor
The correct answer is Azure Portal. Azure Cloud Shell is accessible directly from the Azure Portal, allowing users to execute commands via either Azure PowerShell or Azure CLI within the portal. The Azure Portal provides the management interface where you can launch and interact with Cloud Shell to execute commands on your Azure resources.
Azure PowerShell and Azure CLI are tools that can be used within Cloud Shell, but they are not the management tool themselves; they are command-line interfaces used to manage resources. Azure Advisor provides recommendations for optimizing Azure environments but does not execute commands.
For each of the following items, choose Yes if the statement is true or choose No if the statement is false.
You can delete a blob that has been in the archive tier for 90 days without incurring additional costs.
You can set the default access tier of a storage account to Archive.
You can’t archive existing blob files.
The first answer is No because when you delete a blob that has been in the archive tier for less than 180 days, you incur additional costs due to early deletion charges. These charges apply if the blob is deleted before the 180-day minimum retention period.
The second answer is No because you cannot set the default access tier of a storage account to Archive. The default tier for a storage account is usually Hot or Cool, but not Archive.
The third answer is No because you can archive existing blob files. You can move or copy existing blobs to the Archive tier, which is intended for infrequently accessed data, but the blobs must be stored in either the Hot or Cool tier before they can be archived.
