Exams - Practice the AZ-900

The AZ-900: Notes to get through the Azure Fundamentals Certificate and these Practice exams are derived from different sources.

• Notes taken in: September 2023.
• Certification accomplish at: September 23th, 2023.
• Practice tests: Practice tests from different sources.

Microsoft platform

Practice assessment 1

Question 1 of 50

Why is cloud computing often less expensive than on-premises datacenters? Each correct answer presents a complete solution.

• You are only billed for what you use.

Renting compute and storage services and being billed for only what you use often lowers operating expenses. Depending on the service and the type of network bandwidth, charges can be incurred. Cloud service offerings often provide functionality that can be difficult or cost-prohibitive to deploy on-premises, especially for smaller organizations. Major cloud providers offer services around the world. Making it easy and relatively inexpensive to deploy services close to where your users reside. Describe cloud computing - Training | Microsoft Learn

Question 2 of 50

Select the answer that correctly completes the sentence. (------Your Answer Here -------) refers to upfront costs incurred one time, such as hardware purchases.

• Capital expenditures

Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

Describe cloud computing - Training | Microsoft Learn

Question 3 of 50

Which cloud deployment model are you using if you have servers physically located at your organization’s on-site datacenter, and you migrate a few of the servers to the cloud?

• hybrid cloud

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Describe cloud computing - Training | Microsoft Learn

Question 4 of 50

Select the answer that correctly completes the sentence.

Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called (------Your Answer Here -------).

• vertical scaling

You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 5 of 50

Select the answer that correctly completes the sentence.

Deploying and configuring cloud-based resources quickly as business requirements change is called (------Your Answer Here -------).

• agility

Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 6 of 50

What are cloud-based backup services, data replication, and geo-distribution features of?

• a disaster recovery plan

Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 7 of 50

What is high availability in a public cloud environment dependent on?

• the service-level agreement (SLA) that you choose

Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 8 of 50

Select the answer that correctly completes the sentence.

An example of (------Your Answer Here -------) is automatically scaling an application to ensure that the application has the resources needed to meet customer demands.

• elasticity

Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 9 of 50

Select the answer that correctly completes the sentence.

Increasing the capacity of an application by adding additional virtual machine is called (------Your Answer Here -------).

• horizontal scaling

Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Agility refers to the ability to deploy new applications and services quickly. High availability minimizes downtime when things go wrong. Describe the benefits of using cloud services - Training | Microsoft Learn

Question 10 of 50

In a platform as a service (PaaS) model, which two components are the responsibility of the cloud service provider? Each correct answer presents a complete solution.

• operating system
• physical network

In PaaS, the cloud provider is responsible for the operating system, physical datacenter, physical hosts, and physical network. In PaaS, the customer is responsible for accounts and identities. Describe cloud service types - Training | Microsoft Learn

Question 11 of 50

Which type of cloud service model is typically licensed through a monthly or annual subscription?

• software as a service (SaaS)

SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use. Describe cloud service types - Training | Microsoft Learn

Question 12 of 50

In which cloud service model is the customer responsible for managing the operating system?

• Infrastructure as a service (IaaS)

IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS. Describe cloud service types - Training | Microsoft Learn

Question 13 of 50

What is the customer responsible for in a software as a service (SaaS) model?

• data and access

SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud. Describe cloud service types - Training | Microsoft Learn

Question 14 of 50

What uses the infrastructure as a service (IaaS) cloud service model?

• Azure virtual machines

Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering. Describe cloud service types - Training | Microsoft Learn

Question 15 of 50

Select the answer that correctly completes the sentence.

(------Your Answer Here -------) is the logical container used to combine and organize Azure resources.

• a resource group

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed. Describe the core architectural components of Azure - Training | Microsoft Learn

Question 16 of 50

Select the answer that correctly completes the sentence.

In a region pair, a region is paired with another region in the same (------Your Answer Here -------).

• geography

Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away. Describe the core architectural components of Azure - Training | Microsoft Learn

Question 17 of 50

What is an Azure Storage account named storage001 an example of?

• a resource

A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources. Describe the core architectural components of Azure - Training | Microsoft Learn

Question 18 of 50

For which resource does Azure generate separate billing reports and invoices by default?

• subscriptions

Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization. Describe the core architectural components of Azure - Training | Microsoft Learn

Question 19 of 50

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

• management groups

Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. A inistrative units are used to delegate the administration of Azure AD resources, such as users and groups. Accounts are used to provide access to resources

Describe the core architectural components of Azure - Training | Microsoft Learn

Question 20 of 50

Select the answer that correctly completes the sentence.

(------Your Answer Here -------) is the deployment and management service for Azure.

• Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment. Describe the core architectural components of Azure - Training | Microsoft Learn

Question 21 of 50

What can you use to execute code in a serverless environment?

• Azure Functions

Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code. Describe Azure compute and networking services - Training | Microsoft Learn

Question 22 of 50

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

• service endpoints

Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together. Describe Azure compute and networking services - Training | Microsoft Learn

Question 23 of 50

Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution.

• Azure VPN Gateway
• ExpressRoute

ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks. Azure ExpressRoute: Connectivity models | Microsoft Learn. Describe Azure compute and networking services - Training | Microsoft Learn

Question 24 of 50

Which storage service should you use to store thousands of files containing text and images?

• Azure Blob storage

Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data. Describe Azure storage services - Training | Microsoft Learn

Question 25 of 50

Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data?

• Archive

The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data. Describe Azure storage services - Training | Microsoft Learn

Question 26 of 50

Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol?

• Azure Files

Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network. Describe Azure storage services - Training | Microsoft Learn

Question 27 of 50

Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution.

• serving images or documents directly to a browser
• storing data for backup and restore

Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares. Describe Azure storage services - Training | Microsoft Learn

Question 28 of 50

Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data?

• Hot

The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. Describe Azure storage services - Training | Microsoft Learn

Question 29 of 50

Which two protocols are used to access Azure file shares? Each correct answer presents a complete solution.

• Network File System (NFS)
• Server Message Block (SMB)

Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols. Describe Azure storage services - Training | Microsoft Learn

Question 30 of 50

What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers?

• single sign-on (SSO)

SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals. Azure AD supports the registration of devices. Describe Azure identity, access, and security - Training | Microsoft Learn

Question 31 of 50

What can you use to allow a user to manage all the resources in a resource group?

• Azure role-based access control (RBAC)

Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location. Describe Azure identity, access, and security - Training | Microsoft Learn

Question 32 of 50

Which type of strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data?

• defense in depth

A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application's resources. The perimeter layer is about protecting an organization's resources from network-based attacks. Describe Azure identity, access, and security - Training | Microsoft Learn

Question 33 of 50

Which two services are provided by Azure AD? Each correct answer presents a complete solution.

• authentication
• single sign-on (SSO)

Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD. Describe Azure identity, access, and security - Training | Microsoft Learn

Question 34 of 50

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day.

What should you do to minimize costs but preserve the associated hard disks and data?

• Resize the virtual machine. This answer is incorrect.

• Deallocate the virtual machine. This answer is correct.

If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated. Describe cost management in Azure - Training | Microsoft Learn

Question 35 of 50

You need to associate the costs of resources to different groups within an organization without changing the location of the resources. What should you use?

• subscriptions. This answer is incorrect.

• resource tags. This answer is correct.

Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment. Tag resources, resource groups, and subscriptions for logical organization - Azure Resource Manager | Microsoft Learn. Describe the purpose of tags - Training | Microsoft Learn

Question 36 of 50

Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?

• Azure Reservations

Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance.Spending limits can suspend a subscription when the spend limit is reached. Describe cost management in Azure - Training | Microsoft Learn

Question 37 of 50

What can be applied to a resource to prevent accidental deletion?

• a resource lock

A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together. Describe features and tools in Azure for governance and compliance - Training | Microsoft Learn

Question 38 of 50

You need to recommend a solution for Azure virtual machine deployments. The solution must enforce company standards on the virtual machines. What should you include in the recommendation?

• Azure Blueprints. This answer is incorrect.

• Azure Policy. This answer is correct.

Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine. Describe features and tools in Azure for governance and compliance - Training | Microsoft Learn

Question 39 of 50

You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription. What should you implement?

• Azure Policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. Describe features and tools in Azure for governance and compliance - Training | Microsoft Learn

Question 40 of 50

What can you use to restrict the deployment of a virtual machine to a specific location?

• Azure Policy

Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location. Overview of Azure Policy - Azure Policy | Microsoft Learn. Describe the purpose of Azure Policy - Training | Microsoft Learn

Question 41 of 50

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

• Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account. Describe features and tools for managing and deploying Azure resources - Training | Microsoft Learn

Question 42 of 50

What can you use to manage servers across cloud platforms and on-premises environments?

• Azure Arc

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform. Describe features and tools for managing and deploying Azure resources - Training | Microsoft Learn. Describe the purpose of Azure Arc - Training | Microsoft Learn.

Question 43 of 50

What provides recommendations to reduce the cost of Azure resources?

• Azure Advisor

Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules. Describe monitoring tools in Azure - Training | Microsoft Learn

Question 44 of 50

You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration. What should you recommend?

• Azure CLI

Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI. Describe features and tools for managing and deploying Azure resources - Training | Microsoft Learn

Question 45 of 50

You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand. What should you include in the solution?

• Application insights. This answer is incorrect.

• Azure Monitor. This answer is correct.

Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling. Describe monitoring tools in Azure - Training | Microsoft Learn

Question 46 of 50

What should you proactively review and act on to avoid service interruptions, such as service retirements and breaking changes?

• Azure Monitor. This answer is incorrect.

• health advisories. This answer is correct.

Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions. Describe monitoring tools in Azure - Training | Microsoft Learn

Question 47 of 50

What can you use to get notification about an outage in a specific Azure region?

• Azure Service Health

Service Health notifies you of Azure-related service issues, such as region-wide downtime. Describe monitoring tools in Azure - Training | Microsoft Learn

Question 48 of 50

Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes?

• Azure Monitor

Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment. Describe monitoring tools in Azure - Training | Microsoft Learn

Question 49 of 50

What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource?

• a lock

Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn Describe features and tools in Azure for governance and compliance - Training | Microsoft Learn

Question 50 of 50

Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets?

Your Answer:

• Data Estate Insights. This answer is incorrect.
• Data Policy. This answer is correct.

Incorrect: Data Catalog –– This enables data discovery. Incorrect: Data Sharing –– This shares data within and between organizations. Incorrect: Data Estate Insights –– This accesses data estate health. Correct: Data Policy –– This governs access to data.

Introduction to Microsoft Purview governance solutions - Microsoft Purview | Microsoft Learn. Describe features and tools in Azure for governance and compliance - Training | Microsoft Learn

Exams from "Course AZ-900: Microsoft Azure Fundamentals Original Practice Tests"

Exams from the Udemy course AZ-900: Microsoft Azure Fundamentals Original Practice Tests.

Test 1

Question 1: Which Azure feature is specifically designed to help companies get their in-house developed code from the code repository, through automated unit testing, and onto Azure using a service called Pipelines?

• Azure Monitor
• GitHub
• Azure DevOps
• Virtual Machines

Explanation: Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to build an automation that moves code (and all related dependencies) through various stages from the development environment into deployment.

Question 2: True or false: there are no service level guarantees (SLA) when a service is in General Availability (GA)

• FALSE
• TRUE

Explanation: False, most Azure GA services do have service level agreements. See: https://azure.microsoft.com/en-ca/support/legal/sla/

Question 3: Which ways does the Azure Resource Manager model provide to deploy resources?

• CLI
• Powershell
• Azure Portal
• REST API / SDK

Explanation: Azure Resource Manager (ARM) is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. The ARM model allows you to work with resources in a consistent manner, whether through Azure portal, PowerShell, REST APIs/SDKs, or the Command-Line Interface (CLI).

1. Azure Portal: This is a web-based, unified console that provides an alternative to command-line tools. You can manage your Azure resources directly through a GUI.

2. PowerShell: Azure PowerShell is a module that provides cmdlets to manage Azure through Windows PowerShell and PowerShell Core. You can use it to build scripts for managing and automating your Azure resources.

3. REST API / SDK: Azure provides comprehensive REST APIs that can be used directly or via Azure SDKs available in multiple languages. This allows developers to integrate Azure services in their applications, services, or tools.

4. CLI: Azure CLI is a cross-platform command-line program that connects to Azure and executes administrative commands on Azure resources. It's designed to make scripting easy, authenticate with Azure platform, and quickly run commands to perform common administrative tasks or deploy to Azure.

Each of these methods supports the full set of Azure Resource Manager features, and you can choose the one that best fits your workflow. See: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Question 4: What type of container is used to collect log and metric data from various Azure Resources?

• Log Analytics Workspace
• Managed Storage
• Append Blob Storage
• Azure Monitor account

Explanation: Log Analytics Workspace is required to collect logs and metrics. See: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

Question 5: Which Azure service is meant to be a security dashboard that contains all the security and threat protection in one place?

• Azure Portal Dashboard
• Azure Security Center
• Azure Key Vault
• Azure Monitor

Explanation: Azure Security Center - unified security management and threat protection; a security dashboard inside Azure Portal. See: https://azure.microsoft.com/en-us/services/security-center/

Question 6: What is a DDoS attack?

• A denial of service attack that sends so much traffic to a network that it cannot respond fast enough; legitimate users become unable to use the service
• An attempt to read the contents of a web page from another website, thereby stealing the user's private information
• An attempt to send SQL commands to the server in a way that it will execute them against the database
• An attempt to guess a user's password through brute force methods

Explanation: Distributed Denial of Service attacks (DDoS) -a type of attack that originates from the Internet that attempts to overwhelm a network with millions of packets of bad traffic that aims to prevent legitimate traffic from getting through. See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Question 7: In the context of cloud computing and Azure services, how would you define 'compute resources'?

• They include all resources listed in the Azure Marketplace.
• They are resources that execute tasks requiring CPU cycles.
• They refer exclusively to Virtual Machines.
• They encompass Virtual Machines, Storage Accounts, and Virtual Networks.

Explanation: The correct answer is "They are resources that execute tasks requiring CPU cycles". In cloud computing, the term "compute" refers to the amount of computational power required to process a task - essentially, it's anything that uses processing power (CPU cycles) to perform operations. This includes, but is not limited to, running applications, executing scripts, and processing data. While virtual machines (VMs) are a common type of compute resource, they are not the only type. Azure offers a wide variety of compute resources, like Azure Functions for serverless computing, Azure Kubernetes Service for container-based applications, and Azure Batch for parallel and high-performance computing tasks. So, the definition of compute resources is broader than just VMs or certain resources listed in the Azure Marketplace. It also includes more than VMs, Storage Accounts, and Virtual Networks, as these other resources (storage and networking) have distinct roles separate from the compute resources. Storage accounts deal with data storage while virtual networks are concerned with networking aspects in Azure, not with performing tasks that require CPU cycles. Therefore, "They are resources that execute tasks requiring CPU cycles" is the most accurate answer. See: https://azure.microsoft.com/en-us/product-categories/compute/

Question 8: Which Azure Service contains pre-built machine learning models that you can use in your own code, using an API?

• Cognitive Services
• Azure Functions
• Azure Blueprints
• App Services

Explanation: Cognitive Services is an API that Azure provides, that gives access to a set of pre-built machine learning models including vision services, speech services, knowledge management and chat bots.

Question 9: In Microsoft Azure, what is the maximum number of virtual machines that can be included in a single Virtual Machine Scale Set, as per Azure's standard guidelines and capabilities?

• 10000
• 1000
• Unlimited
• 500

Explanation: The correct answer is 1000. Azure Virtual Machine Scale Sets are a service provided by Azure that allows you to manage, scale, and distribute large numbers of identical virtual machines. As per the limitations set by Microsoft Azure, a single Virtual Machine Scale Set can support up to 1000 VM instances. This capacity allows for high availability and network load balancing across a large number of virtual machines, providing a robust and efficient solution for applications that require heavy compute resources. However, if you are using custom VM images, this limit decreases to 600 instances. This functionality is part of Azure's Infrastructure as a Service (IaaS) offerings, providing flexibility and scalability to businesses and developers. See: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

Question 10: What feature within Azure will make recommendations to you about reducing cost on your account?

• Azure Service Health
• Azure Security Center
• Azure Advisor
• Azure Dashboard

Explanation: Azure Advisor analyzes your account usage and makes recommendations for you based on its set rules. See: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Question 11: Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy?

• Use an account that has Contributor or above permissions to the resource group
• Subscription Owners (Administrators) can create resources regardless of what the policy restricts
• The only way is to remove the policy, create the resource and add the policy back

Explanation: You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task. See: https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question 12: You have decided to subscribe to Azure DDoS Protection at the IP Protection Tier. This provides advanced protection to defend against DDoS attacks. What type of DDoS attack does DDoS Protection NOT protect against?

• Transport (L4) level attacks
• Application (L7) level attacks
• Network (L3) level attacks

Explanation: The correct answer is "Application level attacks":

• Network-level attacks are attacks that target the network infrastructure, such as the routers and switches that connect your Azure resources to the internet. Azure DDoS Protection IP Protection Tier can protect against network-level attacks by absorbing and rerouting excessive traffic, and by scrubbing malicious traffic.

• Transport-level attacks are attacks that target the transport layer of the network protocol stack, such as TCP and UDP. Azure DDoS Protection IP Protection Tier can protect against transport-level attacks by absorbing and rerouting excessive traffic, and by scrubbing malicious traffic.

• Application-level attacks are attacks that target the application layer of the network protocol stack, such as HTTP and DNS. Azure DDoS Protection IP Protection Tier does not protect against application-level attacks, because it is designed to protect against network and transport-level attacks.

To protect against application-level attacks, you need to use a web application firewall (WAF). A WAF is a software appliance that sits in front of your application and filters out malicious traffic. WAFs can be configured to protect against a wide variety of application-level attacks, such as SQL injection, cross-site scripting, and denial of service attacks. See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Question 13: Which of the following characteristics of a cloud-based system primarily contributes to its elasticity?

• The system's ability to recover automatically after a crash.
• The system's ability to dynamically increase and decrease capacity based on real-time demand.
• The system's ability to maintain availability while updates are being implemented.
• The system's ability to withstand denial-of-service attacks.

Explanation: The correct answer is "The ability to increase and reduce capacity based on actual demand." This characteristic refers to the concept of elasticity in cloud computing. An elastic system is one that can automatically adjust its resources (compute, storage, etc.) in response to changing workloads and demands. This is done to ensure optimal performance and cost-effectiveness. When demand increases, the system can scale out by adding more resources, and when demand decreases, it can scale in by reducing resources, all without significant manual intervention. The other options, while important for overall system robustness, do not define elasticity. Withstanding denial of service attacks pertains to security, maintaining availability during updates refers to zero-downtime deployment or high availability, and self-healing after a crash refers to resilience or fault tolerance. None of these are about dynamically adjusting capacity based on demand, which is the hallmark of an elastic system. See: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

Question 14: Logic apps, functions, and service fabric are all examples of what model of compute within Azure?

• SaaS model
• App Services Model
• IaaS model
• Serverless model

Explanation: The correct answer is the Serverless model. Azure Logic Apps, Azure Functions, and Azure Service Fabric are all examples of serverless computing in Azure. Serverless computing is a cloud computing model where the cloud provider automatically manages the provisioning and allocation of servers, hence the term "serverless". The serverless model allows developers to focus on writing the code and business logic rather than worrying about the underlying infrastructure, its setup, maintenance, scaling, and capacity planning.

• Azure Logic Apps is a cloud service that allows developers to build workflows that integrate apps, data, services, and systems.
• Azure Functions is an event-driven, compute-on-demand experience that extends the existing Azure application platform with capabilities to implement code triggered by events occurring in Azure or third-party services.
• Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices.

In contrast, IaaS (Infrastructure as a Service) refers to cloud-based services where you rent IT infrastructure—servers and virtual machines (VMs), storage, networks, and operating systems—from a cloud provider on a pay-as-you-go basis. SaaS (Software as a Service) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet, which doesn't align with the services mentioned in the question. The App Services model is a platform for hosting web applications, REST APIs, and mobile backends, but it's not strictly serverless as it doesn't auto-scale in the same way. See: https://azure.microsoft.com/en-us/solutions/serverless/

Question 15: What is a primary benefit of opting for a consumption-based pricing model over a time-based pricing model in cloud services?

• The ability to easily predict the future cost of the service.
• It always being cheaper to pay for consumption rather than paying hourly.
• Significant cost savings when the resources aren't needed for constant use.
• A simpler and easier-to-understand pricing model.

Explanation: The correct answer is "Significant cost savings when the resources aren't needed for constant use". In a consumption-based pricing model, also known as pay-as-you-go, customers are billed only for the specific resources they use. This model provides cost-efficiency for workloads with variable usage patterns or for resources that aren't needed continuously.

When compared to a time-based pricing model, where resources are billed on a fixed schedule regardless of actual use (for example, hourly or monthly), consumption-based pricing can result in significant cost savings if the resources are not used often or their usage fluctuates.

While the other options can be true in certain cases, they aren't inherently beneficial aspects of the consumption-based model. The cost predictability can be challenging due to the variable nature of usage (Answer 1), it's not always cheaper (Answer 2) as it depends on the resource usage pattern, and the simplicity of the pricing model (Answer 4) depends on the specific terms and conditions of the service provider. Therefore, the most accurate and generalizable benefit is the potential for cost savings with infrequent or variable resource use. See: https://docs.microsoft.com/en-us/azure/azure-functions/functions-consumption-costs

Question 16: In Microsoft Azure, which tool or service allows for the organization and management of multiple subscriptions within hierarchical structures?

• RBAC (Role-Based Access Control)
• Management Groups
• Azure Active Directory
• Resource Groups

Explanation: The correct answer is Management Groups. In Azure, Management Groups provide a way to manage access, policies, and compliance for multiple subscriptions. They can be structured into a hierarchy for the organization's needs. All subscriptions within a Management Group automatically inherit the conditions applied to the Management Group, facilitating governance on a large scale.

Resource Groups, on the other hand, are containers for resources deployed on Azure. They do not provide management capabilities across multiple subscriptions.

RBAC (Role-Based Access Control) is a system that provides fine-grained access management to Azure resources but it doesn't inherently support the organization of subscriptions into hierarchies.

Azure Active Directory is a service that provides identity and access management capabilities but does not provide a direct mechanism for managing multiple subscriptions in nested hierarchies.

Hence, Management Groups is the correct answer as it directly allows for the management and organization of multiple subscriptions into nested hierarchies, which the other options do not. See: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview

Question 17: Which feature of Azure Active Directory will require users to have their mobile phone in order to be able to log in?

• Azure Security Center
• Multi-Factor Authentication
• Azure Information Protection (AIP)
• Advanced Threat Protection (ATP)

Explanation: Multi-Factor Authentication (MFA) - the concept of having something additional to a “password” that is required to log in; passwords are find-able or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get. See: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Question 18: Who is responsible for the security of the physical servers in an Azure data center?

• Azure is responsible for securing the physical data centers
• I am responsible for securing the physical data centers

Explanation: Azure is responsible for physical security. See: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security

Question 19: True or False: Azure is a public cloud, and has no private cloud offerings

• TRUE
• FALSE

Explanation: The correct answer is FALSE. While Azure is indeed widely recognized as a public cloud provider, offering a vast array of services accessible via the internet on a multi-tenant basis, it does also provide private cloud capabilities. One notable offering is Azure Stack, an extension of Azure that allows businesses to run apps in an on-premises environment and deliver Azure services in their datacenter. With Azure Stack, you get the flexibility of using Azure’s cloud capabilities while maintaining your own datacenter for privacy, regulatory compliance, or other requirements. Additionally, Azure offers services such as Azure Private Link, which provides private connectivity from a virtual network to Azure services, and Azure ExpressRoute, a service that enables a private, dedicated network connection to Azure. So, contrary to the statement, Azure does have private cloud offerings along with its public cloud, making the statement FALSE. See: 

• https://azure.microsoft.com/en-us/overview/what-is-a-private-cloud/
• https://azure.microsoft.com/en-us/global-infrastructure/government/
• https://azure.microsoft.com/en-us/overview/azure-stack/

Question 20: Who is responsible for the security of your Azure Storage account access keys?

• Azure is responsible for securing the access keys
• I am responsible for securing the access keys

Explanation: Customers are responsible to secure the access keys they are given and regenerate them if they are exposed. See: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage

Question 21: Which feature within Azure collects all of the logs from various resources into a central dashboard, where you can run queries, view graphs, and create alerts on certain events?

• Azure Portal Dashboard
• Azure Monitor
• Azure Security Center
• Storage Account or Event Hub

Explanation: Azure Monitor - a centralized dashboard that collects all the logs, metrics and events from your resources. See: https://docs.microsoft.com/en-us/azure/azure-monitor/overview

Question 22: When establishing a Site-to-Site VPN connection with Azure, what kind of network device needs to be present or installed in your company's on-premises network infrastructure?

• An Azure Virtual Network
• An Application Gateway
• A dedicated virtual machine
• A compatible VPN Gateway device

Explanation: The correct answer is a compatible VPN Gateway device. In order to establish a site-to-site VPN connection with Azure, a VPN Gateway is required on your company's internal network. A VPN Gateway is a specific type of virtual network gateway that sends encrypted traffic across a public network, like the Internet. While the name might suggest it's a purely virtual entity, in practice, the term "VPN Gateway" often refers to a hardware device that's installed on-premises in your data center. This device uses Internet Protocol security (IPsec) to establish a secure, encrypted connection to the Azure VPN Gateway, which resides in the Azure virtual network. This setup allows your local network and Azure to interact as if they're directly connected. In contrast, virtual machines, virtual networks, and application gateways are other types of Azure resources, but they do not facilitate creating a site-to-site VPN connection. It's important to note that your company's internal network hardware and settings must meet specific requirements to support a VPN Gateway. See: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Question 23: Which of the following is something that Azure Cognitive Services API can currently do?

• Translate text from one language to another
• All of these! Azure can do it all!
• Speak text in an extremely realistic way
• Create text from audio
• Recognize text in an image

Explanation: Azure can do all of them, of course. See: https://docs.microsoft.com/en-us/azure/cognitive-services/welcome

Question 24: Which of the following Azure features is most likely to deliver the most immediate savings when it comes to reducing Azure costs?

• Changing your storage accounts from globally redundant (GRS) to locally redundant (LRS)
• Auto shutdown of development and QA servers over night and on weekends
• Using Azure Reserved Instances for most of your virtual machines
• Using Azure Policy to restrict the user of expensive VM SKUs

Explanation: Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual machines. See: https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/save-compute-costs-reservations

Question 25: In the context of Azure's high availability solutions, what is the primary purpose of Azure Availability Zones?

• They serve as a folder structure in Azure used for organizing resources such as databases, virtual machines, and virtual networks.
• They are synonymous with an Azure region.
• They allow manual selection of data centers for virtual machine placement to achieve superior availability compared to other options.
• They represent certain server racks within individual data centers, specifically designed by Azure for higher uptime.

Explanation: The correct answer is: "They allow manual selection of data centers for virtual machine placement to achieve superior availability compared to other options."

Azure Availability Zones are a high availability offering that protects applications and data from datacenter failures. Each Azure region is composed of multiple datacenters, and each datacenter is essentially an Availability Zone. They are unique physical locations within a region, equipped with their own independent power, cooling, and networking. By placing your resources across different Availability Zones within a region, you can protect your apps and data from the failure of a single datacenter. If one datacenter goes down, the resources in the other datacenters (Availability Zones) can continue to operate, providing redundancy and increasing the overall availability of your applications. It's important to note that these zones are not the same as Azure regions (which are geographical areas containing one or more datacenters), nor are they equivalent to resource groups (which are logical containers for resources deployed on Azure). They are also not isolated to specific racks within a datacenter, but rather spread across different datacenters in a region, offering a broader scope of protection. See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

Question 26: Which of the following characteristics is essential for a system to be considered highly available in a cloud computing environment?

• The system must maintain 100% availability at all times.
• The system must be designed for resilience, with no single points of failure.
• It's impossible to create a highly available system.
• The system must operate on a minimum of two virtual machines.

Explanation: The correct answer is "A system specifically designed to be resilient, with no single point of failures". High availability in a system means that it is designed to operate continuously without failure for a long period of time. This is achieved by building redundancy into the system, eliminating single points of failure, and enabling rapid recovery from any failures that do occur. In other words, even if a component of the system fails, there are other components that can take over, allowing the system to continue operating seamlessly. While high availability often aims for close to 100% uptime, the claim of maintaining 100% availability is practically unrealistic due to factors like maintenance needs and unexpected failures. Also, having a minimum of two VMs may contribute to high availability but isn't a definitive requirement — it depends on the specifics of the system architecture. Finally, the assertion that it's not possible to create a highly available system is incorrect. There are established strategies and technologies for designing and operating highly available systems, and they are widely used in mission-critical applications across many industries. See: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/availability

Question 27: In the context of cloud computing, how is the benefit of 'agility' best described?

• It refers to the ability to swiftly recover from a large-scale regional failure.
• It refers to the ability to quickly respond to and drive changes in the market.
• It refers to the system's ability to easily scale up when it reaches full capacity.
• It refers to the ability to rapidly provision new resources.

Explanation: The correct answer is "It refers to the ability to quickly respond to and drive changes in the market". Agility, in the context of cloud computing, refers to the ability of an organization to rapidly adapt to market and environmental changes in productive and cost-effective ways. It involves quickly adjusting and adapting strategic and operational capabilities to respond to and take advantage of changes in the business environment. The other options, while also benefits of the cloud, do not directly align with the concept of agility. Spinning up new resources quickly (Answer 2) or growing capacity easily when full (Answer 3) relate more to the cloud's scalability and elasticity. The ability to recover from a region-wide failure rapidly (Answer 4) speaks to the cloud's resilience and disaster recovery capabilities. While these aspects can contribute to overall business agility, they don't encapsulate the broader strategic meaning of agility - the capacity to quickly adjust to market changes, which can include shifts in customer demand, competitive pressures, or regulatory changes, among others. Hence, the ability to respond to and drive market change quickly is the most accurate answer. See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/agility-outcomes

Question 28: If you wanted to simply use Azure as an extension of your own datacenter, not primarily hosting anything there but using it for extra storage or taking advantage of some services, what hosting model is that called?

• Public cloud
• Hybrid cloud
• Private cloud

Explanation: The correct answer is "Hybrid cloud." The scenario described in the question is a typical use case for a hybrid cloud model, which integrates private cloud or on-premises infrastructure with public cloud resources, such as those provided by Azure. In a hybrid cloud model, businesses can keep sensitive data or critical applications on their private cloud or on-premises datacenter for security and compliance reasons while using the public cloud's vast resources for additional storage, computational power, or specific services when necessary. This not only allows for greater flexibility and scalability, but also offers potential cost savings. In contrast, a purely public cloud model involves hosting all data and applications on a public cloud provider's infrastructure, and a purely private cloud model involves hosting everything on a business's own infrastructure or a rented, single-tenant infrastructure. The described scenario of extending an on-premises datacenter with Azure services fits best with the hybrid cloud model. See: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/

Question 29: In the context of cloud computing, a virtual machine (VM) is primarily associated with which type of cloud hosting model?

• Software as a Service (SaaS)
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)

Explanation: The correct answer is IaaS, which stands for Infrastructure as a Service. In the context of cloud computing, a virtual machine (VM) is typically provided as part of an IaaS offering. With IaaS, the provider manages the underlying physical infrastructure (like servers, network equipment, and storage), while the consumer controls the virtualized components of the infrastructure, such as the virtual machines, their operating systems, and the applications running on them. This is contrasted with the other options. In a Platform as a Service (PaaS) model, the consumer only controls the applications and possibly some configuration settings for the application-hosting environment, but does not manage the operating system, server hardware, or network infrastructure. Similarly, in a Software as a Service (SaaS) model, the consumer only uses the software and does not control any aspect of the infrastructure or platform where the application runs. Therefore, given that a virtual machine involves control over the operating system and applications within a cloud-managed infrastructure, it aligns with the IaaS hosting model. See: https://azure.microsoft.com/en-us/overview/what-is-iaas/

Question 30: Which of the following best describes the primary benefit of a Content Delivery Network (CDN) in a cloud computing context?

• For a nominal fee, Azure will manage your virtual machine, perform OS updates, and ensure optimal performance.
• It mitigates server load for static, unchanging files like images, videos, and PDFs by distributing them across a network of servers.
• It enables temporary session information storage for web visitors, such as their login ID or name.
• It provides fast and inexpensive data retrieval for later use.

Explanation: The correct answer, "It mitigates server load for static, unchanging files", is indeed the core benefit of a Content Delivery Network (CDN). A CDN stores copies of a website's static files on servers distributed globally. These static files could be anything that doesn't change frequently, like images, CSS, JavaScript, videos, etc. When a user visits the site, they are served these static files from the CDN server nearest to them geographically. This reduces the latency, as the data has a shorter distance to travel. Additionally, it reduces the load on the original server because the CDN handles a significant portion of the traffic. As a result, not only is the user experience improved due to faster load times, but the operational efficiency and performance of the original server are also enhanced. Therefore, CDNs are essential for sites serving large amounts of static content to a geographically dispersed user base. See: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

Question 31: What is the name of the group of services inside Azure that hosts the Apache Hadoop big data analysis tools?

• Azure Hadoop Services
• Azure Data Factory
• HDInsight
• Azure Kubernetes Services

Explanation: The correct answer is HDInsight. HDInsight is Microsoft Azure's offering for hosting the Apache Hadoop big data analysis tools. Apache Hadoop is an open-source software platform that supports data-intensive distributed applications. This platform enables processing large amounts of data across clusters of computers. Azure HDInsight is a cloud distribution of the Hadoop components from the Hortonworks Data Platform. It allows Azure users to process vast amounts of data with popular open-source frameworks such as Hadoop, Hive, HBase, Storm, and others. Additionally, the HDInsight service also supports R, Python, Scala, and .NET. So, it's not just limited to traditional Hadoop tools. Options like 'Azure Hadoop Services' and 'Azure Data Factory' are incorrect as Azure doesn't have a service named 'Azure Hadoop Services' and 'Azure Data Factory' is a cloud-based data integration service. 'Azure Kubernetes Services' is a service for managing containerized applications, not specifically for Hadoop. See: https://azure.microsoft.com/en-us/services/hdinsight/

Question 32: Within the landscape of cloud service models, how would Microsoft's Outlook 365 be best categorized?

• Infrastructure as a Service (IaaS)
• Software as a Service (SaaS)
• Platform as a Service (PaaS)

Explanation: The correct answer is SaaS, which stands for Software as a Service. Outlook 365, part of Microsoft's Office 365 suite, is a cloud-based service that provides access to various applications and services, including email, calendars, and contact management, which are delivered over the internet. In a SaaS model, the service provider is responsible for the infrastructure, platform, and software, and ensures their maintenance and updates. Users simply access the services via a web browser or app, without needing to worry about the underlying infrastructure, platform, or software updates. This contrasts with Infrastructure as a Service (IaaS), where the user is responsible for managing the operating systems, middleware, and applications, and Platform as a Service (PaaS), where the user manages only the applications and data. In both these models, the users have more responsibilities compared to SaaS. Since Outlook 365 is a software application delivered over the web with all underlying infrastructure and platform taken care of by Microsoft, it falls into the SaaS hosting model. See: https://azure.microsoft.com/en-us/overview/what-is-saas/

Question 33: Which major cloud provider offers the most international locations for customers to provision virtual machines and other servers?

• Microsoft Azure
• Google Cloud Platform
• Amazon AWS

Explanation: Microsoft Azure offers the most extensive global coverage among major cloud providers regarding geographical regions. This allows customers to provision virtual machines, databases, and other services in various international locations closer to their user base, which can enhance performance, reduce latency, and comply with local regulations regarding data residency. While AWS (Amazon Web Services) and GCP (Google Cloud Platform) also provide many regions globally, Microsoft Azure has distinguished itself with the broadest regional availability. See: https://azure.microsoft.com/en-us/global-infrastructure/regions/

Question 34: Which Azure website tool is available for you to estimate the future costs of your Azure products and services by adding products to a shopping basket and helping you calculate the costs?

• Azure Pricing Calculator
• Microsoft Docs
• Azure Advisor

Explanation: Azure Pricing Calculator lets you attempt to calculate your future bill based on resources you select and your estimates of usage. See: https://azure.microsoft.com/en-us/pricing/calculator/

Question 35: What is the name of Azure's hosted SQL database service?

• SQL Server in a VM
• Table Storage
• Cosmos DB
• Azure SQL Database

Explanation: SQL Database is a SQL Server compatible option in Azure, a database as a service. See: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-technical-overview

Question 36: True or false: You cannot have more than one Azure subscription per company

• TRUE
• FALSE

Explanation: You can have multiple subscriptions, as a way to separate out resources between billing units, business groups, or for any reason you wish. See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/subscriptions/

Question 37: Can you give someone else access to your Azure subscription without giving them your user name and password?

• YES
• NO

Explanation: Yes, anyone can create their own Azure account and you can give them access to your subscription with granular control as to permissions. See: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

Question 38: True or false: you can create your own policies if built-in Azure Policy is not sufficient to your needs

• FALSE
• TRUE

Explanation: True, you can create custom policies using JSON. See: https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-custom-policy-definition

Question 39: In the context of Azure's Service Level Agreement (SLA) for virtual machines, which of the following deployment strategies would offer the highest level of availability?

• Deploying two or more virtual machines across different availability zones within the same region.
• Deploying two or more virtual machines within the same data center.
• Deploying two or more virtual machines within an availability set.
• Deploying a single virtual machine.

Explanation: The correct answer is "Deploying two or more virtual machines across different availability zones within the same region".

Service Level Agreement (SLA) is a commitment by a service provider on the level of service - like uptime, performance, or other key metrics - that users can expect. Azure provides an SLA for various services, including Virtual Machines. A single VM, even with premium storage, provides a lesser SLA compared to VMs deployed in an Availability Set or across Availability Zones. While using an Availability Set (two or more VMs in the same datacenter but across fault and update domains) provides a higher SLA than a single VM, the highest SLA is provided when two or more VMs are deployed across Availability Zones in the same region. Availability Zones are unique physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. They are set up to be an isolation boundary - if one zone goes down, the other continues working. This distribution of VMs across zones provides high availability and resiliency, hence offering the highest SLA. See: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

Question 40: What is the basic way of protecting an Azure Virtual Network subnet?

• Network Security Group
• Azure DDos Standard protection
• Azure Firewall
• Application Gateway with WAF

Explanation: Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports are allowed to travel through from outside the virtual network to inside the virtual network. See: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 41: True or false: Formal support is not included in private preview mode.

• FALSE
• TRUE

Explanation: True. Preview features are not fully ready and this phase does not include formal support. See: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 42: True or False: Azure has the responsibility to manage the hardware in the Infrastructure as a Service model

• TRUE
• FALSE

Explanation: The correct answer is TRUE. In an Infrastructure as a Service (IaaS) model, the cloud service provider, in this case Microsoft Azure, is responsible for managing the underlying physical hardware. This includes servers, storage, networking hardware, and the virtualization layer. Azure ensures that these resources are available and maintained, providing capabilities like automated backup, disaster recovery, and scaling. The customer, on the other hand, is responsible for managing the software components of the service, including the operating system, middleware, runtime, data, and applications. This arrangement allows customers to focus on their core business and application development without worrying about the physical infrastructure's procurement, management, and maintenance. It's important to remember that the division of responsibilities may change in other service models like Platform as a Service (PaaS) or Software as a Service (SaaS), where the cloud service provider manages more layers of the technology stack. But for IaaS, the provider indeed manages the hardware, making the statement TRUE. See: https://azure.microsoft.com/en-us/overview/what-is-iaas/

Question 43: What is Single Sign-On?

• When you sign in to an application, it remembers who you are the next time you go there.
• The ability to use an existing user id and password to sign in other applications, and not have to create/memorize a new one.
• When an application outsources (federates) it's identity service to a third-party platform

Explanation: Single Sign-On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD. See: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on

Question 44: An IT administrator has the requirement to control access to a specific app resource using multi-factor authentication. What Azure service satisfies this requirement?

• Azure Authentication
• Azure Function
• Azure AD
• Azure Authorization

Explanation: You can use Azure AD to control access to your apps and your app resources, based on your business requirements. In addition, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#which-features-work-in-azure-ad

Question 45: What is the MAIN management tool used for managing Azure resources with a graphical user interface?

• Remote Desktop Protocol (RDP)
• PowerShell
• Azure Storage Explorer
• Azure Portal

Explanation: Azure Portal is the website used to manage your resources in Azure. See: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview

Question 46: What is the default amount of credits that you are given when you first create an Azure Free account?

• The default is US$200
• You can create 1 Linux VM, 1 Windows VM, and a number of other free services for the first year.
• You are given $50 per month, for one year towards Azure services
• Azure does not give you any free credits when you create a free account

Explanation: There are some other benefits to a free account, but you get US$200 to spend in the first month. See: https://azure.microsoft.com/free

Question 47: Azure Services can go through several phases in a Service Lifecycle. What are the three phases called?

• Preview Phase, General Availability Phase, and Unpublished
• Private Preview, Public Preview, and General Availability
• Development phase, QA phase, and Live phase
• Announced, Coming Soon, and Live

Explanation: Private Preview, Public Preview, and General Availability.

Question 48: What is Azure's preferred Identity/authentication service?

• Network Security Group
• Facebook Connect
• Live Connect
• Azure Active Directory

Explanation: Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

Question 49: Which tool within Azure helps you to track your compliance with various international standards and government laws?

• Microsoft Privacy Statement
• Service Trust Portal
• Compliance Manager
• Azure Government Services

Explanation: Compliance Manager will track your own compliance with various standards and laws. See: https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-compliance-manager-general-availability/ba-p/161922

Question 50: Which of the following is a feature of the cool access tier for Azure Storage?

• Much cheaper to store your files than the hot access tier
• Most expensive option when it comes to bandwidth cost to access your files
• Cheapest option when it comes to bandwidth costs to access your files
• Significant delays in accessing your data, up to several hours

Explanation: Cool access tier offers cost savings when you expect to store your files and not need to access them often. See: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal

Test 2

Question 1: Which of the following scenarios would Azure Policy be a recommended method for enforcement?

• Allow only one specific roles of users to have access to a resource group
• Add an additional prompt when creating a resource without a specific tag to ask the user if they are really sure they want to continue?
• Prevent certain Azure Virtual Machine instance types from being used in a resource group
• Require a virtual machine to always update to the latest security patches

Explanation: Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure. For more info: https://docs.microsoft.com/en-us/azure/governance/policy/overview

Question 2: Select the way(s) to increase the security of a traditional user id and password system?

• Use multi-factor authentication which requires an additional device (something you have) to verify identity.
• Require longer and more complex passwords.
• Do not allow users to log into an application except using a company registered device.
• Require users to change their passwords more frequently.

Explanation: All of these are ways to increase the security on an account. For more info: - https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad - https://docs.microsoft.com/en-us/azure/active-directory-domain-services/password-policy - https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy

Question 3: Besides Azure Service Health, where else can you find out any issues that affect the Azure global network that affect you?

• Install the Azure app on your phone
• Azure will email you
• Azure Updates Blog
• Each Virtual Machine has a Resource Health blade

Explanation: Each Virtual Machine has a Resource Health blade. For more info: https://docs.microsoft.com/en-us/azure/service-health/resource-health-overview

Question 4: What would be a good reason to have multiple Azure subscriptions?

• There is one person/credit card paying for resources, and only one person who logs into Azure to manage the resources, but you want to be able to know which resources are used for which client project.
• There is one person/credit card paying for resources, but many people who have accounts in Azure, and you need to separate out resources between clients so that there is absolutely no chance of resources being exposed between them.

Explanation: Having multiple subscriptions can technically be done for any reason, but it only makes sense if you have to separate billing directly, or have actual clients logging into the Portal to manage their resources. For more info: https://docs.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide

Question 5: Which of the following is not an example of Infrastructure as a Service?

• Azure SQL Database
• SQL Server in a VM
• Virtual Machine
• Virtual Machine Scale Sets
• Virtual Network

Explanation: With Azure SQL Database, the infrastructure is not in your control. For more info: https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview

Question 6: Which of the following is not a feature of Azure Functions?

• Designed for backend batch applications that are continuously running
• Can trigger the function based off of Azure events such as a new file being saved to a storage account blob container
• Can possibly cost you nothing as there is a generous free tier
• Can edit the code right in the Azure Portal using a code editor

Explanation: Functions are designed for short pieces of code that start and end quickly. For more info: https://docs.microsoft.com/en-us/azure/azure-functions/

Question 7: Within the context of privacy and compliance, what does the acronym ISO stand for, in English?

• Information Systems Officer
• Instead of
• International Organization for Standardization
• Intelligence and Security Office

Explanation: ISO is a standards body, International Organization for Standardization. For more info: https://www.iso.org/about-us.html

Question 8: What is the minimum charge for having an Azure Account each month, even if you don't use any resources?

• $0
• $200
• $1
• Negotiated with your enterprise manager

Explanation: An Azure account can cost nothing if you don't use any resources or only use free resources. For more info: https://azure.microsoft.com/en-us/pricing/

Question 9: What is a benefit of economies of scale?

• Prices of cloud servers and services are always going down. It'll be cheaper next year than it is this year.
• Big companies don't need to make a profit on every sale
• Big companies don't need to make a profit on the first product they sell you, because they will make a profit on the second
• The more you buy of something, the cheaper it is for you

Explanation: Economies of Scale - the more of an item that you buy, the cheaper it is per unit. For more info: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/3b-economies-of-scale

Question 10: Application Gateway contains what additional optional security feature over a regular Load Balancer?

• Azure AD Advanced Information Protection
• Multi-Factor Authentication
• Web Application Firewall (o
• Advanced DDoS Protection

Explanation: Application Gateways also comes with an optional Web Application Firewall (or WAF) as a security benefit. For more info: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

Question 11: Approximately how many regions does Azure have around the world?

• 60+
• 25
• 10
• 40

Explanation: There are 60+ Azure regions currently, in 10+ geographies. For more info: https://docs.microsoft.com/en-us/azure/availability-zones/az-region

Question 12: What does it mean if a service is in Public Preview mode?

• Anyone can use the service but it must not be for production use
• Anyone can use the service for any reason
• The service is generally available for use, and Microsoft will provide support for it
• You have to apply to get selected in order to use that service

Explanation: Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available. For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 13: Which of the following cloud computing models requires the highest level of involvement in maintaining the operating system and file system by the customer?

• IaaS
• FaaS
• PaaS
• SaaS

Explanation: IaaS or Infrastructure as a service requires you to keep your OS patched, close ports, and generally protect your own server. For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/

Question 14: True or false: Azure Cloud Shell allows access to the Bash and Powershell consoles in the Azure Portal

• FALSE
• TRUE

Explanation: Cloud Shell - allows access to the Bash and Powershell consoles in the Azure Portal. For more info: https://docs.microsoft.com/en-us/azure/cloud-shell/overview

Question 15: Which of the following elements is considered part of the "perimeter" layer of security?

• Separate servers into distinct subnets by role
• Locks on the data center doors
• Keep operating systems up to date with patches
• Use a firewall

Explanation: Firewall is part of the perimeter security. For more information on the layered approach to network security: https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/5-network-security

Question 16: What is the concept of paired regions?

• Azure employees in those regions sometimes go on picnics together.
• Each region of the world has one other region, usually in a completely separate country and geography, where it makes the most sense to place your backups. Like East US 2 is paired with South Korea.
• When you deploy your code to one region of the world, it is automatically deployed to the paired region as an emergency backup.
• Each region in the world has at least one other region in which is shares an extremely high speed connection, and where there is coordinated action by Azure not to do anything that will bring them both down at the same time.

Explanation: Paired regions are usually in the same geo (not always) but are the most logical place to store backups because they have a high speed connection and Azure staggers the service updates to those regions. For more info: https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions

Question 17: What makes estimating the cost of an unmanaged storage account difficult?

• There is no way to predict the amount of data in the account
• The cost of storage changes frequently
• You are charged for data leaving Azure, and it's difficult to predict that
• You are charged for data coming into Azure, and it's difficult to predict that

Explanation: There is a cost for egress (bandwidth out) and it's hard to estimate how many bytes will be counted leaving an Azure network. For more info: https://azure.microsoft.com/en-us/pricing/details/storage/page-blobs/

Question 18: Why is a user id and password sometimes not enough to prove someone is who they say they are?

• User id and password can be used by anyone such as a co-worker, ex-employee or hacker half-way around the world
• Some people might choose the same user id and password
• Passwords must be encrypted before being stored
• Passwords are usually easy to forget

Explanation: The truth is that someone can find a way to get a user id and password, even guess it, and that can be used by another person. For more information on other ways to prove self-identification such as Multi-Factor Authentication: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Question 19: Which tool within Azure is comprised of : Azure Status, Service Health and Resource Health?

• Azure Dashboard
• Azure Monitor
• Azure Service Health
• Azure Advisor

Explanation: Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime. For more info: https://docs.microsoft.com/en-us/azure/service-health/

Question 20: Which of the following is a good example of a Hybrid cloud?

• Your users are inside your corporate network but your applications and data are in the cloud.
• Your code is a mobile app that runs on iOS and Android phones, but it uses a database in the cloud.
• A server runs in your own environment, but places files in the cloud so that it can extend the amount of storage it has access to.
• Technology that allows you to grow living tissue on top of an exoskeleton, making Terminators impossible to spot among humans.

Explanation: Hybrid Cloud - A mixture between your own private networks and servers, and using the public cloud for some things. Typically used to take advantage of the unlimited, inexpensive growth benefits of the public cloud. For more info: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/

Question 21: Where do you go within the Azure Portal to find all of the third-party virtual machine and other offers?

• Azure mobile app
• Azure Marketplace
• Choose an image when creating a VM
• Bing

Explanation: Azure Marketplace contains thousands of services you can rent within the cloud. For more info: https://azuremarketplace.microsoft.com/en-us

Question 22: What is the new data privacy and information protection regulation that took effect across Europe in May 2018?

• FedRAMP
• GDPR
• ISO 9001:2015
• PCI DSS

Explanation: The General Data Protection Regulation (GDPR) took effect in Europe in May 2018. For more info: https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr?view=o365-worldwide

Question 23: Why is Azure App Services considered Platform as a Service?

• You can decide on what type of virtual machine it runs - A-series, or D-series, or even H-series
• You are responsible for keeping the operating system up to date with the latest patches
• Azure App Services is not PaaS, it's Software as a Service.
• You give Azure the code and configuration, and you have no access to the underlying hardware

Explanation: You give Azure the code and configuration, and you have no access to the underlying hardware. For more info: https://docs.microsoft.com/en-us/azure/app-service/overview

Question 24: What two types of DDoS protection services does Azure provide? Select two.

• DDoS Premium Protection
• DDoS Advanced Protection
• DDoS Network Protection
• DDoS IP Protection

Explanation: Azure DDoS Protection offers two types of DDoS protection services:

• Network Protection protects against volumetric attacks that target the network infrastructure. This type of protection is available for all Azure resources that are deployed in a virtual network.

• IP Protection protects against volumetric and protocol-based attacks that target specific public IP addresses. This type of protection is available for public IP addresses that are not deployed in a virtual network.

For more info: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Question 25: What types of files can a Content Delivery Network speed up the delivery of?

• PDFs
• Videos
• Images
• JavaScript files

Explanation: All of them. Any static file that doesn't change. For more info: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

Question 26: What is the concept of Big Data?

• A set of Azure services that allow you to use execute code in the cloud but don’t require (or even allow) you to manage the underlying server
• A form of artificial intelligence (AI) that allows systems to automatically learn and improve from experience without being explicitly programmed.
• A small sensor or other device that constantly sends it's status and other data to the cloud
• An extremely large set of data that you want to ingest and do analysis on; traditional software like SQL Server cannot handle Big Data as efficiently as specialized products

Explanation: Big Data - a set of open source (Apache Hadoop) products that can do analysis on millions and billions of rows of data; current tools like SQL Server are not good for this scale

For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/architecture-styles/big-data

Question 27: Select all features part of Azure AD?

• Device Management
• Log Alert Rule
• Single sign-on
• Smart lockout
• Custom banned password list

Explanation: The Log Alert Rule is not a feature of Azure AD. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#which-features-work-in-azure-ad

Question 28: In which US state is the East US 2 region?

• Iowa
• Virginia
• Texas
• California

Explanation: East US 2 is in the Eastern state of Virginia, close to Washington DC. For more info: https://azure.microsoft.com/en-us/global-infrastructure/data-residency/

Question 29: Windows servers use "remote desktop protocol" (RDP) in order for administrators to get access to manage the server. Linux servers use SSH. What is the recommendation for ensuring the security of these protocols?

• Disable RDP access using the Windows Services control panel admin tool
• Ensure strong passwords on your Windows admin accounts
• Do not enable SSH access for Linux servers
• Do not allow public Internet access over the RDP and SSH ports directly to the server. Instead use a secure server like Bastion to control access to the servers behind.

Explanation: You need to either control access to the RDP and SSH ports to a very specific range of IPs, enable the ports only when you are using it, or use a Bastion server/jump box to protect those servers. For more info: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview

Question 30: What does ARM stand for in Azure?

• Account Resource Manager
• Availability, Reliability, Maintainability
• Advanced RISC Machine
• Azure Resource Manager

Explanation: Azure Resource Manager (ARM) - this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, powershell or the SDK, the Azure Resource Manager takes those commands and executes them. For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Question 31: In what way does Multi-Factor Authentication increase the security of a user account?

• It requires the user to possess something like their phone to read an SMS, use a mobile app, or biometric identification.
• It requires single sign-on functionality
• It doesn't. Multi-Factor Authentication is more about access and authentication than account security.
• It requires users to be approved before they can log in for the first time.

Explanation: MFA requires that the user have access to their mobile phone for using SMS or an app. For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Question 32: What is the maximum amount of Azure Storage space a single subscription can store?

• 500 GB
• Virtually unlimited
• 5 PB
• 2 TB

Explanation: A single Azure subscription can have up to 250 storage accounts per region, and each storage account can store up to 5 Petabytes. That is 31 million Terabytes. This is probably 15-20 times what Google, Amazon, Microsoft and Facebook use combined. That's a lot. For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#storage-limits

Question 33: How do you get access to services in Private Preview mode?

• You cannot use private preview services.
• They are available in the marketplace. You simply use them.
• You must apply to use them.
• You must agree to a terms of use first.

Explanation: Private Preview means you must apply to use them. For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 34: What is the concept of being able to get your applications and data running in another environment quickly?

• Business Continuity / Disaster Recovery (BC/DR)
• Azure Blueprint
• Azure Devops
• Reproducible deployments

Explanation: Disaster Recovery - the ability to recover from a big failure within an acceptable period of time, with an acceptable amount of data lost. For more info on Backup and Disaster Recovery: https://azure.microsoft.com/en-us/solutions/backup-and-disaster-recovery/ For more info on Azure’s built-in disaster recovery as a service (DRaaS): https://azure.microsoft.com/en-us/services/site-recovery/

Question 35: Which of the following is considered a downside to using Capital Expenditure (CapEx)?

• It does not require a lot of up front money
• You can deduct expenses as they occur
• You are not guaranteed to make a profit
• You must wait over a period of years to depreciate that investment on your taxes

Explanation: One of the downsides of CapEx is that the money invested cannot be deducted immediately from your taxes. For more info: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/3c-capex-vs-opex

Question 36: What Azure resource allows you to evenly split traffic coming in and direct it to several identical virtual machines to do the work and respond to the request?

• Load Balancer or Application Gateway
• Azure Logic Apps
• Virtual Network
• Azure App Services

Explanation: This is the core feature of either a Load Balancer or Application Gateway. For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Question 37: True or false: Azure charges for bandwidth used "inbound" to Azure

• FALSE
• TRUE

Explanation: Ingress bandwidth is free. You pay for egress (outbound). For more info: https://azure.microsoft.com/en-us/pricing/details/bandwidth/

Question 38: Which free Azure security service checks all traffic travelling over a subnet against a set of rules before allowing it in, or out.

• Network Security Group
• Advanced Threat Protection (ARP)
• Azure Firewall
• Azure DDoS Protection

Explanation: Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network. For more info: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Question 39: What is the concept of Availability?

• A system must have 100% uptime to be considered available
• A system that can scale up and scale down depending on customer demand
• The percentage of time a system responds properly to requests, expressed as a percentage over time
• A system that has a single point of failure

Explanation: Availability - what percentage of time does a system respond properly to requests, expressed as a percentage over time. For more information on region and availability zones see: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview. For more information on availability options for virtual machines see: https://docs.microsoft.com/en-us/azure/virtual-machines/availability.

Question 40: What is the benefit of using Powershell over CLI?

• More powerful commands
• Quicker to deploy VMs
• Cheaper
• No benefit, it's the same

Explanation: There is no benefit, only a matter of personal choice. For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest. For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0

Question 41: How many regions does Azure have in Brazil?

• 2
• 0
• 1
• 4

Explanation: There is 1 region in Brazil. For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/

Question 42: What Azure product allows you to autoscale virtual machines from 1 to 1000 instances, and also provides load balancing services built in?

• Virtual Machine Scale Sets
• Azure App Services
• Azure Virtual Machines
• Application Gateway

Explanation: Virtual Machine Scale Sets - these are a set of identical virtual machines (from 1 to 1000 instances) that are designed to auto-scale up and down based on user demand. For more info: https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/

Question 43: What does it mean if a service is in General Availability (GA) mode?

• Anyone can use the service for any reason
• You have to apply to get selected in order to use that service
• Anyone can use the service but it must not be for production use
• The service has now reached public preview, and Microsoft will provide support for it

Explanation: Anyone can use a GA service. It is fully supported and can be used for production. For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 44: Each person has their own user id and password to log into Azure. But how many subscriptions can a single account be associated with?

• 10
• 250 per region
• No limit
• One

Explanation: There is not a limit to the number of subscriptions a single user can be included on.

For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits

Question 45: What is the Azure SLA for two or more Virtual Machines in an Availability Set?

• 100%
• 99.90%
• 99.99%
• 99.95%

Explanation: 99.95% For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

Question 46: Which Azure service is the recommended Identity-as-a-Service offering inside Azure?

• Azure Active Directory (AD)
• Azure Portal
• Identity and Access Management (IAM)
• Azure Front Door

Explanation: Azure AD is the identity service designed for web protocols, that you can use for your applications. For more info: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

Question 47: What is the benefit of using a command line tool like Powershell or CLI as opposed to the Azure portal?

• Quicker to deploy VMs
• Cheaper
• Automation

Explanation: The real benefit is automation. Being able to write a script to do something is better than having to do it manually each time. For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest. For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0

Question 48: What database service is specifically designed to be extremely fast in responding to requests for small amounts of data (called low latency)?

• SQL Database
• SQL Data Warehouse
• Cosmos DB
• SQL Server in a VM

Explanation: Cosmos DB - extremely low latency (fast) storage designed for smaller pieces of data quickly; SaaS. For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/

Question 49: If you are a US federal, state, local, or tribal government entities and their solution providers, which Azure option should you be looking to register for?

• Azure is not available for government officials
• Azure Government
• Azure Department of Defence
• Azure Public Portal

Explanation: Hopefully, it's clear that US Federal, State, Local and Tribal governments can use the US Government portal. For more info: https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome

Question 50: What is the service level agreement for two or more Azure Virtual Machines that have been manually placed into different Availability Zones in the same region?

• 99.95%
• 99.90%
• 99.99%
• 100%

Explanation: 99.99%. For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

Test 3

Question 1: What is the significance of the Azure region? Why is it important?

• You must select a region when creating most resources, and the region is the area of the world where those resources will be physically located.
• Once you select a region, you cannot create resources outside of that region. So selecting the right region is an important decision.
• Region is just a folder structure in which you organize resources, much like file folders on a computer.
• Even though you have to choose a region when creating resources, there's generally no consequence of what you select. You can create a network in one region and then create virtual machines for that network in another region.

Explanation: The region is the area of the world where resources get created. You can create resources in any region that you have access to. But there are sometimes restrictions when creating a resource in one region that related resources like networks must also be in the same region for logical reasons. For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview

Question 2: TRUE OR FALSE: Through Azure Active Directory one can control access to an application but not the resources of the application.

• FALSE
• TRUE

Explanation: Azure AD can control the access of both the apps and the app resources. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#which-features-work-in-azure-ad

Question 3: What is the name of the open source project run by the Apache foundation that maps to the HDInsight tools within Azure?

• Apache Jazz
• Apache Cayenne
• Apache Jaguar
• Apache Hadoop
• Explanation: Hadoop is open source home of the HDInsight tools. For more info: https://docs.microsoft.com/en-us/azure/hdinsight/hadoop/apache-hadoop-introduction

Question 4: Which tool within the Azure Portal will make specific recommendations based on your actual usage for how you can improve your use of Azure?

• Azure Monitor
• Azure Service Health
• Azure Dashboard
• Azure Advisor

Explanation: Azure Advisor - a tool that will analyze your use of Azure and make you specific recommendations based on your usage across availability, security, performance and cost categories. For more info: https://docs.microsoft.com/en-us/azure/advisor/

Question 5: What does it mean that security is a "shared model" in Azure?

• Both users and Azure have responsibilities for security.
• You must keep your security keys private and ensure it doesn't get out.
• Azure takes care of security completely.
• Azure takes no responsibility for security.

Explanation: The shared security model means that, depending on the application model, you and Azure both have roles in ensuring a secure environment. For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

Question 6: What is the name of the collective set of APIs that provide machine learning and artificial intelligence services to your own applications like voice recognition, image tagging, and chat bot?

• Cognitive Services
• Natural Language Service, LUIS
• Azure Machine Learning Studio
• Azure Batch

Explanation: Azure Cognitive Services is the set of Machine Learning and AI API's. For more info: https://docs.microsoft.com/en-us/azure/cognitive-services/

Question 7: What happens if Azure does not meet its own Service Level Agreement guarantee (SLA)?

• The service will be free that month
• You will be financially refunded a small amount of your monthly fee
• It's not possible. Azure will always meet it's SLA?

Explanation: Microsoft offers a refund of 10% or 25% depending on how badly they miss their service guarantee. For more info: https://azure.microsoft.com/en-us/support/legal/sla/

Question 8: What software is used to synchronize your on premises AD with your Azure AD?

• Azure AD Federation Services
• Azure AD Domain Services
• LDAP
• AD Connect

Explanation: AD Connect is used to synchronize your corporate AD with Azure AD. For more info: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect

Question 9: True or false: If your feature is in the General Availability phase, then your feature will receive support from all Microsoft support channels.

• TRUE
• FALSE

Explanation: This is true. Do not use preview features in production apps. For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Question 10: TRUE OR FALSE: If you wanted to deploy a virtual machine to China, you would just choose the China region from the drop down.

• FALSE
• TRUE

Explanation: Some regions of the world require special contracts with the local provider such as Germany and China. For more info: https://docs.microsoft.com/en-us/azure/china/overview-checklist

Question 11: What is a policy initiative in Azure?

• A custom designed policy
• Requiring all resources in Azure to use tags
• The ability to group policies together
• Assigning permissions to a role in Azure

Explanation: The ability to group policies together. For more info: https://docs.microsoft.com/en-us/azure/governance/policy/overview#initiative-definition

Question 12: Which database product offers "sub 5 millisecond" response times as a feature?

• Cosmos DB
• SQL Data Warehouse
• SQL Server in a VM
• Azure SQL Database

Explanation: Cosmos DB is low latency, and even offers sub 5-ms response times at some levels. For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/introduction

Question 13: Which of the following resources are not considered Compute resources?

• Function Apps
• Azure Batch
• Virtual Machines
• Virtual Machine Scale Sets
• Load Balancer

Explanation: A load balancer is a networking product, and does not execute your code. For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview. For more information on compute resources: https://azure.microsoft.com/en-us/product-categories/compute/

Question 14: With Azure public cloud, anyone with a valid credit card can sign up and get services immediately

• FALSE
• TRUE

Explanation: Yes, Azure public cloud is open to the public in all countries that Azure supports. For more info: https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/

Question 15: Which Azure service can be enabled to enable Multi-Factor Authentication for administrators but not require it for regular users?

• Azure AD B2B
• Advanced Threat Protection
• Azure Firewall
• Privileged Identity Management

Explanation: Privileged Identity Management can be used to ensure privileged users have to jump through additional verification because of their role. For more info: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

Question 16: What is an Azure Subscription?

• Each user account is associated with a unique subscription. If you need more than one subscription, you need to create multiple user accounts.
• It is the level at which services are billed. All resources created under a subscription are billed to that subscription.

Explanation: Subscription is the level at which things get billed. Multiple users can be associated with a subscription at various permission levels. For more info: https://docs.microsoft.com/en-us/services-hub/health/azure_sponsored_subscription

Question 17: What operating systems does an Azure Virtual Machine support?

• Windows, Linux and macOS
• macOS
• Windows
• Linux
• Windows and Linux

Explanation: Azure Virtual Machines support Windows and Linux. For more info: https://docs.microsoft.com/en-us/azure/virtual-machines/

Question 18: Which Azure management tool analyzes your usage of Azure and makes suggestions specifically targeted to help you optimize your usage of Azure regarding cost, security and performance?

• Azure Service Health
• Azure Advisor
• Azure Firewall
• Azure Mobile App

Explanation: Azure Advisor analyzes your specific usage of Azure and makes helpful suggestions on how it can be improved.

Question 19: Which feature within Azure alerts you to service issues that happen in Azure itself, not specifically related to your own resources?

• Azure Monitor
• Azure Portal Dashboard
• Azure Service Health
• Azure Security Center

Explanation: Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime. For more info: https://docs.microsoft.com/en-us/azure/service-health/

Question 20: Which two features does Virtual Machine Scale Sets provide as part of the core product? Pick two.

• Content Delivery Network
• Firewall
• Automatic installation of supporting apps and deployment of custom code
• Load balancing between virtual machines
• Autoscaling of virtual machines

Explanation: VMSS provides autoscale features and has a built in load balancer. You still need to have a way to deploy your code to the new servers, as you do with regular VMs. For more info: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/

Question 21: Where can you go to see what standards Microsoft is in compliance with?

• Azure Service Health
• Azure Security Center
• Trust Center
• Azure Privacy Page

Explanation: The list of standards that Azure has been certified to meet is in the Trust Center. For more info: https://www.microsoft.com/en-us/trust-center

Question 22: What does it mean if a service is in Private Preview mode?

• The service is generally available for use, and Microsoft will provide support for it
• Anyone can use the service but it must not be for production use
• You have to apply to get selected in order to use that service
• Anyone can use the service for any reason

Explanation: Private Preview means you have to apply to use a service, and you may or may not be selected. For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms

Question 23: What are groups of subscriptions called?

• Azure Policy
• Subscription Groups
• ARM Groups
• Management Groups

Explanation: Subscriptions can be nested and placed into management groups to make managing them easier. For more info: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview

Question 24: How do you stop your Azure account from incurring costs above a certain level without your knowledge?

• Switch to Azure Reserved Instances with Hybrid Benefit for VMs
• Only use Azure Functions which have a significant free limit
• Implement the Azure spending limit in the Account Center
• Set up a billing alert to send you an email when it reaches a certain level

Explanation: If you don't want to spend over a certain amount, implement a spending limit in the account center. For more info: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit

Question 25: How does Multi-Factor Authentication make a system more secure?

• It allows the user to log in without a password because they have already previously been validated using a browser cookie
• It requires the user to have access to their verified phone in order to log in
• It doesn't make it more secure
• It is another password that a user has to memorize, making it more secure

Explanation: Multi-Factor Authentication (MFA) - the concept of having something additional to a “password” that is required to log in; passwords are find-able or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get. For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

Question 26: How many hours are available free when using the Azure B1S General Purpose Virtual Machines under a Azure free account in the first 12 months?

• 500 hrs
• 750 hrs
• 300 hrs
• Indefinite amount of hrs

Explanation: Each Azure free account includes 750 hours free for Azure B1S General Purpose Virtual Machines for the first 12 months. For more info: https://azure.microsoft.com/en-us/free/free-account-faq/

Question 27: What is the goal of a DDoS attack?

• To extract data from a database
• To trick users into giving up personal information
• To overwhelm and exhaust application resources
• To crack the password from administrator accounts

Explanation: DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application’s availability and its ability to handle legitimate requests. For more info: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Question 28: True or false: Azure PowerShell scripts and Command Line Interface (CLI) scripts are entirely compatible with each other?

• TRUE
• FALSE

Explanation: No, PowerShell is it's own language, different than CLI. For more info: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0

Question 29: For tax optimization, which type of expense is preferable?

• CapEx
• OpEx

Explanation: Operating Expenditure is thought to be preferable because you can fully deduct expenses when they are incurred. For more info: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/fiscal-outcomes

Question 30: What is the recommended way within Azure to store secrets such as private cryptographic keys?

• Azure Advanced Threat Protection (ATP)
• In an Azure Storage account private blob container
• Within the application code
• Azure Key Vault

Explanation: Azure Key Vault - the modern way to store cryptographic keys, signed certificates and secrets in Azure. For more info: https://docs.microsoft.com/en-us/azure/key-vault/

Question 31: Which of the following would be an example of an Internet of Things (IoT) device?

• A video game, installed on Windows clients around the world, that keep user scores in the cloud.
• A mobile application that is used to watch online video courses
• A refrigerator that monitors how much milk you have left and sends you a text message when you are running low
• A web application that people use to perform their banking tasks

Explanation: An IoT device is not a standard computing device but connects to a network to report data on a regular basis. A web server, a personal computer, or a mobile app is not an IoT device. For more info: https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-introduction

Question 32: Deploying Azure App Services applications consists of what two components? Pick two.

• Database scripts
• Configuration
• Managing operating system updates
• Packaged code

Explanation: Azure App Services, platform as a service, consists of code and configuration. For more info: https://docs.microsoft.com/en-us/azure/app-service/

Question 33: What type of documents does the Microsoft Service Trust Portal provide?

• Documentation on the individual Azure services and solutions
• Specific recommendations about your usage of Azure and ways you can improve
• A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft's compliance efforts
• A tool that helps you manage your compliance to various standards

Explanation: A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft's compliance efforts. For more info: https://servicetrust.microsoft.com/

Question 34: Which of the following are one of the advantages of running your cloud in a private cloud?

• Assurance that your code, data and applications are running on isolated hardware, and on an isolated network.
• You own the hardware, so you can change private cloud hosting providers easily.
• Private cloud is significantly cheaper than the public cloud.

Explanation: Private cloud generally means that you are running your code on isolated computing, not mixed in with other companies. For more info: https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/

Question 35: What advantage does an Application Gateway have over a Load Balancer?

• Application Gateway is more like an enterprise-grade product. You should not use a load balancer in production.
• Application gateway understands the HTTP protocol and can interpret the URL and make decisions based on the URL.
• Application Gateway can be scaled so that two, three or more instances of the gateway can support your application.

Explanation: Application gateway can make load balancing decisions based on the URL path, while a load balancer can't. For more info: https://docs.microsoft.com/en-us/azure/application-gateway/overview

Question 36: If you wanted to get an alert every time a new virtual machine is created, where could you create that?

• Azure Monitor
• Azure Policy
• Subscription settings
• Azure Dashboard

Explanation: The best place to track events at the resource level is Azure Monitor. For more info: https://docs.microsoft.com/en-us/azure/azure-monitor/

Question 37: How many minutes per month downtime is 99.99% availability?

• 4
• 1
• 40
• 100

Explanation: 99.99% is 4 minutes per month of downtime. For more info: https://azure.microsoft.com/en-us/support/legal/sla/summary/

Question 38: What is the service level agreement for two or more Azure Virtual Machines that have been placed into the same Availability Set in the same region?

• 100%
• 99.90%
• 99.99%
• 99.95%

Explanation: 99.95%. For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

Question 39: What is the core problem that you need to solve in order to have a high-availability application?

• You need to avoid single points of failure
• You need to ensure your server has a lot of RAM and a lot of CPUs
• You should have a backup copy of your application on standby, ready to be started up when the main application fails.
• You need to ensure the capacity of your server exceeds your highest number of expected concurrent users

Explanation: You'll want to avoid single points of failure, so that any component that fails does not cause the entire application to fail. For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/redundancy

Question 40: What are resource groups?

• A folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks, or almost any resource
• Automatically assigned groups of resources that all have the same type (virtual machine, app service, etc)
• Based on the tag assigned to a resource by the deployment script, it is assigned to a group
• Within Azure security model, users are organized into groups, and those groups are granted permissions to resources

Explanation: Resource Groups - a folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks, or almost any resource. For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal

Question 41: Which of the following services would NOT be considered Infrastructure as a Service?

• Virtual Network Interface Card (NIC)
• Azure Functions App
• Virtual Machine
• Virtual Network

Explanation: Functions are small pieces of code that you give to Azure to run for you, and you have no access to the underlying infrastructure. For more info: https://docs.microsoft.com/en-us/azure/azure-functions/

Question 42: What two advantages does cloud computing elasticity give to you? Pick two.

• You can do more regular backups and you won't lose as much when that backup gets restored
• You can save money.
• Servers have become a commodity and Microsoft doesn't even need to even fix servers that fail within Azure.
• You can serve users better during peak traffic periods by automatically adding more capacity.

Explanation: Elasticity saves you money during slow periods (over night, over the weekend, over the summer, etc) and also allows you to handle the highest peak of traffic. For more info: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

Question 43: Which of the following elements is considered part of the "network" layer of network security?

• Keeping operating systems up to date with patches
• All of the above
• Locks on the data center doors
• Separate servers into distinct subnets by role

Explanation: Subnets is part of network security. For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices and https://en.wikipedia.org/wiki/OSI_model

Question 44: What data format are ARM templates created in?

• JSON
• YAML
• HTML
• XML

Explanation: ARM templates are created in JSON. For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Question 45: What does the letter R in RBAC stand for?

• Rights
• Review
• Role
• Rule

Explanation: RBAC is role based access control. For more info: https://docs.microsoft.com/en-us/azure/role-based-access-control/

Question 46: Which Azure service, when enabled, will automatically block traffic to or from known malicious IP addresses and domains?

• Network Security Groups
• Azure Active Directory
• Azure Firewall
• Load Balancer

Explanation: Azure Firewall has a threat-intelligence option that will automatically block traffic to/from bad actors on the Internet. For more info: https://docs.microsoft.com/en-us/azure/firewall/

Question 47: TRUE OR FALSE: Azure Tenant is a dedicated and trusted instance of Azure Active Directory that's automatically created when your organization signs up for a Microsoft cloud service subscription.

• TRUE
• FALSE

Explanation: Yes, Azure Tenant is a dedicated and trusted instance of Azure AD that's automatically created when your organization signs up for a Microsoft cloud service subscription. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#which-features-work-in-azure-ad

Question 48: Why should you divide your application into multiple subnets as opposed to having all your web, application and database servers running on the same subnet?

• Each server type of your application requires its own subnet. It's not possible to mix web servers, database servers and application servers on the same subnet.
• Separating your application into multiple subnets allows you to have different NSG security rules for each subnet, which can make it harder for a hacker to get from one compromised server onto another.
• There are only a limited number of IP addresses available per subnet, so you need multiple subnets over a certain number.

Explanation: For security purposes, you should not allow "port 80" web traffic to reach certain servers, and you do that by having separate NSG rules on each subnet. For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices

Question 49: Which style of computing is easiest when migrating an existing hosted application from your own data center into the cloud?

• PaaS
• IaaS
• FaaS
• Serverless

Explanation: Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and shift. For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/

Question 50: If you have an Azure free account, with a $200 credit for the first month, what happens when you reach the $200 limit?

• Your account is automatically closed.
• Your credit card is automatically billed.
• All services are stopped and you must decide whether you want to convert to a paid account or not.
• You cannot create any more resources until you add more credits to the account.

Explanation: Using up the free credits causes all your resources to be stopped until you decide to get a paid account. For more info: https://azure.microsoft.com/en-us/free/free-account-faq/

Test 4

Question 1: All resources in a VNet can communicate outbound to the internet, by default.

• No
• Yes

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation. All resources in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to manage your outbound connections. To learn more about outbound connections in Azure, see Outbound connections, Public IP addresses, and Load Balancer

Question 2: Is it possible for you to run BOTH Bash and Powershell based scripts from the Azure Cloud shell?

• Yes
• No

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Question 3: As the Cloud Admin of your organization, you want to Block your employees from accessing your apps from specific locations. Which of the following can help you achieve this?

• Azure Active Directory Conditional Access
• Azure Sentinel - Azure Single Sign On (SSO)
• Azure Role Based Access Control (RBAC)

The modern security perimeter now extends beyond an organization's network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions. Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane. Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Example: A payroll manager wants to access the payroll application and is required to do multi-factor authentication to access it.

Question 4: What is the primary purpose of external identities in Azure Active Directory?

• To enable single sign-on between Azure subscriptions.
• To manage user identities exclusively for on-premises applications.
• To allow external partners and customers to access resources in your Azure environment
• To provide secure access to Azure resources for employees within the organization.

External identities in Azure AD enable organizations to extend their identity management beyond their own employees. This allows external partners, vendors, and customers to access specific resources within the organization's Azure environment without requiring them to have internal accounts. Reference: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-identities-overview

Question 5: Your startup plans to migrate to Azure soon, but for all the resources, you would like control of the underlying Operating System and Middleware. Which of the following cloud models would make the most sense?

• Infrastructure as a Service (laaS)
• Anything as a Service (XaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)

Infrastructure as a service (IaaS) is a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. IaaS is one of the four types of cloud services, along with software as a service (SaaS), platform as a service (PaaS), and serverless. Migrating your organization's infrastructure to an IaaS solution helps you reduce maintenance of on-premises data centers, save money on hardware costs, and gain real-time business insights. IaaS solutions give you the flexibility to scale your IT resources up and down with demand. They also help you quickly provision new applications and increase the reliability of your underlying infrastructure. IaaS lets you bypass the cost and complexity of buying and managing physical servers and datacenter infrastructure. Each resource is offered as a separate service component, and you only pay for a particular resource for as long as you need it. A cloud computing service provider like Azure manages the infrastructure, while you purchase, install, configure, and manage your own software—including operating systems, middleware, and applications.

Question 6: Your company has decided to migrate its on-premises virtual machines to Azure. Which Azure Virtual Machines feature allows you to migrate virtual machines without downtime?

• Azure Virtual Machine Scale Sets
• Azure Site Recovery
• Azure Spot Virtual Machines
• Azure Reserved Virtual Machines

The correct answer is Azure Site Recovery. Azure Site Recovery (ASR) is a service offered by Azure that enables replication of virtual machines from on-premises environments to Azure or between Azure regions with little or no downtime. This allows for the migration of virtual machines to Azure without any disruption to business operations. After replication to Azure, the virtual machines can be launched and used as if they were in the on-premises environment.

Question 7: You've been planning to decommission your On-Prem database hosting Gigabytes of data. Which of the following is True about data ingress (moving into) for Azure?

• It is free of cost
• It is charged $0.05 per GB
• It is charged $0.05 per TB
• It is charged per hour of data transferred

Bandwidth refers to data moving in and out of Azure data centres, as well as data moving between Azure data centres; other transfers are explicitly covered by the Content Delivery Network, ExpressRoute pricing or Peering. #### Question 8: Correct

Question 8: Which of the following is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, On-Premises, AND Multicloud (Amazon AWS and Google GCP) resources?

• Microsoft Defender for Cloud
• Azure DDoS Protection
• Azure Front Door
• Azure Key Vault
• Azure Sentinel

Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. Defender for Cloud fills three vital needs as you manage the security of your resources and workloads in the cloud and on-premises:

• Defender for Cloud secure score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts. - Defender for Cloud recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks. - Defender for Cloud alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.

Question 9: Which of the following is a key benefit of using Role-Based Access Control (RBAC) over traditional access control methods?

• RBAC supports a wider range of authentication protocols than traditional methods.
• RBAC provides centralized management of user identities and access.
• RBAC allows you to assign permissions to specific roles rather than individual users.
• RBAC provides stronger encryption for sensitive data.

Role-Based Access Control (RBAC) is an approach to access control that allows you to manage user access based on the roles they perform within an organization. With RBAC, you can define a set of roles, each with a specific set of permissions, and then assign users to those roles.

One of the key benefits of RBAC over traditional access control methods is that it allows you to assign permissions to specific roles rather than individual users. This means that when a user's role changes, their permissions can be automatically adjusted without the need for manual updates. This can help to streamline the process of managing access control and reduce the risk of errors or oversights.

Question 10: Which of the following provides support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops?

• Azure Suggestions
• Azure Recommendations
• Azure Advisor
• Azure Migrate

Azure Migrate provides all the Azure migration tools and guidance you need to plan and implement your move to the cloud—and track your progress using a central dashboard that provides intelligent insights. Use a comprehensive approach to migrating your application and datacenter estate. Get support for key migration workloads like Windows, SQL and Linux Server, databases, data, web apps, and virtual desktops. Migrate to destinations including Azure Virtual Machines, Azure VMware Solution, Azure App Service, and Azure SQL Database. Migrations are holistic across VMware, Hyper-V, physical server, and cloud-to-cloud migration.

Question 11: Which type of scaling focuses on adjusting the capabilities of resources, such as increasing processing power?

• Static scaling
• Vertical scaling
• Elastic scaling
• Horizontal scaling

Vertical scaling involves adjusting the capabilities of resources, such as adding more CPUs or RAM to a virtual machine. It focuses on enhancing the capacity of individual resources. With horizontal scaling, if you suddenly experienced a steep jump in demand, your deployed resources could be scaled out (either automatically or manually). For example, you could add additional virtual machines or containers, scaling out. In the same manner, if there was a significant drop in demand, deployed resources could be scaled in (either automatically or manually), scaling in.

Question 12:  What is the default action for a Network Security Rule (NSG) rule if no other action is specified?

• Allow
• Block
• Deny

The default action for an NSG rule if no other action is specified is DENY.

Question 13: What is the primary purpose of a public endpoint in Azure?

• To prevent communication between virtual networks.
• To enforce access control policies for resource groups.
• To restrict incoming network traffic to specific IP ranges.
• To provide a direct and secure connection to Azure services.

A public endpoint in Azure allows resources to be accessed over the public internet. It's used to expose services to clients or users who are not within the same network as the resource. Public endpoints are commonly used for services that need to be accessed from anywhere, such as web applications.

Question 14: What is the minimum Azure AD edition required to enable self-service password reset for users?

• Premium P2 edition
• Premium P1 edition
• Basic edition
• Free edition

The correct answer is - Premium P1 edition is the minimum required edition to enable self-service password reset for users in Azure AD. Reference: https://azure.microsoft.com/en-us/pricing/details/active-directory/

Question 15: An  _____  is a collection of policy definitions that are grouped together towards a specific goal or purpose in mind.

• Azure Collection
• Azure Initiative Correct)
• Azure Group
• Azure Bundle

An Azure initiative is a collection of Azure policy definitions that are grouped together towards a specific goal or purpose in mind. Azure initiatives simplify management of your policies by grouping a set of policies together as one single item. For example, you could use the PCI-DSS built-in initiative which has all the policy definitions that are centered around meeting PCI-DSS compliance. Similar to Azure Policy, initiatives have definitions ( a bunch of policies ) , assignments and parameters. Once you determine the definitions that you want, you would assign the initiative to a scope so that it can be applied.

Question 16: Which service would you use to reduce the overhead of manually assigning permissions to a set of resources?

• Azure Resource Manager
• Azure Trust Center
• Azure Policy
• Azure Logic Apps

Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.

Question 17: Which of the following authentication protocols is not supported by Azure AD?

• OpenID Connect
• NTLM
• OAuth 2.0
• SAML

Azure AD does support SAML, OAuth 2.0, and OpenID Connect authentication protocols. However, NTLM is not supported by Azure AD. NTLM is a legacy authentication protocol that is not recommended for modern authentication scenarios due to its security limitations. Azure AD recommends using modern authentication protocols such as SAML, OAuth 2.0, and OpenID Connect, which provide stronger security and support features such as multi-factor authentication and conditional access. Therefore, the correct answer is NTLM.

Question 18: Which of the following is an offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements?

• Cool Tier
• Infrequent Tier
• Hot Tier
• Archive Tier

Data stored in the cloud grows at an exponential pace. To manage costs for your expanding storage needs, it can be helpful to organize your data based on how frequently it will be accessed and how long it will be retained. Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it's being used. Azure Storage access tiers include:

• Hot tier - An online tier optimized for storing data that is accessed or modified frequently. The Hot tier has the highest storage costs, but the lowest access costs.
• Cool tier - An online tier optimized for storing data that is infrequently accessed or modified. Data in the Cool tier should be stored for a minimum of 30 days. The Cool tier has lower storage costs and higher access costs compared to the Hot tier.
• Archive tier - An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the Archive tier should be stored for a minimum of 180 days.

Question 19: ___ brings signals together, to make decisions, and enforce organizational policies. In simple terms, they are if-then statements, if a user wants to access a resource, then they must complete an action.

• Demand Access
• Logical Access
• Conditional Access
• Active Directory Access

The modern security perimeter now extends beyond an organization's network to include user and device identity. Organizations can use identity-driven signals as part of their access control decisions. Conditional Access brings signals together, to make decisions, and enforce organizational policies. Azure AD Conditional Access is at the heart of the new identity-driven control plane.

Question 20: Which of the following services can you use to calculate your estimated hourly or monthly costs for using Azure?

• Azure Total Cost of Ownership (TCO) calculator
• Azure Pricing Calculator
• Azure Calculator
• Azure Cost Management

You can use the Azure Pricing Calculator to calculate your estimated hourly or monthly costs for using Azure. Azure TCO on the other hand is primarily used to estimate the cost savings you can realize by migrating your workloads to Azure.

Question 21: Which of the following protocols is used for federated authentication in Azure AD?

• LDAP
• OpenID Connect
• OAuth 2.0
• SAML

SAML (Security Assertion Markup Language) is the protocol used for federated authentication in Azure AD. Federated authentication is a mechanism that allows users to use their existing credentials from a trusted identity provider (IdP) to authenticate with another application or service. In the context of Azure AD, federated authentication allows users to use their existing corporate credentials to authenticate with cloud-based applications and services. Azure AD supports several federated authentication protocols, including Security Assertion Markup Language (SAML), OAuth 2.0, and OpenID Connect. SAML is widely used for federated authentication in enterprise environments, while OAuth 2.0 and OpenID Connect are commonly used in web and mobile applications. Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

Question 22: The Microsoft _______ provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices.

• Privacy Policy
• Blueprints
• Service Trust Portal
• Advisor

The Microsoft Service Trust Portal provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices. The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect our cloud services and the customer data therein. To access some of the resources on the Service Trust Portal, you must log in as an authenticated user with your Microsoft cloud services account (Azure Active Directory organization account) and review and accept the Microsoft Non-Disclosure Agreement for Compliance Materials.

Question 23: Which of the following can help you automate deployments and use the practice of infrastructure as code?

• Mangement Groups
• ARM Templates
• Azure Arc
• Azure IaaC

To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates (ARM templates). The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

Question 24: Yes or No: It is possible to deploy a new Azure Virtual Network (VNet) using PowerAutomate on a Google Chromebook.

• No
• Yes

No, PowerApps is not a part of Azure!

Question 25: ___ is a unified cloud-native application protection platform that helps strengthen your security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle across multicloud and hybrid environments.

• Azure Bastion
• Azure Firewall
• Microsoft Priva
• Microsoft Defender for Cloud
• Azure Network Security Group

From the official documentation: Microsoft Defender for Cloud is a unified cloud-native application protection platform that helps strengthen your security posture, enables protection against modern threats, and helps reduce risk throughout the cloud application lifecycle across multicloud and hybrid environments.

Question 26: __ Infrastructure as Code involves writing scripts in languages like Bash or PowerShell. You explicitly state commands that are executed to produce a desired outcome.

• Declarative
• Imperative
• Ad-Hoc
• Defined

There are two approaches you can take when implementing Infrastructure as Code.

• Imperative Infrastructure as Code involves writing scripts in languages like Bash or PowerShell. You explicitly state commands that are executed to produce a desired outcome. When you use imperative deployments, it's up to you to manage the sequence of dependencies, error control, and resource updates.
• Declarative Infrastructure as Code involves writing a definition that defines how you want your environment to look. In this definition, you specify a desired outcome rather than how you want it to be accomplished. The tooling figures out how to make the outcome happen by inspecting your current state, comparing it to your target state, and then applying the differences.

Question 27: Which of these approaches is NOT a cost saving solutions?

• Use Reserved Instances with Azure Hybrid
• Load balancing the incoming traffic
• Use the correct and appropriate instance size based on current workload
• Making use of Azure Cost Management

Load balancing is done to increase the overall availability of the application not to optimize costs.

Question 28: ______ Infrastructure as Code involves writing a definition that defines how you want your environment to look. In this definition, you specify a desired outcome rather than how you want it to be accomplished.

• Ad-Hoc
• Imperative
• Declarative
• Defined

Question 29: Which of the following can you use to set spending thresholds?

• Azure Cost Management + Billing
• Azure TCO
• Azure Policy
• Azure Pricing Calculator

Question 30: Which of the following Azure compliance certifications is specifically designed for the healthcare industry?

• ISO 27001
• GDPR
• None of the above
• HIPAA/HITECH

Question 31: Which of the following can help you manage multiple Azure Subscriptions?

• Policies
• Management Groups
• Resource Groups
• Blueprints

Each management group contains one or more subscriptions. Azure arranges management groups in a single hierarchy. You define this hierarchy in your Azure Active Directory (Azure AD) tenant to align with your organization's structure and needs.

Question 32: In the _ as a Service cloud service model, customers are responsible for managing applications, data, runtime, middleware, and operating systems, while the cloud provider manages the underlying infrastructure.

• Infrastructure
• Platform
• Software

Question 33: When a blob is in the archive access tier, what must you do first before accessing it?

• Rehydrate it
• Modify its policy
• Add it to a new resource group
• Move it to File Storage

Question 34: Your company has deployed a web application to Azure, and you want to restrict access to it from the internet while allowing access from your company's on-premises network. Which Network Security Group (NSG) rule would you configure?

• Inbound rule allowing traffic from any source to the web application's public IP address.
• Inbound rule allowing traffic from your company's on-premises network to the web application's private IP address.
• Outbound rule allowing traffic from any destination to your company's on-premises network.
• Outbound rule allowing traffic from the web application's private IP address to any destination.

Question 35: Which of the following can help you download cost and usage data that was used to generate your monthly invoice?

• Azure Monitor
• Azure Cost Management
• Azure Advisor
• Azure Resource Manager

Cost Management + Billing is a suite of tools provided by Microsoft that help you analyze, manage, and optimize the costs of your workloads. Using the suite helps ensure that your organization is taking advantage of the benefits provided by the cloud. You use Cost Management + Billing features to:

• Conduct billing administrative tasks such as paying your bill
• Manage billing access to costs
• Download cost and usage data that was used to generate your monthly invoice
• Proactively apply data analysis to your costs
• Set spending thresholds
• Identify opportunities for workload changes that can optimize your spending

Question 36: ____ asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection.

• Cross-region replication
• Auto-Region Replication
• Auto-Region Replicas
• Across-Region Replication

Cross-region replication is one of several important pillars in the Azure business continuity and disaster recovery strategy. Cross-region replication builds on the synchronous replication of your applications and data that exists by using availability zones within your primary Azure region for high availability. Cross-region replication asynchronously replicates the same applications and data across other Azure regions for disaster recovery protection. Some Azure services take advantage of cross-region replication to ensure business continuity and protect against data loss. Azure provides several storage solutions that make use of cross-region replication to ensure data availability. For example, Azure geo-redundant storage (GRS) replicates data to a secondary region automatically. This approach ensures that data is durable even if the primary region isn't recoverable.

Question 37: You want to ensure that all virtual machines deployed in your Azure environment are configured with specific antivirus software. Which Azure service can you use to enforce this policy?

• Azure Security Center
• Azure Policy
• Azure Monitor
• Azure Advisor

Question 38: Which of the following is NOT a benefit of using Azure Arc?

• Centralized billing and cost management for all resources
• Improved security and compliance for resources
• Increased visibility and control over resources
• Consistent management of resources across hybrid environments

Azure Arc is a hybrid management service that allows you to manage your servers, Kubernetes clusters, and applications across on-premises, multi-cloud, and edge environments. Some of the benefits of using Azure Arc include consistent management of resources across hybrid environments, improved security and compliance for resources, and increased visibility and control over resources. Centralized billing and cost management for all resources: Thus is not a benefit of using Azure Arc. While Azure provides centralized billing and cost management for resources in the cloud, Azure Arc is focused on managing resources across hybrid environments and does not provide billing or cost management features.

Question 39: Yes or No: In a Public Cloud model, you get dedicated hardware, storage, and network devices than the other organizations or cloud “tenants".

• Yes
• No

Question 40: Azure Pay As you Go is an example of which cloud expenditure model?

• Operational (OpEx)
• Capital (CapEx)

Question 41: Which of the following endpoints for a managed instance enables data access to your managed instance from outside a virtual network?

• Hybrid
• External
• Private
• Public

Public endpoint for a managed instance enables data access to your managed instance from outside the virtual network. You are able to access your managed instance from multi-tenant Azure services like Power BI, Azure App Service, or an on-premises network. By using the public endpoint on a managed instance, you do not need to use a VPN, which can help avoid VPN throughput issues.

Question 42: Which of the following services can help applications absorb unexpected traffic bursts, which prevents servers from being overwhelmed by a sudden flood of requests?

• Azure Decouple Storage
• Azure Table Storage
• Azure Queue Storage
• Azure Message Storage

Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.

Question 43: In which scenario would you use the Business-to-Business (B2B) collaboration feature in Azure AD?

• Providing internal access to company reports.
• Granting external vendors access to a shared project workspaces
• Enabling employees to access internal applications.
• Allowing customers to sign up for your e-commerce website.

Business-to-Business (B2B) collaboration in Azure AD is used to collaborate with users external to your organization, such as vendors or partners. It allows you to securely share resources like documents and applications while maintaining control over access.

Question 44: Which of the following best describes Azure Arc?

• A platform for building microservices-based applications that run across multiple nodes
• A bridge that extends the Azure platform to help you build apps with the flexibility to run across datacenters
• A service for analyzing and visualizing large datasets in the cloud
• A cloud-based identity and access management service

Azure Arc is a service from Microsoft that allows organizations to manage and govern their on-premises servers, Kubernetes clusters, and applications using Azure management tools and services. With Azure Arc, customers can use Azure services such as Azure Policy, Azure Security Center, and Azure Monitor to manage their resources across on-premises, multi-cloud, and edge environments. Azure Arc also enables customers to deploy and manage Azure services on-premises or on other clouds using the same tools and APIs as they use in Azure.

Question 45: __ is a security framework that uses the principles of explicit verification, least privileged access, and assuming breach to keep users and data secure while allowing for common scenarios like access to applications from outside the network perimeter.

• Least Trust
• No Trust
• Zero Trust
• Less Trust

Question 46: Yes or No: It is possible to have multiple Subscriptions inside a Management Group.

• Yes
• No

Question 47: A _______ endpoint is a network interface that uses a private IP address from your virtual network.

• Public
• Internal
• Private
• Hybrid

A private endpoint is a network interface that uses a private IP address from your virtual network. This network interface connects you privately and securely to a service that's powered by Azure Private Link. By enabling a private endpoint, you're bringing the service into your virtual network.

Question 48: You are the lead architect of your organization. One of the teams has a requirement to copy hundreds of TBs of data to Azure storage in a secure and efficient manner. The data can be ingested one time or an ongoing basis for archival scenarios. Which of the following would be a good solution for this use case?

• Azure Data Lake Storage
• Azure Cosmos DB
• Azure File Sync
• Azure Data Box

Question 49: Which of the following two storage solutions are built to handle NoSQL data?

• Azure SQL Database
• Azure Table Storage
• Azure NoSQL Database
• Azure Cosmos DB

Azure Table storage is a service that stores non-relational structured data (also known as structured NoSQL data) in the cloud, providing a key/attribute store with a schemaless design. Because Table storage is schemaless, it's easy to adapt your data as the needs of your application evolve. Azure Cosmos DB is a fully managed NoSQL database for modern app development. Single-digit millisecond response times, and automatic and instant scalability, guarantee speed at any scale.

Question 50: Which of the following services can host the following type of apps: Web apps, API apps, WebJobs, Mobile apps

• Azure App Service
• Azure App Environment
• Azure Bastion
• Azure Arc

Question 51: Yes or No: Subscriptions can be moved to another Management Group as well as merged into one Single subscription.

• No
• Yes

Even though Subscriptions can be moved to another management group, they cannot be merged into 1 single subscription.

Question 52: ______ lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.

• Azure DNS
• Azure Sentinel
• Azure ExpressRoute
• Azure Virtual Network
• Azure Firewall

Question 53: Azure CosmosDB is an example of a _______ offering.

• Software as a Service (SaaS)
• Platform as a Service (PaaS)
• Infrastructure as a Service (IaaS)
• Serverless Computing

Question 54: Yes or No: Azure Cosmos DB is a Software as a Service (SaaS) offering from Microsoft Azure.

• No, it is a PaaS offering.
• No, it is an IaaS offering.
• Yes, it is a SaaS offering.

Question 55: Which of the following is the foundation for building enterprise data lakes on Azure AND is built on top of Azure Blob storage?

• Azure Data Lake Storage Gen4
• Azure Data Lake Storage Gen3
• Azure Data Lake Storage Gen1
• Azure Data Lake Storage Gen2

Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage. Data Lake Storage Gen2 converges the capabilities of Azure Data Lake Storage Gen1 with Azure Blob Storage. For example, Data Lake Storage Gen2 provides file system semantics, file-level security, and scale. Because these capabilities are built on Blob storage, you'll also get low-cost, tiered storage, with high availability/disaster recovery capabilities. Reference: https://docs.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-introduction

Question 56: Someone in your organization accidentally deleted an important Virtual Machine that has led to huge revenue losses. Your senior management has tasked you with investigating who was responsible for the deletion. Which Azure service can you leverage for this task?

• Azure Service Health
• Azure Arc
• Azure Monitor
• Azure Advisor
• Azure Event Hubs

Log Analytics is a tool in the Azure portal that's used to edit and run log queries with data in **Azure Monitor ** Logs. You might write a simple query that returns a set of records and then use features of Log Analytics to sort, filter, and analyze them. Or you might write a more advanced query to perform statistical analysis and visualize the results in a chart to identify a particular trend. Whether you work with the results of your queries interactively or use them with other Azure Monitor features, such as log query alerts or workbooks, Log Analytics is the tool that you'll use to write and test them.

Question 57: True or False: Azure DNS can manage DNS records for your Azure services, but cannot provide DNS for your external resources.

• False
• True

Azure DNS can manage DNS records for your Azure services and provide DNS for your external resources as well. Azure DNS is integrated in the Azure portal and uses the same credentials, support contract, and billing as your other Azure services. DNS billing is based on the number of DNS zones hosted in Azure and on the number of DNS queries received. To learn more about pricing, see Azure DNS pricing.

Question 58: _______ is a strategy that employs a series of mechanisms to slow the advance of an attack that's aimed at acquiring unauthorized access to information. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

• Defense in Depth
• Defense in Steps
• Defense in Layers
• Defense in Series

Question 59: Which of the following is NOT a feature of Azure Monitor?

• Log Analytics
• Database management
• Metrics
• Alerts

Question 60: True or False: When you cancel an Azure subscription, a Resource Lock can block the subscription cancellation.

• True
• False

When you cancel an Azure subscription:

• A resource lock doesn't block the subscription cancellation.
• Azure preserves your resources by deactivating them instead of immediately deleting them.
• Azure only deletes your resources permanently after a waiting period.

Question 61: Yes or No: Each virtual network can have only one VPN gateway.

• No
• Yes

VPN Gateway sends encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use VPN Gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. A VPN gateway is a specific type of virtual network gateway. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

When you configure a virtual network gateway, you configure a setting that specifies the gateway type. The gateway type determines how the virtual network gateway will be used and the actions that the gateway takes. The gateway type 'Vpn' specifies that the type of virtual network gateway created is a 'VPN gateway'. This distinguishes it from an ExpressRoute gateway, which uses a different gateway type. A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway. For more information, see Gateway types.

Question 62:  Which of the following is a benefit of using Azure Cloud Shell for managing Azure resources?

• It eliminates the need to install and configure command-line interfaces on your local machine
• It provides faster access to Azure resources
• It offers more advanced features than other Azure management tools
• It allows for easier integration with third-party tools and services

Question 63: __ is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources

• Tricep
• Bicep
• PHP
• HTML

Question 64: ___ enforcement is at the center of a Zero Trust architecture.

• Network
• Devices
• Identities
• Security policy
• Data
• Applications

Security policy enforcement is at the center of a Zero Trust architecture. This includes Multi Factor authentication with conditional access that takes into account user account risk, device status, and other criteria and policies that you set.

Question 65: How can you apply a resource lock to an Azure resource?

• By using the Azure API for RBAC
• By configuring a network security group.
• By using the Azure portal or Azure PowerShell
• By assigning a custom role to the resource.
• By creating a new resource group for the resource.

Question 66: In Azure, which of the following services can be accessed through private endpoints?

• Azure App Service.
• Azure Storage accounts.
• Azure SQL Database.
• All of the above.
• Azure Key Vault.

Private endpoints can be used to access various Azure services, including Azure Storage accounts, Azure Key Vault, Azure App Service, and Azure SQL Database. By using private endpoints, you can connect to these services from within your virtual network, ensuring that the traffic remains within the Azure backbone network and doesn't traverse the public internet.

Question 67: Which of the following scenarios is a suitable use case for applying a resource lock?

• Preventing read access to a development virtual machine.
• Automating the deployment of resources using templates.
• Ensuring a critical storage account is not accidentally deleted.
• Restricting network access to an Azure SQL database.

Question 68: Which of the following best describes the concept of "immutable infrastructure" in the context of IaC?

• Infrastructure that is managed through a graphical user interface.
• Infrastructure that cannot be changed once deployed.
• Infrastructure that is recreated rather than modified in place.
• Infrastructure that is stored in a physical data center.

Immutable infrastructure refers to the practice of recreating infrastructure components whenever changes are needed rather than modifying them in place. This approach aligns with IaC principles, enhancing consistency and reducing configuration drift.

Question 69: A(n) ____ in Azure Monitor monitors your telemetry and captures a signal to see if the signal meets the criteria of a preset condition. If the conditions are met, an alert is triggered, which initiates the associated action group.

• alert rule
• preset rule
• preset condition
• alert condition

An alert rule monitors your telemetry and captures a signal that indicates that something is happening on a specified target. The alert rule captures the signal and checks to see if the signal meets the criteria of the condition. If the conditions are met, an alert is triggered, which initiates the associated action group and updates the state of the alert.

Question 70: As the owner of a streaming platform deployed on Azure, you notice a huge spike in traffic whenever a new web-series in released but moderate traffic otherwise. Which of the following is a clear benefit of this type of workload?

• Load balancing
• Elasticity
• High availability
• High latency

Elasticity in this case is the ability to provide additional compute resource when needed (spikes) and reduce the compute resource when not needed to reduce costs. Load Balancing and High Availability are also great advantages the streaming platform would enjoy, but Elasticity is the option that best describes the workload in the Question. Autoscaling is an example of elasticity.

Question 71: Which of the following can repeatedly deploy your infrastructure throughout the development lifecycle and have confidence your resources are deployed in a consistent manner?

• Azure Resource Manager templates
• The Azure API Management service
• Azure Templates
• Management groups

Azure Resource Manager Templates is correct since templates are idempotent (Same), which means you can deploy the same template many times and get the same resource types in the same state.

Question 72: In the context of Infrastructure as Code (IaC), ___  are independent files, typically containing set of resources meant to be deployed together.

• Methods
• Modules
• Units
• Functions

Modules are independent files, typically containing set of resources meant to be deployed together. Modules allow you to break complex templates into smaller, more manageable sets of code. You can ensure that each module focuses on a specific task and that all modules are reusable for multiple deployments and workloads. Reference: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/infrastructure-as-code

Question 73: ___ service is available to transfer on-premises data to Blob storage when large datasets or network constraints make uploading data over the wire unrealistic.

• Azure Blob Storage
• Azure FileSync
• Azure Data Factory
• Azure Data Box

Question 74: Which type of resource lock allows you to modify the resource, but not delete it?

• CanNotModify lock
• Restrict lock
• CanNotDelete lock
• Read-only lock

Question 75: Your colleague is looking for an Azure service that can help them understand how their applications are performing and proactively identify issues that affect them , AND the resources they depend on. What's your recommendation?

• Azure Monitor
• Azure Service Health
• Azure Advisor
• Azure Comprehend

Question 76: Which cloud deployment model is best suited for organizations with extremely strict data security and compliance requirements?

• Community cloud
• Private cloud
• Public cloud
• Hybrid cloud

Question 77: If your organization has many Azure subscriptions, which of the following is useful to efficiently manage access, policies, and compliance for those subscriptions?

• Azure Subscriptions
• Azure Policy
• Azure Management Groups
• Azure Blueprints

Question 78: __ allows you to implement your system's logic into readily available blocks of code that can run anytime you need to respond to critical events.

• Azure Cognitive Services
• Azure Application Insights
• Azure Functions
• Azure Kinect DK
• Azure Quantum

Azure Functions provides "compute on-demand" in two significant ways. First, Azure Functions allows you to implement your system's logic into readily available blocks of code. These code blocks are called "functions". Different functions can run anytime you need to respond to critical events. Second, as requests increase, Azure Functions meets the demand with as many resources and function instances as necessary - but only while needed. As requests fall, any extra resources and application instances drop off automatically.

Question 79: You have managed a Web App that you developed and deployed On-Prem for a long time, but would now like to move it to Azure and relieved of all the manual administration and maintenance. Which of the following buckets would be most suitable for your use case?

• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• Infrastructure as a Service (IaaS)
• Database as a Service (DaaS)

Question 80: Microsoft's approach to privacy is built on six principles. Which of the following is NOT one of those 6 principles?

• Transparency
• Security
• Strong legal protections
• Protection
• Control
• No content-based targeting

Microsoft's approach to privacy is built on six principles:

1. Control: Microsoft provides customers with the ability to control their personal data and how it is used.
2. Transparency: Microsoft is transparent about the collection, use, and sharing of personal data.
3. Security: Microsoft takes strong measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.
4. Strong legal protections: Microsoft complies with applicable laws and regulations, including data protection and privacy laws.
5. No content-based targeting: Microsoft does not use personal data to target advertising to customers based on the content of their communications or files.
6. Benefits to the customer: Microsoft uses personal data to provide customers with valuable products and services that improve their productivity and overall experience.

Protection is NOT one of the principles.

Question 81: In the context of Azure networking, what is the purpose of a Network Security Group (NSG) associated with a private endpoint?

• To manage IP address assignments for the private endpoint.
• To encrypt data traffic between the private endpoint and the Azure service.
• To ensure the availability and uptime of the private endpoint.
• To enforce access control rules on inbound and outbound traffic to the private endpoint.

Question 82: True or False: Each zone is made up of one or more datacenters equipped with common power, cooling, and networking.

• False
• True

Azure Availability Zones are unique physical locations within an Azure region and offer high availability to protect your applications and data from datacenter failures. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Question 83: What is the maximum number of cloud-only user accounts that can be created in Azure AD?

• 100,000
• 500,000
• 50,000
• 1,000,000

The correct answer is  1,000,000. Azure AD has the capability to hold up to 1,000,000 cloud-only user accounts. This limit can be extended further by contacting Microsoft support.

Question 84: Your organization uses Microsoft Defender for Cloud and you receive an alert that suspicious activity has been detected on one of your cloud resources. What should you do?

• Delete the cloud resource to prevent the threat from spreading.

• Investigate the alert and take appropriate action to remediate the threat if necessary.

• Wait for a follow-up email from Microsoft Support before taking any action.

• Ignore the alert, as Microsoft Defender for Cloud will automatically handle any threats.

Question 85: Which of the following resources can be managed using Azure Arc?

• Only Kubernetes Clusters and Virtual Machines
• All of these
• Kubernetes clusters
• Only Windows and Linux Servers & Virtual Machines
• Virtual machines
• Windows Server and Linux servers

The answer is All of the these. Azure Arc enables you to manage resources both on-premises and across multiple clouds using a single control plane. This includes managing Windows Server and Linux servers, Kubernetes clusters, and virtual machines. By extending Azure services to hybrid environments, Azure Arc provides consistent management, security, and compliance across all resources.

Last update: 2023-11-09
Created: September 20, 2023 12:34:38