1st Microsoft Azure Fundamentals AZ-900 Exam Practice Questions
T/F: Availability Zones are available in all Azure regions.
*False* Availability Zones are only supported in *availability zone-enabled regions*. At the time of this writing, the Mexico Central region did NOT support AZs.
Q: Identity is a ... ○ Digital ID for user or application ○ Identification object for Azure resources ○ Fact of being someone or something
Identity is a fact of being someone or something
Q: The Azure Storage platform includes which of the following data services: ○ Azure Blob Storage ○ Azure Files ○ Azure Queue Storage ○ Azure Table Storage ○ Azure Managed Disks ○ All of the above
*All of the above*
Let's assume you want to receive a text message when Azure maintenance is planned. Q: Which of the following should you use? ○ Health advisories ○ Resource Health alerts ○ Health history ○ Planned Maintenance ○ Service Issues
*Azure Resource Health alerts* can notify you in near real-time when these resources have a change in their health status.
Q: Which of the following alerts you when service issues occur in an Azure environment, such as a regional Azure outage that affects all Azure customers. ○ Azure Monitor ○ Azure Advisor ○ Azure Service Health ○ Azure Application Insights
*Azure Service Health* alerts you about service issues that happen in Azure itself, such as a regional Azure outage
Q: What is meant by cloud computing? ○ Delivery of computing services over the internet. ○ Setting up your own data center. ○ Using the internet
*Cloud computing is the delivery of computing services over the internet*, which is otherwise known as the cloud.
T/F: Resources can be created without any resource group?
*False* Every resource must belong to one (and only one) resource group.
Q: What is scaling?
*Scaling* is the process of adding resources to enable your application to meet demand.
T/F: ARM templates enable you to ensure consistency of large Azure deployments.
*True*
T/F: Placing virtual machines in an Availability Set will provide protection against network outages, physical hardware failures, and power interruptions within a single Azure data center.
*True*
T/F: Azure Health Service provide information related to incidents in Azure that impact your resources.
*True* Azure offers a suite of experiences to keep you informed about the health of your cloud resources. This information includes current and upcoming issues such as service impacting events, planned maintenance, and other changes that may affect your availability.
Q: Which of the following is supported by ExpressRoute for connecting an on-premises network to Azure? ○ Point-to-Site VPN ○ A point-to-point Ethernet connection ○ A Site-to-Site VPN ○ Azure Peering service
A *Point-to-point Ethernet connection* is supported by ExpressRoute for connecting your on-premises network to Azure. The three models that ExpressRoute supports are: • CloudExchange colocation • Point-to-point Ethernet connection • Any-to-any-connection
Q: Which of the following is used to enable the communications between an on-premises VPN device and an Azure VPN Gateway through an encrypted tunnel over the internet? ○ ExpressRoute ○ Point-to-Site (P2S) VPN ○ Site-to-Site VPN
A *Site-to-site VPN.* This connection type enables communications between any on-premises authorized resource to access a virtual network through an encrypted tunnel.
Q: In order to deploy multiple identical VMs, which resource should be used?
A *Virtual Machine Scale Set* is a resource type that enables you to deploy and manage a set of identical VMs using the same image.
Q: Colloquially speaking, an RBAC role definition answers which of the following questions? ○ Where can it be done? ○ What can be done? ○ Who can do it?
A role definition is an answer to the question, *"What can be done?"*
Q: Which of the following is the process of managing and assigning policy definitions by grouping a set of policies into a single item? ○ Grouping ○ Cluster ○ Initiative ○ Startup
An *Azure Policy Initiative* is a collection of Azure Policy Definitions or rules that are grouped together towards a specific goal or purpose. Policy Initiatives simplify management of your policies by grouping a set of policies together, logically, as a single item.
As a company _______ in size, it can _________ the price per unit for its customers. This is an example of the principle of economies of scale.
As a company *grows* in size, it can *decrease* the price per unit for its customers. This is an example of the principle of economies of scale.
Q: Availability sets use which of the following to protect your VMs? ○ network domains ○ fault domains ○ policy domains ○ update domains ○ top-level domains
Availability sets use *fault domains* and *update domains* to protect your VMs?
Q: Azure Resource Manager (ARM) uses which format for its templating system?
Azure Resource Manager (ARM) uses the *JSON format* to save service configurations.
A company is planning to use Azure Storage Accounts. They have the following requirement. + Storage of 2 TB of data + Storage of a million files Y/N: Would using Azure Storage fulfil these requirements?
Azure storage has a high limit on the amount that can be stored and no limit on the number of files. The Max storage capacity is 5 PiB 1, while there is no limit for the maximum number of BLOBs, TABLEs, QUEUEs, or MESSAGEs per storage account.
Q: Which of the following enables you to deploy Azure resources close to the users? ○ Elasticity ○ Scalability ○ Geo-distribution ○ High availability
Because of *geo-distribution* you can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region.
Q: Which of the following characteristics best describe big data: ○ Velocity of data processing/transfers ○ Data residency ○ Volume of data ○ Data availability ○ Variety of data (complexity)
Big data is typically described using the three V's: ○ Velocity of data processing/transfers ○ Volume of data ○ Variety of data (complexity)
Q: What is a BLOB?
Binary Large OBjects (BLOB) files are considered computer-readable (exe, xls, jpg), but not human-readable (txt, csv).
Q: Which of the following enable you to store semi-structured datasets? ○ Azure Cosmos DB ○ Azure SQL Database ○ Azure SQL for VM ○ Azure Table Storage ○ Azure Blob Storage ○ Azure File Storage ○ Azure Content Delivery Network (CDN) ○ Azure SQL Data Warehouse
Both *Azure Cosmos DB* and *Azure Table Storage* enable you to store semi-structured datasets.
Q: Building your own data center infrastructure can have a big ______ cost?
Building your own data center infrastructure can have a big *initial or upfront* cost?
Q: Which of the following is the right Azure Cloud Service benefit that matches the following description? "A cloud service that can be restored in the event of a catastrophic loss." ○ Fault Tolerance ○ Disaster Recovery ○ Dynamic Scalability ○ Low Latency
Disaster Recovery
Q: DoS is an acronym for which of the following: ○ Disruption of Service ○ Disk operating System ○ Distribution of Security ○ Denial of Service
DoS is an acronym for *Denial for Service.*
Q: Which of the following relationship types enables federated services to access resources across organizational or domain boundaries? ○ Claim relationship. ○ Shared access relationship. ○ Trust relationship.
Federated services use *trust relationships* to enable access to resources.
Q: Which of the following best describes Azure HDInsight: ○ A flexible big data and analytics platform supporting multiple open-source analytics technologies ○ A big data analytics platform with a unified workspace experience supporting end-2-end data transformation with the power of SQL and Spark ○ A big data analytics platform based on Apache Spark for data transformations and collaboration ○ A proprietary big data Microsoft technology based on Apache Spark
HDInsight is *a flexible big data and analytics platform supporting multiple open-source analytics technologies.* It is designed to fit most typical big data processing workflows.
Q: Which of the following are examples of identity? ○ user ○ group ○ application ○ resource ○ database ○ server
Identities can be users with usernames and passwords OR applications / servers with secret keys or certificates.
Q: With which of the following is an Azure Route Table associated? ○ Virtual Network ○ Virtual Network Subnet ○ Application Security Group ○ Network Security Group
In Azure, you create a route table, then associate the route table to zero or more *virtual network subnets*. Each subnet can have zero or one route table associated with it. When you create a route table and associate it with a subnet, the table's routes are combined with the subnet's default routes. If there are conflicting route assignments, user-defined routes will override the default routes.
A company is planning to create several Virtual Machines in Azure. Q: Which of the following is the right category to which the Azure Virtual Machine belongs? ○ Infrastructure as a service (IaaS) ○ Platform as a service (PaaS) ○ Software as a service (SaaS) ○ Function as a service (FaaS)
Infrastructure as a service (IaaS)
T/F: Microsoft Defender for Cloud (formerly known as Azure Security Center) is a paid service.
Microsoft Defender for Cloud (formerly known as Azure Security Center) has free and paid tiers. The free tier offers Basic security features: + secure score + security policy + basic recommendations + network security assessments The paid tier offers enhanced security features: + Microsoft Defender for Endpoint + Vulnerability assessment for virtual machines, container registries, and SQL resources + Multicloud security (AWS, GCP) + Threat protection alerts + Track compliance with a range of standards + Access and application controls + Container security features
Microsoft Office 365 and OneDrive are examples of which of the following: ○ Software as a Service (SaaS) ○ Platform as a Service (PaaS) ○ Infrastructure as a Service (IaaS)
Microsoft Office 365 and OneDrive are examples of *Software as a Service (SaaS).* Customers simply license and use the application software; no installations or configurations are required.
Q: Multi-factor authentication (MFA) means providing which of the following for securing user authentication process? ○ one or more authentication factors ○ two or more authentication factors ○ three or more authentication factors
Multi-factor authentication (MFA) requires at least two authentication factors (e.g., password, pin, certificate, facial recognition, etc.)
Y/N: Does Azure AD Premium P2 tier guarantee any available Azure AD services with more than 99.99% availability?
No. Microsoft guarantee at least 99.9% availability of Azure Active Directory Premium 2.
Select the answer that correctly completes the sentence: Single sign-on (SSO) is __________ method that enables users to sign in the first time and access various applications and resources by using the same password. ○ a validation ○ an authentication ○ a configuration ○ an authorization
Single sign-on is *an authentication method* that allows users to sign in using one set of credentials to login across applications. Single sign-on makes it easier to manage passwords and increases security capabilities.
Let's assume you want to block Remote Desktop connectivity to your virtual machines. Q: Which of the following would you use? ○ Application Security Group (ASG) ○ Network Security Group (NSG) ○ Azure DNS ○ Azure Firewall ○ Azure Advanced Threat Protection
To block Remote Desktop connectivity to your virtual machines, you would define a rule within in a *Network Security Group (NSG)* on your virtual network.
T/F: A Local Network Gateway is a representation of customers gateway on the other end of the VPN tunnel. This simply holds configuration that tunnel needs to know about to build a VPN tunnel to the other end.
True
T/F: A Tenant refers to a single dedicated and trusted instance of Azure Active Directory and it gets created automatically when you sign up for a Microsoft cloud service subscription. In broader terms, when your organization signs up for cloud service subscription. A tenant, therefore, represents a single organization, identity, or a person.
True
T/F: An availability zone enables you to deploy two or more Azure services into two distinct data centers with a single region.
True
A company is planning to deploy a web server and database server. You have to ensure that traffic restrictions are in place so that the database server can only communicate with the web server. Q: Which of the following would you recommend for implementing these restrictions? ○ Network Security Groups (NSGs) ○ Azure Service Bus ○ A Local Network Gateway ○ A Virtual Private Gateway
Use *Network Security Groups* to allow or deny traffic within subnets.
Q: Virtual machines are an example of which of the following: ○ Software as a Service (SaaS) ○ Platform as a Service (PaaS) ○ Infrastructure as a Service (IaaS)
Virtual machines are an example of *Infrastructure as a Service (IaaS).* Cloud providers manage the physical infrastructure (aka hardware) and virtualization while customers maintain everything else, including OS and app updates, security configurations, etc.
Your company is planning to use Azure AD for the authentication of the resources defined in Azure. Y/N: Does Azure AD have the capabilities to implement authorization using Azure RBAC to secure resources?
Yes. For authentication, there are multiple ways to secure the sign-in process. As shown in the Microsoft documentation below, you can use additional security options such as Security questions, Multi-Factor authentication, etc.
A company wants to make use of an Azure service in private preview. Y/N: Are Azure services in private preview available only to a selective portion of customers?
Yes. Services in private preview are only available a few customers to take part in early access to new concepts and features.
Q: Which of the following are supported by Azure Resource Locks? ○ Read-only ○ Update ○ Create-only ○ Delete ○ Allow-admin
You can set locks that prevent either deletions or modifications. ○ *Read-only (aka ReadOnly)* means authorized users can read a resource, but they can't delete or update it. Applying this lock is similar to restricting all authorized users to the permissions that the Reader role provides. ○ *Delete (aka CanNotDelete)* means authorized users can read and modify a resource, but they can't delete it.
Q: Which of the following are Blob Storage Access Tiers? ○ Hot ○ Warm ○ Cool ○ Archive ○ Tape
○ *Hot tier* is an online tier optimized for storing data that is accessed or modified frequently. The Hot tier has the highest storage costs, but the lowest access costs. ○ *Cool tier* is an online tier optimized for storing large amounts of data that is infrequently accessed or modified. Data in the Cool tier should be stored for a minimum of 30 days. The Cool tier has lower storage costs and higher access costs compared to the Hot tier. ○ *Archive tier* is an offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the Archive tier should be stored for a minimum of 180 days.
Q: Examples of Operational Expenditure (OpEx) computing costs are? Provide three (3) categories.
○ *Leasing software and customized features* - responsibility to de-provision the resources when they aren't in use so that you can minimize costs. ○ *Scaling charges based on usage/demand* instead of fixed hardware or capacity - plan for backup traffic and disaster recovery traffic to determine the bandwidth needed. ○ *Billing at the user, department, or organization level* - when using a dedicated cloud service, you could pay based on server hardware and usage.
Q: Cloud computing is a delivery model for which four types of services?
○ Analytics ○ Storage ○ Compute Power ○ Networking
Q: Which of the following are examples of application secrets? ○ Usernames ○ Passwords ○ Database connection strings ○ API keys ○ Certificates ○ All of the above
*All of the above* Azure Key Vault is a secret store: a centralized cloud service for storing app secrets; configuration values like passwords and connection strings that must remain secure at all times. Key Vault helps you control your apps' secrets by keeping them in a single central location and providing secure access, permissions control, and access logging. Secret access and vault management is accomplished via a REST API. Every vault has a unique URL where its API is hosted. In Key Vault, a secret is a name-value pair of strings. All actions performed on a vault require authentication and authorization; there's no way to grant any kind of anonymous access.
Let's assume you plan to implement an Azure database solution that meets the following requirements: + Can add data concurrently from multiple regions + Can store JSON documents Q: Which database service should you deploy? ○ Azure Cosmos DB ○ Azure SQL Database ○ Azure Table Storage ○ Any of the above
*Azure Cosmos DB* is a multimodal, globally distributed, NoSQL database that can store unstructured data, such as JSON documents. Cosmos DB supports distribution from 1 to more than 30 regions with automatic failovers worldwide. Azure SQL Database has native JSON functions that enable you to parse JSON documents using standard SQL language. You can store JSON documents in Azure SQL Database and query JSON data as in a NoSQL database. If you are using active geo-replication to build a globally distributed application and need to provide read-only access to data in more than four regions, you can create a secondary of a secondary (a process known as chaining) to create additional geo-replicas. While Azure Table Storage is a NoSQL key-value store for semi-structured data, it supports only a single region with an optional read-only secondary region for availability.
Let's assume there was an attack on your public-facing website. Your application's resources were overwhelmed and exhausted. Your app is no longer responding to customers. Q: Which of the following should you use to prevent this type of attack in the future? ○ Azure DDoS Protection ○ Azure Firewall ○ Azure Network Security Group ○ Azure Application Gateway
*Azure DDoS Protection* Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application's resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
You want the developers to test their software in the cloud by providing them with the ability to create VMs at any time. Q: Being cautions of the cost and management effort, which of the following is the best choice? ○ Azure DevOps ○ Azure VMs ○ Azure Container Instances ○ Azure DevTest Labs ○ Azure Sandboxes ○ Azure Data Box
*Azure DevTest Labs* enables developers to quickly and easily create IaaS VMs and PaaS environments from preconfigured bases, artifacts, and templates. It also enables administrators set policies like limiting the max number or sizes of VMs, auto-shutdown and auto-startup schedules, track resource usage and estimate trends, and set VM expiration dates, or delete VMs when they are no longer needed.
You want testers to quickly provision clean environments so that they can have a sandbox environment for their testing scenarios and automation. Q: Which of the following is the best solution? ○ Azure DevOps ○ Azure DevTest Labs ○ Azure Test Plans ○ Azure Container Instances ○ Azure Test Workspaces
*Azure DevTest Labs* is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms. Common DevTest Labs scenarios include development VMs, test environments, and classroom or training labs. DevTest Labs promotes efficiency, consistency, and cost control by keeping all resource usage within the lab context.
Let's assume you want to react to events happening to Azure resources, such as shutting down and rescaling virtual machines. Q: Which of the following enables you to subscribe to Azure subscription/resource events? ○ Azure Functions ○ Azure Event Hub ○ Azure Event Grid ○ Azure Event Streaming Analytics ○ Azure Logic Apps
*Azure Event Grid* is a highly scalable, serverless event broker that you can use to integrate applications using events. Events are delivered by Event Grid to subscriber destinations such as apps, Azure services, etc.
Let's assume you want to map a network drive on several on-premises computers to a drive in the Azure cloud. Q: Which of the following should you create? ○ Azure Blob Storage ○ Azure Files ○ Azure Queue Storage ○ Azure Table Storage
*Azure Files* is Microsoft's easy-to-use cloud file system. To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path. Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity. Instead, you must access your Azure Files share with the storage account key for the storage account containing your Azure Files share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc.) contained within your storage account.
Q: Azure Functions enable you to do which of the following without worrying about the underlying infrastructure? ○ Can create and run automated workflows using a web-based visual designer and no code ○ Deploy small pieces of code as a web service ○ Route messages between apps and services
*Azure Functions* is a cloud service available on-demand that provides all the continually updated infrastructure and resources needed to run your applications. You focus on the pieces of code that matter most to you, and Functions handles the rest. Functions provides serverless compute for Azure.
Let's assume you want to migrate your on-premises big data clusters to Azure. Currently, you use Hadoop, Spark, and HBase technologies. Q: Which of the following should you look at in order to minimize their migration efforts? ○ Azure Synapse Analytics ○ Azure SQL Database ○ Azure Blob Storage ○ Azure HDInsight ○ Azure Databricks
*Azure HDInsight* supports Hadoop, Spark, and HBase as one of the available cluster types. It should be able to cover the majority of your requirements. It may even enable a "lift-and-shift" approach, without any rework.
Q: Which of the following is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. ○ IoT Central ○ App Service ○ IoT Hub
*IoT Hub* is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.
Q: Which of the following services enables you to deploy a containerized solution using a highly customizable and scalable orchestration platform? ○ App Service ○ Virtual Machine ○ Scale Set ○ Container Instance ○ Kubernetes Service
*Kubernetes Service* It's an open-source container-orchestration platform designed for automating application container deployment, scaling, and management. While Container Instances enable container deployment, it lacks a rich orchestration layer.
A company has set up a VPN device on their on-premises that will be used for a Site-to-Site connection from their on-premises location to Azure. Q: Which of the following options represent the on-premises VPN device in Azure? ○ DNS Zone ○ Application gateway ○ Local network gateway ○ Virtual Network gateway
*Local network gateway* A local network gateway represents your on-premises location (the site) for routing purposes. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you'll create a connection.
Q: Which of the following is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises ○ Azure Watch ○ Azure Monitor ○ Azure Police ○ Microsoft Defender for Cloud
*Microsoft Defender for Cloud* (formally known as Azure Security Center) is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multi-cloud (Amazon AWS and Google GCP) resources. ○ *Defender for Cloud* secure score continually assesses your security posture so you can track new security opportunities and precisely report on the progress of your security efforts. ○ *Defender for Cloud* recommendations secures your workloads with step-by-step actions that protect your workloads from known security risks. ○ *Defender for Cloud* alerts defends your workloads in real-time so you can react immediately and prevent security events from developing.
Q: Which of the following can be used to filter network traffic based on network protocol and/or IP addresses? ○ Network Security Groups ○ Application Security Groups ○ Azure Firewalls ○ Azure Protection Services ○ Azure Security Center
*Network Security Groups* and *Azure Firewalls* enable you to filter network traffic based on network protocol and/or IP addresses.
Q: Which of the following replicates resources across regions that are at least 300 miles away from each other? ○ Region pairs ○ Availability Zones ○ Sovereign regions
*Region pairs* Most Azure regions are paired with another region within the same geography (such as US East and US West) at least 300 miles away.
Q: Which of the following features doesn't apply to resource groups? ○ Resources can be in only one resource group. ○ Role-based access control can be applied to a resource group ○ Resource groups can be nested.
*Resource groups can be nested* is false. Resource groups can contain resources (e.g., VMs, storage, networks, etc.), but they cannot contain other resource groups.
Q: Which of the following enable you to assign permissions to users so that they can create resources in Azure? ○ Initiatives ○ Role-based access security (RBAC) ○ Policies ○ Resource groups
*Role-based access security (RBAC)* is an authorization system built on Azure Resource Manager that provides fine-grained access management to Azure resources.
Q: Which of the following provides a variety of content, tools, and other resources about Microsoft security, privacy, and compliance practices? ○ Microsoft Trust Center ○ Compliance Manager ○ Service Trust Portal ○ Microsoft Privacy Statement
*Service Trust Portal* Note: Compliance Manager has moved from the Service Trust Portal to the Microsoft Purview compliance portal
Q: Within Azure role-based access control (Azure RBAC), a role definition represents which of the following? ○ Name of Azure access management service ○ Set (collection) of action for Azure resources ○ Combination of the user permission and scope ○ Collection of role assignments ○ Single action that can be performed on an Azure resource
*Set (collection) of action for Azure resources* A role definition is a collection of permissions. It's sometimes just called a role. A role definition lists the actions that can be performed, such as read, write, and delete. It can also list the actions that are excluded from allowed actions or actions related to underlying data.
Q: Which of the following type of data fits nicely into a well-defined tabular structure and in which multiple tables can be tied together using relationships? ○ Unstructured data ○ Semi-structured data ○ Structured data
*Structured data* ○ Has an identifiable structure that conforms to a data model or schema ○ Is presented in tables made up of rows and columns ○ Is organized so that the definition, format, and meaning are explicitly understood ○ Is stored in fixed fields in a file or record
A company has a set of IT engineers responsible for implementing and managing the resources in their Azure account. The IT engineers have a set of CLIs installed on-premises workstations that have the following flavors of operating systems: + Windows 10 + MacOS + Ubuntu (Powershell (7.X or Later version) installed) Q: Which of the following tools can you use on the Ubuntu machines? ○ The Azure CLI and Azure Portal only ○ The Azure CLI and Powershell only ○ The Azure Portal and Powershell only ○ The Azure CLI, Azure Powershell, and Azure Portal
*The Azure CLI, Azure Powershell, and Azure Portal*
Q: Which of the following helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity? ○ Transparent Data Encryption (TDE) ○ Azure Storage Service Encryption ○ Azure Disk Encryption ○ All of the above
*Transparent Data Encryption (TDE)* encrypts SQL Server, Azure SQL Database, and Azure Synapse Analytics data files. This encryption is known as encrypting data at rest.
T/F: An Azure Synapse cluster consists of the following: ○ Synapse SQL ○ Apache Spark integration ○ Data integration of Apache Spark ○ Azure Data Lake Storage ○ Azure Synapse Studio, a web-based user interface
*True*
T/F: An update domain is a group of virtual machines and underlying physical hardware that can be rebooted at the same time.
*True*
T/F: App Service apps run inside of an App Service plan that specifies the number of VMs and configuration of those VMs.
*True*
T/F: Availability Zones are used to protect applications from entire data center failures (e.g., power outage from a storm), while Availability Sets are used to protect applications from hardware failures within a single data center (e.g., HDD crash, Windows blue screen, etc.).
*True*
T/F: Azure Active Directory (AD) Free supports user and group management as well as self-service password change for cloud users.
*True*
T/F: Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines.
*True*
T/F: Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods.
*True*
T/F: Azure Bot Service run on Azure App Service and makes it easy to build powerful AI-driven interaction.
*True*
T/F: Azure IoT Central is a SaaS offering for monitoring IoT devices.
*True*
T/F: Azure IoT Hub Provisioning Service makes it easy to provision a large number of devices into the IoT Hub.
*True*
T/F: Azure IoT Hub enables you to manage IoT devices and route messages to and from those devices (bi-directional communication).
*True*
T/F: Azure Mobile app enables you to manage your Azure resources from your iOS or Android devices.
*True*
T/F: Azure Pipelines provides build and release services to support the Continuous Integration and Continuous Delivery (CI/CD) of your applications.
*True*
T/F: Azure SQL Database is a Platform as a Service (Paas) offering based on the latest stable release of SQL Server.
*True*
T/F: Azure Sphere is a service for securing IoT devices.
*True*
T/F: Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing.
*True*
T/F: Azure Virtual Network enables companies to represent and extend their on-premises network into the cloud.
*True*
T/F: Azure managed disks are block-level storage volumes that are managed by Azure and used with Azure Virtual Machines. Managed disks are like a physical disk in an on-premises server but, virtualized.
*True*
T/F: Both Azure Marketplace and Microsoft App Store both have products which are available for Azure.
*True*
T/F: By default, all network traffic through an Azure Firewall is block. A rule has to be added to enable traffic flow through the firewall.
*True*
T/F: By default, when virtual machines are added to an Availability Set, they are distributed across up to three different Fault Domains and up to five different Update Domains.
*True*
T/F: Databricks is a good solution for modeling data from a data warehouse so that it can be effectively used in ML modeling.
*True*
T/F: Every virtual machine that is deployed into an Availability Set is assigned an Update Domain and a Fault Domain by Azure.
*True*
T/F: The Internet of Things (IoT) refers to devices with sensors that communicate with each other over the internet.
*True*
T/F: When planned maintenance is performed on Azure, only one Update Domain is rebooted at a time.
*True*
T/F: Azure DDoS Standard provides protection against volumetric, protocol, and application layer attacks.
*True* *DDoS Protection Standard* protects resources in a virtual network including public IP addresses associated with virtual machines, load balancers, and application gateways. *Volumetric attacks* flood the network layer with a substantial amount of seemingly legitimate traffic. *Protocol attacks* render a target inaccessible, by exploiting a weakness in the layer 3 (network) and layer 4 (transports, such as TCP and UDP) network protocol stack. *Resource (application) layer attacks* target web application packets, to disrupt the transmission of data between hosts. They include HTTP protocol violations, SQL injection, cross-site scripting, and other layer 7 attacks.
Your team is asked to implement continuous deployment processes for their apps. The team decided to use Azure DevOps. T/F: Does DevOps meet their needs?
*True* *DevOps* includes *Pipelines,* which automatically build and test code projects to make them available to others. It combines Continuous Integration and Continuous Delivery (CI/CD) to test and build your code and ship it to any target.
T/F: Operational Expenditure (OpEx) is the money paid for the products and services as you use them (pay-as-you-go).
*True* *Operational Expenditure (OpEx)* is the money paid for the products and services as you use them (pay-as-you-go).
T/F: Azure offers a feature called Network Security Groups that enable you to define and enforce rules about what kind of traffic is allowed on a virtual network.
*True* A Network Security Group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Let's assume your company wants to route its network traffic through a special purpose network appliance for compliance reasons. T/F: To do this, your company should set up a user-defined route.
*True* A virtual appliance is a virtual machine that typically runs a network application, such as a firewall.
T/F: Each Azure subscription can only trust a single Azure Active Directory (Azure AD).
*True* An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. *Each subscription can only trust a single Azure AD.*
T/F: Multiple Azure subscriptions can trust the same Azure Active Directory (Azure AD).
*True* An Azure subscription has a trust relationship with a single Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. One or more Azure subscriptions can establish trust relationships with an instance of Azure AD.
T/F: Apache Spark for Azure Synapse deeply and seamlessly integrates Apache Spark--the most popular open source big data engine used for data preparation, data engineering, ETL, and machine learning.
*True* Apache Spark is a parallel processing framework that supports in-memory processing to boost the performance of big data analytic applications. Apache Spark in Azure Synapse Analytics is one of Microsoft's implementations of Apache Spark in the cloud.
T/F: Azure Advisor provides best practice recommendations in the areas of high availability, security, performance, and cost.
*True* Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
T/F: Azure Cloud Shell provides command line access to Azure from just about any device. It persists any files copied to it by using an Azure storage account.
*True* Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.
T/F: Azure DevOps is an easy way to plan, track, and manage projects and work with team.
*True* Azure DevOps offers the following: ○ Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code. ○ Azure Pipelines provides build and release services to support continuous integration and delivery of your applications. ○ Azure Boards delivers a suite of Agile tools to support planning and tracking work, code defects, and issues using Kanban and Scrum methods. ○ Azure Test Plans provides several tools to test your apps, including manual/exploratory testing and continuous testing. ○ Azure Artifacts allows teams to share packages such as Maven, npm, NuGet, and more from public and private sources and integrate package sharing into your pipelines.
T/F: Azure Functions is a compute component of serverless Azure.
*True* Azure Functions enables you to implement your system's logic into readily available blocks of code. These code blocks are called "functions". Different functions can run anytime you need to respond to critical events (e.g., new queue message arrives, scheduled job, when a new or updated blob is detected). As requests increase, Azure Functions meets the demand with as many resources and function instances as necessary - but only while needed. As requests fall, any extra resources and application instances drop off automatically.
T/F: HDInsight is Microsoft's solution for clustered Hadoop processing of big data.
*True* Azure HDInsight is a cloud distribution of Hadoop components. Azure HDInsight makes it easy, fast, and cost-effective to process massive amounts of data in a customizable environment. You can use the most popular open-source frameworks such as Hadoop, Spark, Hive, LLAP, Kafka, Storm and more. With these frameworks, you can enable a broad range of scenarios such as extract, transform, and load (ETL), data warehousing, machine learning, and IoT.
T/F: Azure Monitor aggregates metrics for Azure resources. You can create alerts based on those metrics.
*True* Azure Monitor helps you maximize the availability and performance of your applications and services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
T/F: Azure Synapse is the replacement for SQL Data Warehouse.
*True* Azure Synapse is an enterprise analytics service that accelerates time to insight across data warehouses and big data systems. Azure Synapse brings together the best of SQL technologies used in enterprise data warehousing, Spark technologies used for big data, Data Explorer for log and time series analytics, Pipelines for data integration and ETL/ELT, and deep integration with other Azure services such as Power BI, CosmosDB, and AzureML.
T/F: User-defined network routes can be for the following: ○ to override the default flow of traffic ○ to insert a layer of security (e.g., firewall) ○ to insert a network appliance (e.g., load balancer) ○ to specify traffic flow between network boundaries (e.g., Azure and your on-premise network )
*True* Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table. You can override some of Azure's system routes with custom routes, and add more custom routes to route tables. Azure routes outbound traffic from a subnet based on the routes in a subnet's route table.
T/F: Each service in the cloud has multiple consumption-based metrics which are combined to determine the cost of the service.
*True* Each service in the cloud has multiple consumption-based metrics which are combined to determine the cost of the service.
T/F: Azure DevTest Labs makes it easy to access ready-made VMs that are configured exactly the way you want them to be.
*True* Lab owners can create preconfigured VMs that have tools and software lab users need. Lab users can claim pre-configured VMs, or create and configure their own VMs and environments. Lab policies and other methods track and control lab usage and costs.
T/F: Locking a resource group as read-only locks all resources contained in the group.
*True* Locks are inherited by child resources. If we apply a lock on a resource group, the lock is inherited by all the resources within the group.
T/F: Read-only resource locks permit read actions against the locked resources, but every other type of action is blocked.
*True* Read-only resource locks only allow read actions.
T/F: Serverless computing refers to using surplus VMs in Azure to run your code on demand. You pay only when your code runs.
*True* Serverless computing enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code.
T/F: Azure Event Grid make is possible to raise and handle events as you interact with your Azure resources.
*True* With Event Grid you connect solutions using event-driven architectures. An event-driven architecture uses events to communicate occurrences in system state changes, for example, to other applications or services. You can use filters to route specific events to different endpoints, multicast to multiple endpoints, and make sure your events are reliably delivered.
T/F: Encryption keys are customer-managed keys that can be used to encrypt virtual machine disks.
*True* With the use of Key Vault, Azure disks can be encrypted using customer managed keys.
T/F: Synapse SQL is a distributed query system for T-SQL that enables data warehousing and data virtualization scenarios and extends T-SQL to address streaming and machine learning scenarios.
*True* ○ Synapse SQL offers both serverless and dedicated resource models. For predictable performance and cost, create dedicated SQL pools to reserve processing power for data stored in SQL tables. For unplanned or bursty workloads, use the always-available, serverless SQL endpoint. ○ Use built-in streaming capabilities to land data from cloud data sources into SQL tables ○ Integrate AI with SQL by using machine learning models to score data using the T-SQL PREDICT function
T/F: Availability sets use update domains to protect your VMs from reboots required by scheduled and unscheduled maintenance.
*True* Availability sets use update domains to protect your VMs from reboots required by scheduled and unscheduled maintenance.
Q: Which of the following type of data does not have a pre-defined schema? Typical examples include images, binary files, text messages, etc. ○ Unstructured data ○ Semi-structured data ○ Structured data
*Unstructured data* does not conform to any other model and has no easily identifiable structure. There is no organization to it and it cannot be stored in any logical way. Unstructured data does not fit into any database structure, has no rules or format, and it cannot be easily used by programs.
Q: Which one of these statements describes a primary benefit of using managed identities for Azure resources to authenticate an app to Key Vault? ○ Using managed identities improves application performance. ○ Using managed identities eliminates the need to handle secrets during configuration. ○ Managed identities can automatically grant Azure Key Vault permissions.
*Using managed identities eliminates the need to handle secrets during configuration.* Your app authenticates to a managed identities token service with a secret injected into its environment variables at runtime. This eliminates the need to store secrets during configuration.
Your company needs to ensure its Azure resources match its internal standards, but currently available built-in policies do not fit it needs. Q: Will creating custom policies help meet its requirements?
*Yes* A custom policy definition enables you to define their own rules for using Azure. These rules often enforce: ○ Security practices ○ Cost management ○ Organization-specific rules (like naming or locations)
Let's assume your company has auto-scaling enable for their app. During a large scale DDoS attack, your company's infrastructure scaled out to 100 servers causing a large spike in application cost. Their infrastructure was protect by the DDoS Protection Standard tier plan. Q: Will Microsoft return the cost of their infrastructure?
*Yes* According to the pricing page for the DDoS Protection service Standard tier plan: "If the resource is protected with DDoS Protection Standard, any scale costs during a DDoS attack are covered and the *customer will get the cost credit back for the scaled out resources*."
Q: Which of the following scenarios can be enabled via Azure role-based access control (Azure RBAC)? ○ Allow one user to manage virtual machines in a subscription and another user to manage virtual networks ○ Allow a DBA group to manage SQL databases in a subscription ○ Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets ○ Allow an application to access all resources in a resource group ○ All of the above
*○ All of the above* Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.
Q: DDoS is a type of DoS attack that is characterized by which of the following: ○ Malicious traffic originating from many computer systems at once ○ Exposing user data to the public by attacking server login system ○ Exposing multiple different vulnerabilities of the system
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness *by utilizing multiple compromised computer systems* as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.
Let's assume you want to send messages from IoT devices to the cloud and vice versa. Q: Which of the following can send and receive messages? ○ IoT Hub ○ IoT Central ○ Azure Sphere
An *IoT Hub* communicates to IoT devices by sending and receiving messages.
A company is planning on deploying a stateless-based application based on microservices using the Azure Service Fabric service. You need to design the infrastructure that would be required in the Azure Service Fabric service. Q: Which of the following should you consider (choose two)? ○ The number of node types in the cluster ○ The properties for each node type ○ The network connectivity ○ The service tier
Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers. You should consider *the number of node types in the cluster* and *the properties for each node type*.
Q: Which of the following best describes Azure Synapse Analytics? ○ A flexible big data and analytics platform supporting multiple open-source analytics and technologies. ○ A big data analytics platform with a unified workspace experience supporting end-to-end data transformation with the power of SQL and Spark. ○ A big data analytics platform based on Apache Spark for data transformation and collaboration. ○ A proprietary big data Microsoft technology based on Apache Spark.
Azure Synapse Analytics is *a big data analytics platform with a unified workspace experience supporting end-to-end data transformation with the power of SQL and Spark.* Azure Synapse Analytics is an evolution from an SQL Datawarehouse service, which utilizes the Massively Parallel Processing version of SQL Server. In a recent iteration, Azure Synapse also provides the ability to run queries and scripts using Apache Spark. By including Data Factory as an embedded component called Synapse Pipelines, it is considered to be an end-to-end solution for big data workloads.
Q: Which of the following do you use to organize resources in an Azure subscription? ○ Azure regions ○ Resource groups ○ Management groups ○ Administrative units
Azure resources are combined into *resource groups*, which act as logical containers into which Azure resources like web apps, databases, and storage accounts are deployed and managed.
Q: Which of the following best describes Microsoft Defender for Cloud (formerly known as Azure Security Center) Secure Score? ○ Virtual score calculated for all Azure resources based on security recommendations. A higher score indicates a more secure environment. ○ Risk score indicating the likelihood of being exposed to potential security threats. A higher score means more risk. ○ Amount of Firewall-protected Azure resources
Defender for Cloud (formerly known as Azure Security Center) Secure Score is calculated using available security recommendations. A higher score indicates a more secure environment.
Q: Which of the following best describe Network Security Groups (NSG)? ○ Group resources based on the network interface assignment ○ Group resources based on the subnet assignment ○ Filter inbound and outbound traffic to and from the virtual network
Network Security Groups (NSG) are used to filter both inbound (incoming) and outbound (outgoing) traffic from and to resources located in the virtual network.
Q: Which of the following should be used to filter network traffic based on its protocol? ○ Virtual Network ○ Virtual Network Subnet ○ Network Security Group ○ Application Security Group ○ Route Table ○ User-defined Route
Network Security Groups can be used to filter network traffic based on the following: ○ Network Protocol ○ Source / Destination Address ○ Source / Destination Port ○ Direction (inbound / outbound)
Your company has just set up an Azure subscription and an Azure tenant. They want to use recommendations given by the Azure Advisor tool. Y/N: If your company starts implementing the Azure Advisor tool's recommendations, would it decrease the company's security score?
No. If you improve the security stance of your resources, your security score will increase. The security score is maintained in Microsoft Defender for Cloud and Azure Advisor helps you optimize and reduce your overall spending by identifying idle and underutilized resources.
A company is planning to use the Azure Firewall service. Y/N: Would the Azure firewall service encrypt all network traffic sent from Azure to the Internet?
No. The Azure Firewall service is primarily used to protect your network infrastructure.
A company is planning to host 2 Virtual Machines in Azure. Both are B1S machine size. The first is in East US 2 and the second is in West Central US. Y/N: Would both the Virtual Machines always generate the same monthly costs?
No. The cost for a Virtual Machine depends on the region where it is hosted.
A company currently has the following unused resources as part of its subscription. + 10 user accounts in Azure AD + 5 user groups in Azure AD + 10 public IP address + 10 network Interfaces They want to reduce the costs for resources hosted in Azure. They decide to remove the user groups from Azure AD. Y/N: Would this fulfill the requirement?
No. When you look at the Azure Active Directory pricing, you can create 50,000 objects as part of the free version. These objects include both users and groups.
Q: Which defense-in-depth layer uses distributed denial of service (DDoS) protection? ○ Physical security layer ○ Perimeter layer ○ Network layer ○ Application layer
The *perimeter layer* uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users.
Q: Which of the following protects your application from region-wide disasters? ○ Data Centers ○ Availability Zones ○ Autoscaling ○ Region Pairs ○ Geographies
The following protects your application from region-wide disasters: ○ *Region Pairs* ○ *Geographies*
Q: Which of the four (4) characteristics below best describe a consumption-based pricing model: ○ No wasted resources ○ Upfront costs ○ Pay for what you use ○ Volume licensing ○ Stop paying when you're no longer using a resource ○ No upfront costs
The four characteristics below best describe a consumption-based pricing model: ○ *No wasted resources* ○ *Pay for what you use* ○ *Stop paying when you're no longer using a resource* ○ *No upfront costs*
Q: Authentication is a ... ○ process of verification of user's permissions ○ process of verification of user's identity ○ process of granting user access to services ○ process of creating new user identities
The process in which the system confirms credentials provided by a user or system (authentication factors) match the existing identity is call authentication.
Q: Resources in the Dev and Test environments are each paid for by different departments. What's the best way to categorize costs by department? ○ Apply a tag to each virtual machine that identifies the appropriate billing department. ○ Split the cost evenly between departments. ○ Keep a spreadsheet that lists each team's resources.
You can *apply tags* to resources to help organize billing data.
Q: To which of the following can you add resource tags? ○ Active Directory users and groups ○ Resources ○ Resource Groups ○ Subscriptions ○ Management Groups ○ Enterprise Accounts
You can add resource tags to only the following: ○ *Resources* ○ *Resource Groups* ○ *Subscriptions* You CANNOT add resource tags to management groups or enterprise accounts.
Q: What's the maximum number of IoT devices you can add to a single IoT Hub?
You can add up to *1,000,000* IoT devices to a single IoT Hub.
Q: Policy definitions and initiatives can be assigned to which of the following: ○ Resources ○ Resource Groups ○ Users and Groups ○ Subscriptions ○ Management Groups
You can assign policy definitions and initiatives to only the following: ○ *Resources* ○ *Resource Groups* ○ *Subscriptions* ○ *Management Groups* You CANNOT assign policy definitions and initiatives to users and groups.
T/F: Azure Repos provides Git repositories or Team Foundation Version Control (TFVC) for source control of your code.
*True*
Y/N: Can region pairs be used to replicate data asynchronously across multiple regions for disaster recovery protection?
Yes
Q: When setting up a vnet-to-vnet connection, which of the following is best to use: ○ Virtual network peering ○ Global virtual network peering ○ A VPN Gateway ○ An Application Gateway
○ When you want fast, unencrypted vnet-to-vnet connections over the Microsoft backbone within the same region, use *virtual network peering.* ○ When you want fast, unencrypted vnet-to-vnet connections across different regions, use *global virtual network peering.* ○ When you want slower, bandwidth limited, encrypted vnet-to-vnet connections, use a *VPN Gateway.* ○ Application Gateways are not used for vnet-to-vnet connections.
T/F: Every Azure region has one or more region pairs.
*False* An Azure region has one or more data centers. Many regions offer two or more data centers, but it's not a requirement. When supported, only two regions make up a region pair.
Select the answer that correctly completes the sentence: __________ is a repeatable set of governance tools that helps development teams quickly build and create new environments while adhering to organizational compliance to speed up development and deployment. ○ Azure DevOps ○ A Continuous Integration and Continuous Deployment (CI/CD) pipeline configuration ○ Azure Blueprints ○ Azure Policy
*A Continuous Integration and Continuous Deployment (CI/CD) pipeline configuration* is a repeatable set of governance tools that helps development teams quickly build and create new environments while adhering to organizational compliance to speed up development and deployment. Sometimes Cloud environments grow beyond just one subscription. In that case, Azure Blueprints help to scale the configuration. Azure Blueprints help with repeatable tasks so that development teams rapidly build and deploy new environments and speed up the overall development and deployment phases. Blueprints are a declarative way to orchestrate the deployment of various resource templates.
Q: Which of the following are scopes? ○ Management group ○ Subscription ○ Resource Group ○ Resource ○ All of the above
*All of the above*
Q: Which of the following are true about an Azure VPN Gateway: ○ Uses virtual private networks (VPNs) to enable secure connectivity between an Azure vnet and other networks. ○ Secures those connections using Internet Protocol Security (IPSec) and the Internet Key Exchange (IKE) protocol. ○ A virtual network gateway uses two or more VMs. These VMs cannot be used for anything else. ○ The VPN Gateway VMs are created inside a gateway subnet, which was created explicitly for the VPN Gateway. ○ All of the above
*All of the above*
Q: Which of the following are true: ○ A vnet-to-vnet connection enables you to connect two Azure vnets to each other. ○ A site-to-side connection allows you to connect your virtual network to an on-premises network using an encrypted VPN connection. ○ A point-to-site connection encrypts your virtual network to a single device, such as a computer, tablet, or smartphone. ○ All of the above.
*All of the above*
Let's assume your admins use Macs at work. Q: Which of the following can they use to manage Azure resources? ○ Azure Portal ○ Azure CLI ○ Azure PowerShell ○ Azure Cloud Shell ○ All of the above
*All of the above* All of the mentioned tools are either multi-platform or web-based, as such they can be used on any operating system.
Q: Which of the following effects are supported by Azure Policy: ○ Append ○ Audit ○ AuditIfNotExists ○ Deny ○ DeployIfNotExists ○ Disabled ○ All of the above
*All of the above* ○ Append - Add additional properties to a resource. It can be used to add a tag with a specific name/value to a resource. ○ Audit - A warning is logged when the policy is violated ○ AuditIfNotExists - Enables you to require an additional resource type that must exist along with the resource being created or updated. If that resource type does not exist, a warning is logged. ○ Deny - Blocks or denies the creation or update operation. ○ DeployIfNotExists - Enables you to require an additional resource type you want deployed with the resource being created or updated. If that resource type is not included, it is automatically deployed. ○ Disabled - The policy is not in effect.
Q: From which of the following can you access Azure Cloud Shell? ○ Mobile app ○ Visual Studio Extension ○ Azure Portal (portal.azure.com) ○ Azure Cloud Shell (shell.azure.com) ○ Windows Terminal ○ Microsoft Documentation (docs.Microsoft.com) ○ All of the above
*All of the above* can be used to access Azure Cloud Shell.
Q: Which of the following enables you to provision a group of matching and load-balanced virtual machines in Azure? ○ Azure Logic Apps ○ An availability set ○ An Azure virtual machine scale set ○ Azure Load Balancer
*An Azure virtual machine scale set* enables you to provision a group of matching and load-balanced virtual machines in Azure. Imagine you are running a website that enables scientists to upload astronomy images that need to be processed. If you duplicated the VM, you would normally need to configure an additional service to route requests between multiple instances of the website. Virtual machine scale sets could do that work for you.
Q: Which of the following is a service that monitors the availability, performance, and usage of your web applications, whether they're hosted in the cloud or on-premises? ○ Azure Service Health ○ Azure Monitor ○ Compliance Manager ○ Application Insights
*Application Insights* is a feature of Azure Monitor that provides extensible application performance management (APM) and monitoring for live web apps. Developers and DevOps professionals can use Application Insights to: ○ Automatically detect performance anomalies. ○ Help diagnose issues by using powerful analytics tools. ○ See what users actually do with apps. ○ Help continuously improve app performance and usability.
Q: Which feature of Azure Monitor allows you to visually analyze telemetry data? ○ Application Insights ○ Service Health ○ Metrics ○ Alerts
*Application Insights* provides extensible application performance management (APM) and monitoring for live web apps. Developers and DevOps professionals can use Application Insights to: ○ Automatically detect performance anomalies. ○ Help diagnose issues by using powerful analytics tools. ○ See what users actually do with apps. ○ Help continuously improve app performance and usability.
Q: Which of these statements best describes Azure Key Vault's authentication and authorization process? ○ Applications authenticate to a vault with the username and password of the lead developer and have full access to all secrets in the vault. ○ Applications and users authenticate to a vault with a Microsoft account and are authorized to access specific secrets. ○ Applications and users authenticate to a vault with their Azure Active Directory identities and are authorized to perform actions on all secrets in the vault. ○ Applications authenticate to a vault with the username and password of a user that signs in to the web app, and is granted access to secrets owned by that user.
*Applications and users authenticate to a vault with their Azure Active Directory identities and are authorized to perform actions on all secrets in the vault.* Authentication to Key Vault uses Azure Active Directory identities. Access policies are used to provide authorization for actions that apply to every secret in the vault.
Q: Which of the following is the security process that determines a user or service's level of access (e.g., access particular data or perform a specific action)? ○ Authorization ○ Identification ○ Authentication ○ None of the Above
*Authorization* is the security process that determines a user or service's level of access. In technology, we use *authorization* to give users or services permission to access some data or perform a particular action.
Q: Which of the following enables you to scale to thousands of virtual machines for high-performance computing and large-scale parallel jobs? ○ An Azure virtual machine scale set ○ An availability set ○ Azure Batch ○ An availability zone
*Azure Batch* enables you to scale to thousands of virtual machines for high-performance computing (HPC) and large-scale parallel jobs. Other Azure functionalities allow you to scale multiple VMs, but only Azure Batch will allow for thousands of VMs for HPC.
Let's assume you want to build a new app and store its assets in Azure. The app's assets might include images, videos, audio files, text files, etc. Q: Which of the following would be the best storage solution? ○ Azure Table Storage ○ Azure Blob Storage ○ Azure Queue Storage ○ Azure Disk Storage
*Azure Blob Storage* enables unstructured data to be stored and accessed at a massive scale in block blobs.
Q: Which of the following best describe Azure Cloud Shell? ○ Mobile app for managing Azure resources ○ Simple web portal for managing Azure resources ○ Windows app for managing Azure resources ○ Cloud-based scripting environment for managing Azure resources ○ Billing and operational portal for managing Azure resources
*Azure Cloud Shell* is a *cloud-based scripting environment* with lots of preinstalled tools that enable you to manage Azure resources
A company is planning to set up a solution in Azure. The solution would have the following key requirement: Provide an efficient way to distribute web content to users across the world. Q: Which of the following would be best suited for this requirement? ○ Azure Content Delivery Network ○ Azure SQL Datawarehouse ○ Azure Load Balancer ○ Azure HD Insight
*Azure Content Delivery Network* offers a global solution for rapidly delivering content. Save bandwidth and improve responsiveness when encoding or distributing gaming software, firmware updates, and IoT endpoints. Reduce load times for websites, mobile apps, and streaming media to increase user satisfaction globally.
Q: Which of the following allows you to set cost alerts. ○ Azure Cost Management ○ Budgets ○ Azure Cost Analysis
*Azure Cost Management* Cost alerts are automatically generated based when Azure resources are consumed. Alerts show all active cost management and billing alerts together in one place. When your consumption reaches a given threshold, alerts are generated by Cost Management. There are three main types of cost alerts: budget alerts, credit alerts, and department spending quota alerts.
Let's assume your company is planning a deployment using Azure Database for PostgreSQL. The deployment should meet the following requirements: - Up to 10 TB storage - Azure Premium Storage - Point-in-time-restore for up to 35 days You need to select the appropriate deployment and pricing tier to meet these requirements and minimize costs. What of the following should you select? ○ Azure Database for PostgreSQL Single Server Basic tier ○ Azure Database for PostgreSQL Single Server General Purpose tier ○ Azure Database for PostgreSQL Single Server Memory Optimized tier ○ Azure Database for PostgreSQL Hyperscale (Citus)
*Azure Database for PostgreSQL Single Server General Purpose tier* The General Purpose tier is suitable for most business workloads that require balanced compute and memory with scalable I/O throughput. Examples include servers for hosting web and mobile apps and other enterprise applications.
A company is planning to set up a solution in Azure. The solution would have the following key requirement: An integration solution for the deployment of code Q: Which of the following would be best suited for this requirement? ○ Azure Advisor ○ Azure Cognitive Services ○ Azure Application Insights ○ Azure DevOps
*Azure DevOps* consists of a large set of tools. Amongst these, you have Azure Pipelines, which can be used to build, test and deploy code.
Q: Which of the following is for building Continuous Integration and Continuous Delivery (CI/CD) pipelines with private git repositories and features to track project work? ○ Azure DevTest Labs ○ Azure Tasks ○ Azure Boards ○ Azure DevOps ○ Azure Pipelines ○ Azure Project Professional
*Azure DevOps* provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. It is a collection of tools that includes features such as Pipelines (CI/CD pipelines), Repos (git repositories), and Boards (task/work mgmt),
Q: Which service provides serverless computing in Azure? ○ Azure Virtual Machines ○ Azure Functions ○ Azure storage account ○ Azure Container Instances
*Azure Functions* is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
A company is planning to set up a solution in Azure. The solution would have the following key requirement: Provide a cloud service that makes it easy, fast, and cost-effective to analyze streaming data using open source frameworks like Apache Hadoop. Q: Which of the following Azure services would meet the criteria? ○ Azure Content Delivery Network ○ Azure Synapse ○ Azure Load Balancer ○ Azure HDInsight
*Azure HDInsight* is a cloud distribution of Hadoop components. Azure HDInsight makes it easy, fast, and cost-effective to process massive amounts of data in a customizable environment. You can use the most popular open-source frameworks such as Hadoop, Spark, Hive, LLAP, Kafka and more. With these frameworks, you can enable a broad range of scenarios such as extract, transform, and load (ETL), data warehousing, machine learning, and IoT.
Q: Which of the following statement best describes Azure Information Protection (AIP)? ○ AIP requires all readers of Office documents to have accounts in Azure Active Directory ○ AIP sends you a text message each time you log on to Azure ○ AIP encrypts virtual machines (VMs) ○ AIP classifies documents and emails by applying labels to them
*Azure Information Protection (AIP) classifies documents and emails by applying labels to them*. Azure Information Protection (AIP) is part of Microsoft Purview Information Protection (formerly Microsoft Information Protection or MIP). Microsoft Purview Information Protection helps you discover, classify, protect, and govern sensitive information wherever it lives or travels.
Q: Which of the following enables users to identify email messages and attachments that should be protected through encryption, identity, and authorization policies? ○ Key Vault ○ Azure Security Center ○ Azure Information Protection (AIP) ○ Azure Advanced Threat Protection (ATP)
*Azure Information Protection (AIP)* protects documents, emails, and sensitive company data through clever classification, permission settings, and encryption.
Let's assume your company is building a solution that enables cars to send onboard diagnostic (OBD) sensory and telemetry data to the cloud for analysis. The solution enables the identification of individual cars. It can also send commands and policies to the cars. Q: Which of the following is the best solution? ○ Event Hub ○ IoT Hub ○ IoT Central ○ Notification Hub
*Azure IoT Hub* connects IoT devices to gather data and drive business insights and automation. It also supports per-device identity and bi-directional communication. ----------------- While *Event Hub* can be used to collect sensory and telemetry data, but it supports neither per-device identity nor bi-directional communication.
Let's assume your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Q: Which two Azure resources should you identify? ○ Azure Data Lake ○ Azure Queue storage ○ Azure IoT Hub ○ Azure File Storage ○ Azure Notification Hubs
*Azure IoT Hub* is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. *Azure Data Lake* includes all the capabilities required to make it easy for developers, data scientists, and analysts to store data of any size, shape, and speed, and do all types of processing and analytics across platforms and languages.
A company is planning to set up a solution in Azure. They have the following key requirement: Give the ability to process data from millions of sensors. Q: Which of the below Azure services can be used for this purpose? ○ Azure Machine Learning ○ Azure IoT Hub ○ Azure AI Bot ○ Azure Functions
*Azure IoT Hub* is a managed service hosted in the cloud that acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT hub.
Q: Which of the following should you use to store certificates? ○ Azure Security Center ○ an Azure Storage account ○ Azure Key Vault ○ Azure Information Protection
*Azure Key Vault* Azure Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys.
A company is planning to set up a solution in Azure. The solution would have the following key requirement: Provides a platform for creating workflows. Q: Which of the following would be best suited for this requirement? ○ Azure Databricks ○ Azure Logic Apps ○ Azure App Service ○ Azure Application Insights
*Azure Logic Apps* Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. With this platform, you can quickly develop highly scalable integration solutions for your enterprise and business-to-business (B2B) scenarios.
Q: Which Azure serverless computing technology provides the ability to execute workflows to automate business scenarios by using triggers without writing any code? ○ Azure Functions ○ Azure Logic Apps ○ Azure Front Door ○ Azure DevOps
*Azure Logic Apps* are designed in a web-based designer and can execute logic triggered by Azure services without writing any code.
Q: Azure Logic Apps enables you to do which of the following without worrying about the underlying infrastructure? ○ Can create and run automated workflows using a web-based visual designer and no code ○ Deploy small pieces of code as a web service ○ Route messages between apps and services
*Azure Logic Apps* enables you to create automated workflows using a web-based visual designer and without code. Of course, you can also create and edit the underlying workflow definitions, which use JSON, for logic apps through a code-based experience, such as Visual Studio Code.
A company is currently planning to deploy resources to Azure. They want to have the ability to manage user access to resources across multiple subscriptions. Q: Which of the following can help you achieve this requirement? ○ Resource Groups ○ Management Groups ○ Azure Policies ○ Azure App Service
*Azure Management Groups* are containers for managing access across multiple Azure subscriptions.
Q: Which of the following can developers use to access Azure Marketplace templates? ○ Navigate to the Microsoft AppSource website: https://appsource.microsoft.com/ ○ Navigate to the Azure Marketplace website: https://azuremarketplace.microsoft.com/ ○ Within the Azure Portal, use 'Create a Resource' in the top-left menu. ○ All of the above
*Azure Marketplace* is the premier destination for all your software development and IT needs. The solutions are certified and optimized to run on Azure. It is available via the *Azure Portal* when creating resources and also through the standalone website. ----------------- Microsoft AppSource is an online store that contains thousands of Software as a Service (SaaS) line of business applications and services built by industry-leading software providers. These solutions extend Azure, Dynamics 365, Office 365, PowerBI, and Power Apps.
Q: Which of the following delivers a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments? ○ Application Insights ○ Compliance Manager ○ Azure Service Health ○ Azure Monitor
*Azure Monitor* helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on. Azure Monitor can do the following: ○ Detect and diagnose issues across applications and dependencies with Application Insights. ○ Correlate infrastructure issues with VM insights and Container insights. ○ Drill into your monitoring data with Log Analytics for troubleshooting and deep diagnostics. ○ Support operations at scale with automated actions. ○ Create visualizations with Azure dashboards and workbooks. ○ Collect data from monitored resources by using Azure Monitor Metrics. ○ Investigate change data for routine monitoring or for triaging incidents by using Change Analysis.
Q: Which of the following enables you to create, assign, manage, and enforce organizational standards (aka, business rules) over your resources in order to ensure compliance and meet service-level agreements (SLAs)? ○ Azure Policy ○ Azure Blueprints ○ Azure Security Center ○ Role-based Access Control
*Azure Policy* Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management.
Q: Which of the following is used to store a large number of small messages, which can be asynchronously accessed from anywhere in the world via authenticated calls using HTTP or HTTPS? ○ Azure Table Storage ○ Azure Blob Storage ○ Azure File Storage ○ Azure Queue Storage ○ Azure Disk Storage
*Azure Queue Storage* is simple, cost-effective, durable asynchronous message queueing for large workloads processed by distributed application components.
A company is planning to deploy resources to Azure. Q: Which of the following in Azure provides a platform for defining the dependencies between resources so they're deployed in the correct order? ○ Azure Resource Groups ○ Azure policies ○ Azure Management Groups ○ Azure Resource Manager
*Azure Resource Manager* Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment. When you send a request through any of the Azure APIs, tools, or SDKs, Resource Manager receives the request. It authenticates and authorizes the request before forwarding it to the appropriate Azure service.
Which of the following provides up-to-date status information about the health of Azure services? ○ Compliance Manager ○ Azure Monitor ○ Service Trust Portal ○ Azure Service Health
*Azure Service Health* helps you stay informed with a personalized dashboard for service issues. You can also take action when service issues like outages and planned maintenance affect you. Azure Monitor helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Q: Which of the following Azure Active Directory (Azure AD) feature(s) is used to provide access to resources based on organizational policies? ○ multi-factor authentication (MFA) ○ single sign-on (SSO) ○ administrative units ○ Conditional Access
*Conditional Access* is the tool used by Azure Active Directory to allow (or deny) access to resources based on identity signals. Conditional access is a more refined MFA (multifactor authentication) method.
Q: Which of the following is a suite of experiences to keep you informed about the health of your cloud resources? This information includes current and upcoming issues such as service-impacting events, planned maintenance, and other changes that may affect your availability. ○ Azure Service Health ○ Azure Monitor for VMs ○ Application Insights ○ Azure Monitor for Containers
*Azure Service Health* is a combination of three separate smaller services: ○ Azure status informs you of service outages in Azure on the Azure Status page. ○ Service health provides a personalized view of the health of the Azure services and regions you're using. ○ Resource health provides information about the health of your individual cloud resources such as a specific virtual machine instance. Using Azure Monitor, you can also configure alerts to notify you of availability changes to your cloud resources.
A company is planning to set up a solution on the Azure platform. The solution has the following main key requirements: + Provide the ability to store petabytes of data. + Be able to run complex queries across the data. Q: Which of the following would be best suited for this requirement? ○ Azure Firewall ○ Azure Application Gateway ○ Azure Storage Accounts ○ Azure Synapse
*Azure Synapse* is an enterprise analytics service that accelerates time to insight across data warehouses and big data systems. Azure Synapse brings together the best of SQL technologies used in enterprise data warehousing, Spark technologies used for big data, Data Explorer for log and time series analytics, Pipelines for data integration and ETL/ELT, and deep integration with other Azure services such as Power BI, CosmosDB, and AzureML.
Let's assume you have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region. Q: Which of the following should you select from the Azure portal to view service failure notifications that can affect the availability of VM1? ○ Azure Service Fabric ○ Azure Monitor ○ Azure virtual machines ○ Azure Advisor
*Azure virtual machines* Go to the Overview page for your virtual machine, and then select the Monitoring tab. You can see the number of active alerts on the tab. The Alerts pane shows you the alerts fired in the last 24 hours, along with important statistics about those alerts. If there are no alerts configured for your VM, there is a link to help you quickly create new alerts for your VM.
Azure DevOps delivers multiple services for building solutions based on DevOps practices. Q: Which of the following are included in Azure DevOps? ○ Boards ○ Marketplace ○ Templates ○ Repos ○ Pipelines ○ Images ○ Test Plans ○ Artifacts ○ Projects
*Boards* provides software development teams with the interactive and customizable tools they need to manage their software projects *Repos* is a set of version control tools that you can use to manage your code. *Pipelines* automatically builds and tests code projects to make them available to others. It combines Continuous Integration and Continuous Delivery (CI/CD) to test and build your code and ship it to any target. *Test Plans* provides rich and powerful tools everyone in the team can use to drive quality and collaboration throughout the development process. *Artifacts* enables developers to share their code efficiently and manage all their packages from one place. With Azure Artifacts, developers can publish packages to their feeds and share it within the same team, across organizations, and even publicly.
A company has a set of Virtual machines defined in Azure. One of the machines was down due to issues with the underlying Azure Infrastructure. The server was down for an extended period. So it breached the standard SLA defined by Microsoft. Q: How will Microsoft reimburse the downtime cost? ○ By directly sending money to the customer's bank account ○ By spinning up another Virtual Machine free of cost for the client ○ By providing service credits to the customer ○ By providing a service free of cost to use for a specific duration of time.
*By providing service credits to the customer* If you look at the pricing FAQ, you can see that Microsoft offers Service level credits if it does not meet the SLA targets.
Q: Which of the following is a workflow-based risk assessment dashboard within the Trust Portal that enables you to track, assign, and verify your organization's regulatory compliance activities related to Microsoft professional services and Microsoft cloud service? ○ Service Trust Portal ○ Microsoft Trust Center ○ Microsoft Privacy Statement ○ Compliance Manager
*Compliance Manager* helps simplify compliance and reduce risk by providing: ○ Pre-built assessments for common industry and regional standards and regulations, or custom assessments to meet your unique compliance needs (available assessments depend on your licensing agreement; learn more). ○ Workflow capabilities to help you efficiently complete your risk assessments through a single tool. ○ Detailed step-by-step guidance on suggested improvement actions to help you comply with the standards and regulations that are most relevant for your organization. For actions that are managed by Microsoft, you'll see implementation details and audit results. ○ A risk-based compliance score to help you understand your compliance posture by measuring your progress in completing improvement actions.
Let's assume you need to give all users in a group the ability to create and manage all types of Azure resources within a subscription. Rights granted to the users should be kept to a minimum. Q: Which built-in role-based access control (RBAC) role should you assign to the group? ○ Contributor ○ User Access Administrator ○ Reader ○ Owner
*Contributors* are granted full access to manage all resources, but does not allow them to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
A company wants to start using Azure. They want to deploy several resources to their Azure subscription. They want to be informed of the costs of Azure resources that go beyond a certain threshold. Q: Which of the following can help achieve this? ○ Create an alert in Azure Monitor. ○ Create a budget in Azure Cost Management. ○ Create an alert in Azure Advisor. ○ Create a cost tag for the resource group.
*Create a budget in Azure Cost Management* You can create a budget and get a notification if the costs are going beyond the budget.
You assigned an Azure Policy on a subscription called "Sub1" that forbids the deployment of any service that isn't Azure SQL or Azure App Service. But the Administrators want to be able to deploy any resource to their centralized resource group called "shared-services." Q: Which of the following is the best way to achieve their goals: ○ Disable the policy before each deployment and then enable the policy ○ Change the policy definition ○ Create a policy exemption for the shared-services resource group.
*Create a policy exemption for the shared-services resource group.* The Azure Policy exemptions feature is used to exempt a resource hierarchy or an individual resource from evaluation of initiatives or definitions.
A team has a Cosmos DB account. A solution needs to be in place to generate an alert from Azure Log Analytics when a query request charge exceeds 40 units more than 10 times during a 10-minute window. Q: Which of the following would you recommend (choose two)? ○ Create a search query to identify when the requestCharge_s exceeds 40. ○ Create a search query to identify when the requestCharge_s exceeds 10. ○ Create a search query to identify when the duration_s exceeds 10. ○ Configure a period of 10 and a frequency of 10.
*Create a search query to identify when the requestCharge_s exceeds 40* and *Configure a period of 10 and a frequency of 10*
A company is planning to host a set of resources in Azure. They want to protect their resources against DDoS attacks and also get real-time attack metrics. Q: Which of the following should the company opt for? ○ DDoS Protection Basic ○ DDoS Protection Standard ○ DDoS Protection Premium ○ DDoS Protection Isolated
*DDoS Protection Standard*
Q: Which of the following best describes the term DevOps? ○ An Azure service for building DevOps solutions ○ A set of tools for developers and operation teams ○ DevOps is the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at high velocity ○ Developers and operations working as a single team
*DevOps is the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services at a high velocity* while maintaining high quality. DevOps is complementary with Agile software development. Several DevOps aspects came from the Agile methodology.
Q: Which of the following are Event Grid concepts? ○ Events ○ Event sources ○ Topics ○ Event subscriptions ○ Event handlers ○ Firebase
*Events* - What happened. *Event sources* - Where the event took place. *Topics* - The endpoint where publishers send events. *Event subscriptions* - The endpoint or built-in mechanism to route events, sometimes to more than one handler. Subscriptions are also used by handlers to intelligently filter incoming events. *Event handlers* - The app or service reacting to the event. ---------------- Firebase is a mobile app platform provided by Google
T/F: Tags applied at a resource group level are propagated to resources within the resource group.
*False*
T/F: Azure Files offers Hot, Cool, and Archive storage tiers based on how frequently you plan to access the files.
*False* *Azure Blob Storage offers Hot, Cool, and Archive storage tiers* based on how long to intend to store the data, how often it's accessed, and so on.
T/F: Azure Blob Storage enables you to have disk space in the cloud that you can map to a drive on-premises.
*False* *Azure Files* enables you to have disk space in the cloud that you can map to a drive on-premises. You cannot map Azure Blob Storage to a drive on-premises.
T/F: Autoscaling monitors the health of cloud resources and automatically takes action when a resource is determined to be unhealthy (e.g., move the app to another VM).
*False* *Fault-tolerant systems* monitor the health of cloud resources and automatically take action when a resource is determined to be unhealthy (e.g., move the app to another VM). *Autoscaling* monitors your applications and automatically adjusts resources to maintain a steady, predictable performance at the lowest possible cost. It is assumed the VMs are healthy.
T/F: A single resource can be placed into multiple resource groups?
*False* A resource can be long to only one resource group at a time.
T/F: Availability Zones are used to replicate data and applications to multiple regions.
*False* Availability Zones are used to replicate data and applications to multiple locations (aka, data centers) *within a single region.*
T/F: Availability Zones ensure your resources are deployed into different racks within the same data center.
*False* Availability Zones ensure your resources are deployed into *different data centers within a region*. There are at least three (3) Availability Zones in zone-enabled regions (e.g., US West)
T/F: Availability sets use fault domains to protect your VMs from hardware failures within a single data center.
*False* Availability sets use fault domains to protect your VMS from hardware failures *within a single hardware rack*.
T/F: Azure Advisor primarily focuses on providing recommendations for cost savings?
*False* Azure Advisor analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, reliability (formerly called High availability), and security of your Azure resources.
T/F: Azure Cosmos DB is a globally distributed relational database?
*False* Azure Cosmos DB is a globally distributed multi-model NoSQL database. It is not a SQL relational database.
T/F: Azure Databricks is a PaaS offering that helps you build data transformation solutions based on Apache Storm.
*False* Azure Databricks is based on *Apache Spark*, not Apache Storm.
Your team is asked to implement continuous deployment processes for their apps. The team decided to use Azure DevTest Labs. T/F: Does DevTest Labs meet their needs?
*False* Azure DevTest Labs is used to provide sandbox environments to developers and testers, but it doesn't offer any features for building Continuous Integration and Continuous Delivery (CI/CD) pipelines.
T/F: All web app configuration options should be stored in Azure Key Vault.
*False* Azure Key Vault should be only used to store sensitive information. It is not designed to replace app config files. It compliments them by externalizing management of their sections that are considered sensitive (e.g., passwords, connection strings, etc.)
T/F: If you need to store a large amount of data, Azure Data Box is a good option.
*False* If you need to *move* a large amount of data into or out of Azure, Azure Data Box is a good option. Microsoft sends you a proprietary storage device (up to 80 TB). You upload your data to the devices and ship them back to Microsoft, where they will be added to your storage account.
T/F: Azure Container Instance (ACI) is a good choice if you have an app that is used heavily by many people that might need to take advantage of scaling.
*False* In this case, Azure Container Instance (ACI) is a poor choice. Instead, Azure Kubernetes Service (AKS), the container orchestration service, would be a better choice.
T/F: If no encryptions keys are provided by the customer, then, by default, Azure managed disks are left unencrypted.
*False* Most Azure managed disks are encrypted with Azure Storage encryption, which uses server-side encryption (SSE) to protect your data and to help you meet your organizational security and compliance commitments. Azure Storage encryption automatically encrypts your data stored on Azure managed disks (OS and data disks) at rest by default when persisting it to the cloud. Disks with encryption at host enabled, however, are not encrypted through Azure Storage. For disks with encryption at host enabled, the server hosting your VM provides the encryption for your data, and that encrypted data flows into Azure Storage. Azure Storage encryption does not impact the performance of managed disks and there is no additional cost.
T/F: Network Security Groups (NSG) are an extension of the Application Security Group (ASG) and used to manage the networking component of the application.
*False* Network Security Groups (NSG) are NOT an extension of Application Security Groups (ASG). A *Network Security Group* is used to enforce and control network traffic. It controls inbound and outbound traffic at the subnet level. *Applications Security Groups* make managing network policies for virtual machines easier by logically grouping VM's together (e.g, all web servers, all database servers), then using Network Security Groups to apply policies to the groups of VM rather than on a per subnet or per VM basis. This alleviates brittle network policies and can simplify network security architectures on Azure.
Let's assume your company wants to add Owner tags to all resources inside the resource group App1_RG. T/F: Applying a tag on a resource group ensures all resources within that resource group will inherit the tag.
*False* Resources do not inherit the tags you apply to a resource group or a subscription. To apply tags from a subscription or resource group to the resources, see Azure Policies - tags.
T/F: Round-trip latency between two availability zones must be less than 2 ms.
*False* Round-trip latency *between two regions* must be less than 2 ms.
T/F: Service Level Agreements (SLAs) guarantee your application will always be up and running correctly.
*False* SLAs are guarantees that certain resources will maintain a certain level of availability (e.g., VMs 99.95%). If the SLA is not met, then a credit or refund is returned to the customer.
T/F: Scale sets enable you to set up auto-scale rules to scale vertically (scale up) when needed.
*False* Scale sets enable you to set up auto-scale rules to *scale horizontally (scale out)* when needed.
T/F: All all resource types support tags.
*False* Some resource types support tags (e.g., VMs, availability sets, disks, application gateways, etc.) Others do not (e.g., public IP addresses, security policies, security groups, etc.)
T/F: Azure Blueprint definitions can be assigned only once to an Azure subscription.
*False* The idea of having Blueprints is to reuse them. For example, you can deploy many environments using Blueprints.
T/F: Network traffic over ExpressRoute is encrypted and travels over the public internet.
*False* When using ExpressRoute, you can encrypt your network traffic via any of the following: ○ MACsec secures the physical connections between you and Microsoft. ○ IPsec secures the end-to-end connection between you and your virtual networks on Azure. ○ Application level encryption ○ Third-party appliance that performs encryption ExpressRoute connections don't go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
Q: Which of the following best describes the Azure Firewall? ○ Enables management of VM firewall settings from Azure Portal ○ Filters inbound and outbound network traffic for Azure resources ○ An antivirus program that protects VMs from harmful viruses and malware
*Filters inbound and outbound network traffic for Azure resources* Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best-of-breed threat protection for your cloud workloads running in Azure. Azure Firewall Standard provides L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security. Threat intelligence-based filtering can alert and deny traffic from/to known malicious IP addresses and domains which are updated in real-time to protect against new and emerging attacks.
A company has launched a set of Virtual Machines in their Pay-as-you-go Azure subscription. After launching a set of VMs, they seem to be hitting a limit. They cannot provision additional Virtual Machines. Q: Which of the following can be done to allow the company to provision more Virtual Machines? ○ Raise a support ticket with Microsoft. ○ Increase the limit in the Azure Monitor. ○ Increase the limit using the Azure CLI. ○ Increase the limit in Azure Advisor.
*Raise a support ticket with Microsoft.*
Q: Which of the following copies data to a secondary region from the primary region across multiple data centers that are located many miles apart? ○ Premium storage ○ Zone redundant storage (ZRS) ○ Geo-redundant storage (GRS) ○ Locally-redundant storage (LRS)
*Geo-redundant storage (GRS)* replicates your data to a secondary region that is in a different geographic location from the primary region.
Q: How does Azure Key Vault help protect your secrets after they have been loaded by your app? ○ Azure Key Vault automatically generates a new secret after every use. ○ The Azure Key Vault client library protects regions of memory used by your application to prevent accidental secret exposure. ○ Azure Key Vault double-encrypts secrets, requiring your app to decrypt them locally every time they're used. ○ It doesn't protect your secrets. Secrets are unprotected once they're loaded by your application.
*It doesn't protect your secrets. Secrets are unprotected once they're loaded by your application.* Once secrets have been loaded by an app, they are unprotected. Make sure to not log them, store them, or return them in client responses.
A company has created a resource group. They want to ensure that resources within the resource group don't get accidentally deleted. Which of the following would you use for this purpose? ○ Access Control ○ Policies ○ Locks ○ Diagnostics settings
*Locks*
Q: Which of the following are advantages of using the public cloud? Choose 2 answers from the options given below. ○ Lower Capital Costs ○ Higher maintenance ○ High reliability ○ Higher Capital Costs
*Lower Capital Costs* and *High reliability*
Q: Using computer software to automatically draw conclusions based on customer data is called... ○ Market forecasting ○ Machine learning ○ Data modeling ○ Computer vision
*Machine learning* is a subcategory of artificial intelligence where data scientists teach computer software to draw conclusions from large amounts of customer data.
Q: Which Azure feature enables you to organize multiple subscriptions in hierarchies for unified policies and compliance? ○ Resource groups ○ Management groups ○ Azure Active Directory (Azure AD) ○ Azure Container Instances
*Management groups* help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group.
Q: Which of the following are characteristics of the public cloud (choose two)? ○ Dedicated hardware ○ Unsecured connections ○ Limited storage ○ Metered pricing ○ Self-service management
*Metered pricing* and *self-service management* are characteristics of the public cloud.
Q: Which of the following enables you to monitor your Azure environment to get security recommendations and analysis of potential threats? ○ Microsoft Defender for Cloud (formerly known as Azure Security Center) ○ Azure Key Vault ○ Azure Network Security Groups ○ Azure Application Security Groups
*Microsoft Defender for Cloud (formerly known as Azure Security Center)* helps secure your Azure environment by providing actionable recommendations and analysis for potential threats.
A company wants to make use of Azure for the deployment of various solutions. They want to ensure that suspicious attacks and threats to resources in their Azure account are prevented. Q: Which of the following helps prevent such attacks by using built-in sensors in Azure? ○ Azure AD Identity Protection ○ Azure DDoS attacks ○ Azure Privileged Identity Management ○ Microsoft Defender for Identity
*Microsoft Defender for Identity* Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Monitor and analyze user behavior and activities Defender for Identity's proprietary sensors monitor organizational domain controllers, providing a comprehensive view of all user activities from every device. Defender for Identity monitors and analyzes user activities and information across your network, such as permissions and group membership, creating a behavioral baseline for each user.
Let's assume you have ten VMs within your virtual network. Five are web servers and the other five are storage servers. Q: Which of the following is the most efficient and flexible way to group the different types of servers and apply policies to them? ○ Network Security Group Rules with static IP address ○ Network Security Group Rules with Application Security Groups ○ Two Network Security Groups, one associated with the web servers network interfaces and the second associated with the storage network interfaces
*Network Security Group Rules with Application Security Groups* Applications Security Groups make managing network policies for virtual machines easier by logically grouping VM's together (e.g, all web servers, all database servers), then using Network Security Groups to apply policies to the groups of VMs rather than on a per subnet or per VM basis. This alleviates brittle network policies and can simplify network security architectures on Azure.
Let's assume your company wants to block all traffic based on the network protocol (TCP). To do that, they want to use only Application Security Groups (ASG). Q: Can they use Application Security Groups alone to block all TCP network traffic?
*No* A *Network Security Group* is used to enforce and control network traffic. It controls inbound and outbound traffic at the subnet level. *Applications Security Groups* make managing network policies for virtual machines easier by logically grouping VM's together (e.g, all web servers, all database servers), then using Network Security Groups to apply policies to the groups of VM rather than on a per subnet or per VM basis. This alleviates brittle network policies and can simplify network security architectures on Azure.
Let's assume your company had a security incident and your management wants to review what happened. To do this, they went to Azure Advisor. Q: Will Azure Advisor help them answer their questions?
*No* All recommendations provided by Azure Advisor are pro-active. These recommendations are designed to help protect your data. This service does not provide much that will help with data breach investigations.
Let's assume your company wants to block all traffic to internet websites from their network with exception of domain names like www.mycompany.com and internal.mycompany.com. Q: Can the use Network Security Groups to accomplish this task?
*No* Network Security Groups do not offer features for creating rules based on FQDN (fully qualified domain name). Instead, your company should use Azure Firewall. A fully qualified domain name (FQDN) represents a domain name of a host or IP address(es). You can use FQDNs in network rules based on DNS resolution in Azure Firewall and Firewall policy. This capability enables you to filter outbound traffic with any TCP/UDP protocol (including HTTP, NTP, SSH, RDP, and more).
Let's assume your company wants to associate a single VM with two different departments. Someone proposed resource tags like the following could be used: ○ Name: Department, Value: Finance ○ Name: Department, Value: Sales Q: Will this strategy work?
*No* On a single resource (such as a VM), *tag names* must be unique. You cannot have two tags with the same name applied to a single resource. Something like the following would work: ○ Name: Department1, Value: Finance ○ Name: Department2, Value: Sales Or perhaps the following: ○ Name: DepartmentPrimary, Value: Finance ○ Name: DepartmentSecondary, Value: Sales
Let's assume your company wants to Azure DDoS Protection plan in the Basic tier for their Azure App Service. Q: What should it do to achieve this? ○ Go to the Azure App Service and enable DDoS protection ○ Go to the Marketplace and create an Azure DDoS Protection plan resource and add the App Service to the list of protected resources ○ Go to the Marketplace and create an Azure DDoS Protection plan resource and then add App Service Virtual Network to the list of protected resources. ○ Nothing. All Azure services are already protected by the Basic DDoS Protection.
*Nothing. All Azure services are already protected by the Basic DDoS Protection.*
Fil in the blank: Scope is a ______________ that the access is applied to. ○ Action for a specific resource type ○ User, group, or application object ○ One or more Azure resources ○ List of available resources actions in Azure ○ List of available resource types in Azure ○ List of available resources in Azure
*One or more Azure resources* Scope is the set of resources that access applies to. In Azure, you can specify a scope at four levels: management group, subscription, resource group, and resource. Scopes are structured in a parent-child relationship. Each level of hierarchy makes the scope more specific. You can assign roles at any of these levels of scope. The level you select determines how widely the role is applied. Lower levels inherit role permissions from higher levels.
Q: Which of the following is a single object that defines properties, conditions, and effects in an Azure Policy: ○ Policy Assignment ○ Policy Definition ○ Policy Initiative ○ Policy Scope ○ Policy Group ○ Policy Exclusion
*Policy Definition* specifies the policy and its effects by specifying properties, conditions, and effects based on the values of resource properties.
An IT Engineer needs to create a Virtual Machine in Azure. Currently, the IT Engineer has a Windows desktop along with the Azure Command Line Interface (CLI). Q: Which of the following would enable the IT engineer to use the Azure Command Line Interface (choose 2)? ○ Powershell ○ File and Print Explorer ○ Command Prompt ○ Control Panel
*Powershell* and *Command Prompt*
Q: Which of the following is NOT a benefit of Azure Key Vault? ○ Secure storage of private user information. ○ Synchronizing application secrets among multiple instances of an application. ○ Reducing the need for application developers to directly handle application secrets. ○ Controlling access to application secrets with assignable permissions.
*Secure storage of private user information.* Key Vault is intended for storing application secrets, not user secrets.
Q: Which of the following best describes serverless computing? ○ Customers don't pay for their servers ○ Apps are deployed to nano-services ○ Management of servers is abstracted away from customers ○ There are no servers, everything runs in containers
*Serverless computing* enables developers to build applications faster by eliminating the need for them to manage infrastructure, such as VMs and networking. With serverless applications, Azure automatically provisions, scales, and manages the infrastructure required to run the code.
Q: How does using managed identities for Azure resources change the way an app authenticates to Azure Key Vault? ○ The app uses a certificate to authenticate instead of a secret. ○ Each user of the app must enter a password. ○ The app gets tokens from a token service instead of Azure Active Directory. ○ Managed identities are automatically recognized by Azure Key Vault and authenticated automatically.
*The app gets tokens from a token service instead of Azure Active Directory.* When you enable managed identity on your web app, Azure activates a separate token-granting REST service specifically for use by your app. Your app will request tokens from this service instead of Azure Active Directory.
T/F: Authentication can use certificates to identify a person or service.
*True*
T/F: Azure scans your environment and reports which resources violate your defined policies and initiatives (aka, which resources are non-compliant).
*True*
T/F: ExpressRoute Direct provides customers the opportunity to connect directly into Microsoft's global network at peering locations strategically distributed across the world without a connectively provider.
*True*
T/F: Managed disks are designed for 99.999% availability. Managed disks achieve this by providing you with three replicas of your data, allowing for high durability.
*True*
T/F: Managed disks are integrated with availability sets to ensure that the disks of VMs in an availability set are sufficiently isolated from each other to avoid a single point of failure.
*True*
T/F: Managed disks support Availability Zones
*True*
T/F: Messages sent between IoT devices and an IoT Hub are encrypted for additional security.
*True*
T/F: The Azure Kubernetes Service (AKS) creates containers in pods. A pod is a group of related containers. Containers within a pod can share resources, but containers within different pods cannot share resources.
*True*
T/F: The Enterprise Edition of Azure Machine Learning offers designers that enable you to build, train, and score ML models in a drag-and-drop interface.
*True*
T/F: The Virtual Hard Disk (VHD) format is a publicly-available image format specification that allows encapsulation of the hard disk into an individual file for use by the operating system as a virtual disk in all the same ways physical hard disks are used.
*True*
T/F: Within Azure role-based access control (Azure RBAC), a role assignment is a combination of the role definition (what can be done), security principal (who can do it), and scope (where can it be done).
*True*
T/F: You are charged for App Service plans even when no web app are running in them. If you have web app in your App Service plan, you are still charged even if the web app is stopped. The only way to avoid being billed for an App Service plan is to delete it.
*True*
T/F: You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
*True*
T/F: The term 'big data' refers to more data than you can analyze through conventional means within a desired timeframe.
*True* 'Big data' are extremely large data sets that may be analyzed computationally to reveal patterns, trends, and associations, especially relating to human behavior and interactions.
T/F: Azure Databricks clusters are made up of notebooks that can store all types of information.
*True* An Azure Databricks cluster is a set of computation resources and configurations on which you run data engineering, data science, and data analytics workloads, such as production ETL pipelines, streaming analytics, ad-hoc analytics, and machine learning. You run these workloads as a set of commands in a notebook or as an automated job.
T/F: Azure Cognitive Services provide numerous APIs that enable you to quickly develop machine learning solutions.
*True* Azure Cognitive Services are cloud-based artificial intelligence (AI) services that help you build cognitive intelligence into your applications. They are available as REST APIs, client library SDKs, and user interfaces. You can add cognitive features to your applications without having AI or data science skills. Cognitive Services enable you to build cognitive solutions that can see, hear, speak, understand, and even make decisions.
T/F: Designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput, Data Lake Storage Gen2 allows you to easily manage massive amounts of data.
*True* Azure Data Lake Storage Gen2 is a set of capabilities dedicated to big data analytics, built on Azure Blob Storage. Designed from the start to service multiple petabytes of information while sustaining hundreds of gigabits of throughput, Data Lake Storage Gen2 allows you to easily manage massive amounts of data.
T/F: The Azure Marketplace DDoS Protection Plan create a Standard tier DDoS Protection service only.
*True* Basic DDoS protection is already enabled for all Azure services and included in the cost. Only the Standard tier can be purchased and deployed manually.
Let's assume you want to protect your production storage account from being accidently deleted. You and others have Owner privileges on the resource group in which the storage account resides. T/F: Setting a delete resource lock on the storage account will keep you and others from accidently deleting the storage account.
*True* Delete (aka CanNotDelete) locks prevent even Owners from deleting locked resources. You would have to remove the resource lock, then delete the storage account.
T/F: ExpressRoute enables you to have a high-bandwidth connection from your on-premises data center to Azure of up to 10 Gbps by connecting to a Microsoft Enterprise Edge (MSEE) Router.
*True* ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider.
T/F: A Fault Domain is a group of virtual machines that shares a common power source and a common network switch.
*True* Fault Domains are a collection of virtual machines that share a common power source and network switch. Every Fault Domain contains physical racks and each rack contains virtual machines. Each of the Fault Domains share a network switch and power supply.
T/F: GitHub Actions enable you to add event-driven workflows to events in GitHub using either preconfigured Actions in Marketplace or Actions you build with YAML files.
*True* GitHub Actions helps you automate your software development workflows from within GitHub. With GitHub Actions for Azure, you can create workflows that you can set up in your repository to build, test, package, release, and deploy to Azure. GitHub Actions supports Azure services, including Azure App Service, Azure Functions, and Azure Key Vault.
T/F: GitHub is a source code repository and web portal for working with those repositories.
*True* GitHub is an online software development platform used for storing, tracking, and collaborating on software projects. It enables developers to upload their own code files and to collaborate with fellow developers on open-source projects. GitHub also serves as a social networking site in which developers can openly network, collaborate, and pitch their work.
T/F: You can use IoT Hub Device Provisioning Service (DPS) to add a large number of IoT devices to an IoT Hub.
*True* The IoT Hub Device Provisioning Service (DPS) is a helper service for IoT Hub that enables zero-touch, just-in-time provisioning to the right IoT hub without requiring human intervention. DPS enables the provisioning of millions of devices in a secure and scalable manner.
T/F: The process of AI decision-making at several points along the neural network is referred to as the machine learning pipeline.
*True* The core of a machine learning (ML) pipeline is to split a complete machine learning task into a multistep workflow. Each step is a manageable component that can be developed, optimized, configured, and automated individually. Steps are connected through well-defined interfaces.
T/F: ARM templates are JSON files that can be used to create and modify Azure resources using Azure Resource Manager (ARM).
*True* The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.
T/F: Azure Logic Apps is a workflow serverless solution that uses connectors, triggers, and actions.
*True* With Azure Logic Apps service you can quickly: ○ Schedule and send email notifications using Office 365 when a specific event happens, for example, a new file is uploaded. ○ Route and process customer orders across on-premises systems and cloud services. ○ Move uploaded files from an SFTP or FTP server to Azure Storage. ○ Monitor tweets, analyze the sentiment, and create alerts or tasks for items that need review.
Q: When can an organization decommission its private cloud infrastructure hosted in its data center? ○ When they have a hybrid solution ○ When all of their servers are in the private cloud ○ When all of their servers are in the public cloud ○ When all of their servers are in the public or private cloud
*When all of their servers are in the public cloud* It can do when all the servers are migrated to the Azure cloud, which is a public cloud, and you have no dependency left on your private cloud ( or on-premises environment ). Then you can completely look to decommission it.
Q: Colloquially speaking, an RBAC scope assignment answers which of the following questions? ○ Where can it be done? ○ What can be done? ○ Who can do it?
*Where can it be done?*
Q: Colloquially speaking, an RBAC service principal assignment answers which of the following questions? ○ Where can it be done? ○ What can be done? ○ Who can do it?
*Who can do it?*
Q: A group of policies is called with of the following: ○ Policy Assignment ○ Policy Definition ○ Policy Initiative ○ Policy Scope ○ Policy Group ○ Policy Exclusion
A *policy Initiative* is a collection of Azure Policy definitions, or rules, that are grouped together towards a specific goal or purpose. Azure initiatives simplify management of your policies by grouping a set of policies together, logically, as a single item.
Let's assume your company plans to move several servers to Azure. The company's compliance policy states that a server named FinServer must be on a separate network segment. Q: Which of the following should be used to meet the compliance policy requirement? ○ A resource group for FinServer and another resource group for all the other servers ○ A virtual network for FinServer and another virtual network for all the other servers ○ A VPN for FinServer and a virtual network gateway for each other server ○ One resource group for all the servers and a resource lock for FinServer
A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network. In this case, FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to set up *a virtual network for FinServer and another virtual network for all the other servers.*
Q: Microsoft Defender for Cloud (formerly known as Azure Security Center) recommendations are visible from which of the following? ○ Azure Security Center resource overview blade ○ Azure Security Center resource recommendations blads ○ All Azure services with Security blade ○ Azure Advisor recommendations ○ All of the above
All of the above
Q: Which of the following best describes an Azure Blueprint definition: ○ A collection of Blueprint assignments ○ A singular deployment of a Blueprint within an Azure subscription ○ A generic package (collection) of various Azure components pre-configured and ready for deployment
An Azure Blueprint is *a generic package (collection) of various Azure components pre-configured and ready for deployment.* An Azure Blueprint is a package for creating specific sets of standards and requirements that govern the implementation of Azure services, security, and design. Such packages are reusable so that consistency and compliance among resources can be maintained.
Q: Authentication is the process of doing what? ○ Verifying that a user or device is who they say they are. ○ The process of tracking user behavior. ○ Enabling federated services.
Authentication is the process of *verifying that a user or device is who they say they are*.
Q: Authorization is a ... ○ process of verification that only authenticated identities may gain access to resources for which they were granted access to by a resource owner ○ process of verification of the user's credentials ○ process of verification of the user's identity ○ process of verification of unauthorized identities by the authorization server
Authorization means verification of permission assigned to a user by a resource owner.
Difference between Scale Sets and Availability Sets
Availability Set consists of a set of discrete VMs. Use availability sets when you have predictable workloads that you want to protect against downtime. VM Scale Set consists of a set of identically configured VMs. Use scale sets to ensure your solutions scale quickly (autoscale) to demand when the workloads change a lot or are unpredictable.
Q: For which of the following does Azure provide recommendations? ○ Cost ○ Performance ○ Migration ○ Retention ○ Reliability ○ Security ○ Operational Excellence
Azure Advisor analyzes your resource configuration and usage telemetry and then recommends solutions for the following: ○ Cost: To optimize and reduce your overall Azure spending. ○ Performance: To improve the speed of your applications. ○ Reliability (formerly called High Availability): To ensure and improve the continuity of your business-critical applications. ○ Security: To detect threats and vulnerabilities that might lead to security breaches. ○ Operational Excellence: To help you achieve process and workflow efficiency, resource manageability and deployment best practices.
Q: Which of the following best describe Azure Advisor? ○ Helps customers with common issues around their Azure migrations ○ Performance investigation service for Azure SQL ○ Personalized consultant service that provides recommendations for Azure services ○ Supports forum availability for enterprise customers ○ Proactive feature of Azure where a specialized consultant is available to provide help to customers
Azure Advisor is service that works just like a *personalized consultant* while provides you with recommendations to improve your Azure resource management.
Q: Which of the following best describes Azure Blueprints: ○ Centralized repository of approved design patterns for effective management of Azure environments ○ Per project repository for project deliverables and components ○ Repository for resource manager templates for application teams
Azure Blueprints offer a *centralized repository of approved design patterns for effective management of Azure environments.* An Azure Blueprint is a package for creating specific sets of standards and requirements that govern the implementation of Azure services, security, and design. Such packages are reusable so that consistency and compliance among resources can be maintained.
Q: Which of the following was Azure Key Vault designed to securely store? ○ Application Secrets ○ Encryption Keys ○ User Connections ○ Certificates ○ App Metadata ○ App Config
Azure Key Vault was designed to securely store the following: ○ Application Secrets ○ Encryption Keys ○ Certificates
A company is planning to set up a solution on the Azure platform. The solution has the following main key requirement: Provide a managed service that could be used to manage and scale container-based applications. Q: Which of the following would be best suited for this requirement? ○ Azure Event Grid ○ Azure DevOps ○ Azure Kubernetes ○ Azure DevTest Labs
Azure Kubernetes
Difference between Azure Load Balancer and Application Gateway
Azure Load Balancer works with traffic at Layer 4 (TCP/IP and UDP). Application Gateway works with Layer 7 traffic, and specifically with HTTP/S (including WebSockets).
Q: Which of the following best describes Azure Machine Learning? ○ It's a cloud-based PaaS solution that offers end-to-end machine learning modeling. ○ A simple service for quick model training in the cloud ○ A web-based portal for managing Azure Machine Learning Workspace
Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.
Q: Azure Policy enables you to do which of the following: ○ Define roles/permissions and assign those roles to users and apps. ○ Define business rules that are enforced when resources are created and managed. ○ Create approval flow during resource deployment to ensure only approved resources will be created
Azure Policy enables you to *define business rules that are enforced when resources are created and managed*. For example, you can create a policy that specifies that only certain types of VMs can be created and that VMs must be created in the US West region.
Q: Azure Policy was designed to help you with which of the following: ○ Provisioning of resources using an IaaC approach ○ Managing network security rules for virtual networks ○ Governance for resource consistency, regulatory compliance, security, cost, and management.
Azure Policy was designed to help you with *governance for resource consistency, regulatory compliance, security, cost, and management.*
Q: Which of the following best describe Azure PowerShell? ○ Scripting language for common Azure admin tasks ○ PowerShell module for common Azure admin tasks ○ PowerShell version designed for Azure ○ Open-source version of PowerShell with pre-installed Azure modules
Azure PowerShell is a *PowerShell module for common Azure admin tasks.* The Az PowerShell module is a rollup module containing more than 70 generally available (GA) or stable service modules for managing Azure resources directly from PowerShell.
Q: Which of the following best describes Azure Resource Locks? ○ Read-only permissions from Role-based Access Control (RBAC) ○ Enables you to protect resources from human-error accidents like modification or deletion of resources ○ An application must require a lock before the app can write to the resource
Azure Resource Locks *enables you to protect resources from human-error accidents like modification or deletion of resources*
Q: What kind of network traffic can be routed by Azure Route Tables? ○ Inbound (incoming) ○ Outbound (outgoing) ○ Both
Azure routes traffic between Azure, on-premises, and Internet resources.
Let's assume your company wants to migrate its existing SQL Server workloads to Azure. Your company wants a full-fledged SQL server with all of the capabilities and also wants to minimize the management responsibilities. Q: Which of the following should it choose? ○ Azure Cosmos DB ○ Azure SQL Database ○ Azure SQL Managed Instance ○ Azure SQL for VM ○ Azure Table Storage ○ Azure Database for PostgreSQL ○ Azure SQL Data Warehouse
Both *Azure SQL Managed Instance* and *Azure SQL for VM* are full-fledged SQL servers. *SQL Managed Instance* preserves all PaaS capabilities (automatic patching and version updates, automated backups, high availability) that drastically reduce management overhead and TCO. *SQL Server on Azure Virtual Machines* enables you to use full versions of SQL Server in the cloud while maintaining OS control (IaaS).
Q: Which of the following can be included in a Blueprint definition: ○ Resource manager template ○ Role definition ○ Role assignment ○ Policy definition ○ Policy assignment ○ PowerShell script ○ Users or groups ○ Resource group ○ Subscription
Blueprints are a declarative way to orchestrate the deployment of various resource templates and other artifacts such as: ○ Resource manager template ○ Role assignment ○ Policy assignment ○ Resource group Just as a blueprint allows an engineer or an architect to sketch a project's design parameters, Azure Blueprints enables cloud architects and central information technology groups to define a repeatable set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and start up new environments with trust they're building within organizational compliance with a set of built-in components, such as networking, to speed up development and delivery. With Azure Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Azure Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.
Q: What's the maximum number of tags (name-value pairs) that can be assigned to each resource, resource group, and subscription ○ 10 ○ 25 ○ 50 ○ 100
Each resource, resource group, and subscription can have *a maximum of 50 tag name-value pairs*. A resource group or subscription can contain many resources that each have 50 tag name-value pairs. If you need to apply more tags than the maximum allowed number, use a JSON string for the tag value. The JSON string can contain many of the values that you apply to a single tag name.
A company wants to try out a couple of Azure services that are available in public preview. T/F: Is it true that services in the public preview can only be used via the Azure command-line interface?
False
T/F: Authentication grants proper access to a legitimate user.
False Authentication confirms the identity of a person who wants access. Authentication is the process of establishing the identity of a person or service that wants to access a resource.
T/F: Authorization confirms the identity of a person who wants access.
False Authorization grants proper access to a legitimate user. Authorization is the process of establishing what level of access a legitimate user or service should have.
T/F: Infrastructure as a service (IaaS) provides hosting and management of an application and its underlying infrastructure, as well as any maintenance, upgrades, and security patching. It offers necessary compute, storage, and networking assets on demand, on a pay-as-you-go basis.
False Infrastructure as a service (IaaS) provides servers and virtual machines, storage, networks, and operating systems on a pay-as-you-go basis
Software as a service (SaaS) provides servers and virtual machines, storage, networks, and operating systems on a pay-as-you-go basis. It hosts and manages the software application and underlying infrastructure.
False Software as a service (SaaS) provides hosting and management of an application and its underlying infrastructure, as well as any maintenance, upgrades, and security patching
An application consists of a set of virtual machines hosted in a Virtual Network. In a month, the application seems to have a load of around 20% for 3 weeks. During the last week, the load on the application reaches 80%. Q: Which of the following benefits of Azure Cloud would ensure the underlying application infrastructure's cost and efficiency? ○ High availability ○ Elasticity ○ Disaster recovery ○ Fault tolerance
Here the concept refers to *Elasticity.* In this use case, you could define a Virtual Machine Scale set in Azure. You could define an initial set of Virtual Machines as part of the scale set that would run for the first 3 weeks. You can then add a scaling policy to add more Virtual Machines to support the application during the last week. You can then add a scaling policy to remove the extra Virtual Machines at the end of last week to save on costs.
Q: Which of the following is the right concept behind the following description? "A cloud service that can be accessed quickly by users over the Internet (Quick response time is important to users)" ○ Fault Tolerance ○ Disaster Recovery ○ Dynamic Scalability ○ Low Latency
Low Latency
Q: Microsoft Defender for Cloud (formerly known as Azure Security Center) is a monitoring service that includes which of the following? ○ Security recommendations ○ Monitoring of security settings for cloud and on-premises (hybrid) workloads ○ Automatic security assessments ○ Network analysis and filtering rules ○ Analysis of potential inbound attacks and threats ○ Firewall for VMs ○ Just-in-time (JIT) VM access
Microsoft Defender for Cloud (formerly known as Azure Security Center) is a monitoring service that includes the following? ○ Security recommendations ○ Monitoring of security settings for cloud and on-premises (hybrid) workloads ○ Automatic security assessments ○ Analysis of potential inbound attacks and threats ○ Just-in-time (JIT) VM access
Q: Which of the following best describe Microsoft Defender for Cloud (formerly known as Azure Security Center)? ○ Firewall service for Azure VMs? ○ Service that protects Azure Data Services like Azure Blob Storage and SQL Database from potential attacks ○ Centralized security service with protects and provides security recommendations for Azure services ○ Paid Azure Service for securing Azure infrastructure
Microsoft Defender for Cloud (formerly known as Azure Security Center) is your tool for overall security posture management and threat protection. It is a *centralized security service with protects and provides security recommendations for Azure services.*
A company has a set of resources deployed to Azure. They want to make use of the Azure Advisor tool. Y/N: Would the Azure Advisor tool give recommendations on the tenancy?
No. Azure Advisor recommendation areas are Cost, Security, Reliability, Operational excellence & Performance.
An IT administrator for a company has been given a PowerShell script which will be used to create several Virtual Machines. You have to provide a machine to the IT administrator for running the PowerShell script. You decide to provide a Linux machine that has the Azure CLI tools with PowerShell 5.x installed. Y/N: Would this solution fit the requirement?
No. Azure PowerShell works with PowerShell 5.1 on Windows. On other platforms like Linux, Azure PowerShell 6.2.4 and later versions are compatible. Microsoft recommends PowerShell 7.x and higher on all platforms.
A company has just set up an Azure virtual private connection between its on-premises network and an Azure virtual network. Y/N: Would the company need to pay additional costs to transfer several gigabits of data from their on-premises network to Azure?
No. Data transfers to the Azure data center are free.
A company is planning to use Network Security Groups. Y/N: Could network security groups be used to encrypt all network traffic sent from Azure to the Internet?
No. Network Security Groups are used to restrict Inbound and Outbound traffic. It can't be used to encrypt traffic.
A company plans to upgrade its current Azure AD Free plan to the Azure AD Premium P1 plan. Y/N: Does Microsoft provide the same feature set for both plans?
No. Premium p1 has all the features that a free plan has and it will also include more features. As both, the features are not the same. Answer is NO Azure Active Directory comes in four editions—Free, Office 365 apps, Premium P1, and Premium P2. The Free edition is included with a subscription to a commercial online service, e.g. Azure, Dynamics 365, Intune, and Power Platform. Premium P1 : Designed to empower organizations with more demanding identity and access management needs, the Azure Active Directory Premium edition adds feature-rich enterprise-level identity management capabilities and enables hybrid users to seamlessly access on-premises and cloud capabilities. This edition includes everything you need for information workers and identity administrators in hybrid environments across application access, self-service identity and access management (IAM), and security in the cloud.
A company is planning to store 1 TB of data in Azure BLOB storage. Y/N: Would the cost of data storage be the same regardless of the region the data is stored in?
No. When you look at the pricing for Azure BLOB storage, there is a selector for the region. The cost depends on the region the BLOB is located in.
Q: Which of the following can be added to management groups? ○ Other management groups ○ Subscriptions ○ Resource groups ○ Resources
Only *other management groups* and *subscriptions* can be added to management groups.
Q: Which cloud approach is used by organizations to take full advantage of on-premises technology investments and allows data and applications to be shared between two environments? ○ public cloud ○ private cloud ○ hybrid cloud ○ on-premises datacenter
Public clouds (for example Microsoft Azure) owned and operated by third-party cloud service providers, deliver computing resources such as servers and storage over the Internet. Cloud Providers manage all hardware, software, and other supporting infrastructure. A private cloud refers to cloud computing resources used exclusively by a individual business. A private cloud is often physically located on the company's on-site data center. *A Hybrid cloud* is a type of cloud computing that combines on-premises infrastructure or a private cloud with a public cloud. Hybrid clouds enable data and apps to move between the two environments.
T/F: VNet is scoped to a subscription. You can implement multiple virtual networks within each Azure subscription. Multiple virtual networks from different subscriptions can be connected together using Virtual Network Peering.
True
Q: To which of the following scopes can resource locks be applied? ○Management Groups ○Subscriptions ○Resource Groups ○Resources
Resource locks can only be applied to the following: *Subscriptions* *Resource Groups* *Resources * Resource locks can NOT be applied to Management Groups.
Q: Security Principals (identities) can represent which of the following: ○ User ○ Group ○ Role ○ Role Assignment ○ Resource Group ○ Service Principal ○ Managed Identity
Security Principals (identities) can represent the following: ○ *User* ○ *Group* ○ *Service Principal* is a security identity used by user-created apps, services, and automation tools to access specific Azure resources. Think of it as a 'user identity' (login and password or certificate) with a specific role, and tightly controlled permissions to access your resources. It only needs to be able to do specific things, unlike a general user identity. It improves security if you only grant it the minimum permissions level needed to perform its management tasks. ○ *Managed Identities* provide an automatically managed identity in Azure Active Directory for applications to use when connecting to resources that support Azure Active Directory (Azure AD) authentication. Applications can use managed identities to obtain Azure AD tokens without having to manage any credentials/secrets. The key difference between Azure Service Principals and Managed Identities is that, with the latter, admins do not have to manage credentials, including passwords. To create a managed identity, go the Azure portal and navigate to the managed identity blade. Then, assign a role to the identity.
Q: Which of the following best describes Resource Tags: ○ Labels for Azure SQL table to indicate their data classification ○ Key-value pairs for Azure resources enabling you to save any additional information you may need (e.g., department=marketing) ○ A list of additional resources your app may need while executing
Tags are metadata elements that you apply to your Azure resources. They're key-value pairs that help you identify resources based on settings that are relevant to your organization. If you want to track the deployment environment for your resources, add a key named Environment. To identify the resources deployed to production, give them a value of Production. Fully formed, the key-value pair becomes, Environment = Production.
Q: What can you use to launch the Azure Cloud Shell? ○ Azure portal ○ Azure PowerShell ○ Azure Command Line Interface (CLI) ○ Azure Resource Manager (ARM) template
The *Azure portal* can be used to launch the Azure Cloud Shell. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. You can access the Cloud Shell in three ways: ○ Direct link: Open a browser to https://shell.azure.com. ○ Azure portal: Select the Cloud Shell icon on the Azure portal. ○ Code snippets: On docs.microsoft.com and Microsoft Learn, select the Try It button
A company is planning to host resources in Azure. They want to ensure that Azure complies with the rules and regulations of the region for hosting resources. Q: Which of the following can assist the company in getting the required compliance reports? ○ Azure AD ○ Microsoft Trust Center ○ Azure Advisor ○ Azure Security Center
The *Trust Center* is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community. The Trust Center provides: In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. The Trust Center provides: ○ In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. ○ Additional resources for each topic. ○ Links to the security, privacy, and compliance blogs and upcoming events. The Trust Center is a great resource for other people in your organization who might play a role in security, privacy, and compliance. These people include business managers, risk assessment and privacy officers, and legal compliance teams.
Q: Which of the following does the Azure Active Directory provide (choose 2)? ○ Identity Management ○ Access Management ○ Resource Management ○ Subscription Management
The Azure Active Directory provides *Identity* and *Access Management (IAM)*.
The Premium and Ultra Managed Disk max size is ___________. ○ 2 TB ○ 4 TB ○ 32 TB ○ 64 TB
The Premium and Ultra Managed Disk max size is *64 TB*
Let's assume your company uses management groups to manage resources more efficiently. User1 should be able to assign access and assign policies to management groups. You need to determine to which role-based access control (RBAC) role User1 should be added. Your solution should follow the principle of least privilege. Q: To which role should you add User1? ○ User Access Administrator ○ Owner ○ Management Group Contributor ○ Contributor
The RBAC built-in role *User Access Administrator* lets its members manage user access to Azure resources.
The Standard Managed Disk max size is ___________. ○ 2 TB ○ 4 TB ○ 32 TB ○ 64 TB
The Standard Managed Disk max size is *32 TB*
Q: Which of the following are terms used to describe aspects of the Azure Kubernetes Service (AKS)? ○ Container ○ Pod ○ Node (or worker) ○ Master ○ Cluster ○ Scale Set
The following are terms used to describe aspects of the Azure Kubernetes Service (AKS): *Containers* are run in pods. *Pods* are run on *Nodes (or workers).* A *Master* controls all the pods and nodes. The entire environment of pods, nodes, and a master is called a *Cluster.* ---------------------------- *Scale set* is not a Kubernetes term.
Q: Which of the following can be used when defining a Network Security Group Rule? ○ Source / Destination Address ○ Source / Destination Port ○ Direction (inbound / outbound) ○ Service name ○ Server Fully Qualified Domain Name ○ Network Protocol ○ Deny / Allow
The following can be used when defining a Network Security Group Rule: ○ Source / Destination Address ○ Source / Destination Port ○ Direction (inbound / outbound) ○ Network Protocol ○ Deny / Allow
A company has just set up an Azure subscription and an Azure tenant. They want to start deploying resources on the Azure platform. They want to implement a way to group the resources logically. Q: Which of the following could be used for this requirement? ○ Availability Zones ○ Azure Resource Groups ○ Azure Resource Manager ○ Azure Regions
This can be done with the help of *resources groups*. A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored.
A company wants to migrate its current on-premises servers to Azure. They want to ensure that the servers are running even if a single Azure Data Center goes down. Q: Which of the following terms refers to the solution that needs to be in place to fulfill this requirement? ○ Fault tolerance ○ Elasticity ○ Scalability ○ Low Latency
This concept of *Fault tolerance* refers to achieving high availability on the cloud.
T/F: Availability sets enable you to create two or more virtual machines in different physical server racks within the same data center.
True
T/F: Continuous integration (CI) and continuous delivery (CD), also known as CI/CD, embodies a culture, operating principles, and a set of practices that application development teams use to deliver code changes more frequently and reliably.
True
T/F: Perimeter networks enable secure connectivity between your cloud networks and your on-premises or physical datacenter networks. They also enable secure connectivity to and from the internet. A perimeter network is sometimes called a demilitarized zone or DMZ.
True
T/F: Platform as a service (PaaS) provides a fully managed environment for developing, testing, delivering, and managing cloud-based applications. It provides complete development and deployment environment in the cloud, with assets that enable you to deliver simple cloud-based apps to cloud-enabled enterprise applications.
True
T/F: VNet is scoped to a single region/location. By default, each virtual network is isolated from the other virtual networks. Multiple virtual networks from the same and different regions can be connected together using Virtual Network Peering.
True
T/F: Azure Blueprints rapidly provision and run new environments with the knowledge that they are in line with the organization's compliance requirements.
True Azure Blueprints provide a way to define a repeatable set of Azure resources. Azure Blueprints enable development teams to rapidly provision and run new environments, with the knowledge that they're in line with the organization's compliance requirements. Teams can also provide Azure resources across several subscriptions simultaneously, meaning they can achieve shorter development times and quicker delivery.
T/F: Azure Policy enforces standards and assess compliance across your organization
True Azure Policy is designed to help enforce standards and assess compliance across your organization. Through its compliance dashboard, you can access an aggregated view to help evaluate the overall state of the environment. You can drill down to a per-resource, or per-policy level granularity. You can also use capabilities like bulk remediation for existing resources and automatic remediation for new resources, to resolve issues rapidly and effectively
T/F: Azure Resource Locks prevents resources from being accidentally deleted or changed.
True Resource locks can be used to prevent resources from being accidentally deleted or changed. Even with role-based access control policies in place there is still a risk that people with the right level of access could delete a critical resource. Azure Resource Manager locks prevent users from accidentally deleting or modifying a critical resource, and can be applied to a subscription, a resource group, or a resource.
T/F: Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.
True.
T/F: Only VMs with managed disks can be created in a managed availability set.
True.
T/F: Update Domains indicate groups of virtual machines and underlying physical hardware that can be rebooted at the same time.
True.
T/F: When a virtual machine is stopped, you will still incur costs for the storage attached to the virtual machine?
True.
T/F: When you need full container orchestration, including service discovery across multiple containers, automatic scaling, and coordinated application upgrades, Azure Kubernetes Service (AKS) is the best choice.
True.
Q: Azure Event Grid enables you to do which of the following without worrying about the underlying infrastructure? ○ Can create and run automated workflows using a web-based visual designer and no code ○ Deploy small pieces of code as a web service ○ Route messages between apps and services
With *Event Grid* you route messages and connect solutions using event-driven architectures. An event-driven architecture uses events to communicate occurrences in system state changes, for example, to other applications or services. You can use filters to route specific events to different endpoints, multicast to multiple endpoints, and make sure your events are reliably delivered.
Q: What are the three Vs of big data?
Volume - Amount of data generated and saved in records, tables, and files. Velocity - Speed of generating data, often in real-time Variety - Structured and unstructured data (e.g., images, videos, text, etc.)
A company wants to use Azure for the deployment of various solutions. They want to ensure that whenever users authenticate to Azure, they have to use Multi-Factor Authentication. Q: Which of the following can help them achieve this? ○ Azure Service Trust Portal ○ Azure Security Centre ○ Azure DDoS protection ○ Azure Privileged Identity Management
With *Azure Privileged Identity Management*, you can use Multi-factor authentication (MFA) to activate any role for users.
Q: Which of the following are designed specifically for building IoT solutions in Azure? ○ IoT Hub ○ App Services ○ IoT Central ○ Event Hub ○ Azure Sphere
While *IoT Hub*, *IoT Central*, and *Azure Sphere* have different use-cases, they were all specifically designed to help you build IoT solutions. -------------------- App Services is designed to run web apps Event Hubs is a big data streaming platform and event ingestion service.
A team has an object named audio.log stored in the Blob service in the Azure storage account. Its current access tier is 'Archive.' Q: Which of the following needs to be done before the object can be accessed? ○ Create a snapshot of the object. ○ Rehydrate the object. ○ Change the type of the object. ○ Change the URL of the object.
While a blob is in the Archive access tier, it's considered to be offline, and can't be read or modified. In order to read or modify data in an archived blob, you must first *rehydrate the blob* to an online tier, either the Hot or Cool tier.
Q: Which of the following is a key benefit of single sign-on (SSO)? ○ A central identity provider can be used. ○ The user signs in once and can then access many applications or resources. ○ Passwords always expire after 72 days.
With single sign-on, *a user signs in once and can then access a number of applications or resources*.
Q: What is YAML?
YAML (yet another markup language) is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. Azure Pipelines provides a YAML pipeline editor that you can use to author and edit your pipelines.
A company has a set of resources deployed to Azure. They want to make use of the Azure Advisor tool. Y/N: Would the Azure Advisor tool give recommendations on how to reduce the cost of running Azure Virtual Machines?
Yes Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, Reliability (formerly called High availability), and security of your Azure resources.
Your company plans to use the Azure App Service to host a set of web applications. Y/N: Does App Service scale the infrastructure automatically based on demand and load on the web app?
Yes, Web Apps running in Azure App Service have many ways to scale their infrastructure based on the demand and load on the web app. Microsoft documentation describes ways you can scale up and scale out.
A company wants to deploy a set of Azure Windows virtual machines. They want to ensure that the virtual machines' services are still accessible even if a single data center goes down. They decide to deploy the set of virtual machines to two or more availability zones. Y/N: Would this fulfill the requirement?
Yes, availability zones can be used in the case of data center-wide failure.
A company plans to set up multiple resources in their Azure subscription. They want to implement tagging of resources in Azure. But they want to ensure that when resource groups are created, they have to contain a tag with the name of "organization" and the value of "whizlabs." You recommend using Azure policies for implementing this requirement. Y/N: Would this recommendation fulfill the requirement?
Yes, you can use Azure policies. For this, there is also an built-in policy that can be used to implement tagging for resource groups.
You are planning on setting up an Azure Free Account. Y/N: After 30 days, would certain Azure products still be free to use?
Yes. The Azure Free Account gives access to all Azure services for the first 30 days with a free credit of $200. After this period, the user would have access only to a subset of Azure services for free. E.g., Azure Threat Protection is a service that's not available with Free Account. The user needs to convert to "pay-as-you-go-subscription" if they need to avail all of the Azure services.
A company has just deployed a set of Azure virtual machines. They want their IT administrative team to get alerts whenever the CPU of the virtual machines goes beyond a certain threshold. Q: Which of the following service could be used for this requirement? ○ Azure Advisor ○ Azure Security Center ○ Azure Monitor ○ Azure Active Directory
You can create alerts in *Azure Monitor* based on the virtual machine metrics.
Q: Which of the following enables you to store structured data: ○ Azure Cosmos DB ○ Azure Table Storage ○ Azure SQL Database ○ Azure SQL Managed Instance ○ Azure Database for PostgreSQL ○ Azure SQL Data Warehouse
You can store unstructured data (NoSQL) in: ○ Azure Cosmos DB ○ Azure Table Storage (a NoSQL key-value store) You can store structured data (SQL) in: ○ Azure SQL Database ○ Azure SQL Managed Instance ○ Azure Database for PostgreSQL ○ Azure SQL Data Warehouse
Q: In which Azure support plans can you open a new support request? ○ Premier and Professional Direct only ○ Premier, Professional Direct, and Standard only ○ Premier, Professional Direct, Standard, and Developer only ○ Premier, Professional Direct, Standard, Developer, and Basic
You can you open a new support request with any of the following support plans: Premier, Professional Direct, Standard, Developer, and Basic
A company has a set of virtual machines defined in Azure. They want to find out which user shuts down a particular virtual machine in the last 7 days. Q: Which of the following can help with this requirement? ○ Azure Advisor ○ Azure Event Hubs ○ Azure Activity Logs ○ Azure Service Health
You see all operations on all resources via the use of *Azure Activity Logs.*
Q: Which of the following describe an IoT device twin: ○ Every IoT device has a fault-tolerant twin to help ensure high availability ○ Device twins are JSON documents that store device state information including metadata, configurations, and conditions. ○ Device twins can store device-specific metadata in the cloud that is not stored on the IoT device, for example, the deployment location of a vending machine. ○ Device twins contain two copies of every property: the reported property and the desired property.
○ False - Azure does NOT ensure "Every IoT device has a fault-tolerant twin to help ensure high availability" ○ True - Device twins are JSON documents that store device state information including metadata, configurations, and conditions. ○ True - Device twins can store device-specific metadata in the cloud that is not stored on the IoT device, for example, the deployment location of a vending machine. ○ True - Device twins contain two copies of every property: the reported property and the desired property.
Small companies usually have a _______ price per unit due to their lack of economies of scale.
Small companies usually have a *higher* price per unit due to their lack of economies of scale.
Q: Examples of Capital Expenditure (CapEx) computing costs are? Provide six (6) categories.
○ *Server costs* - server clustering, redundant power supplies, and uninterruptible power supplies. ○ *Storage costs* - centralized storage and fault-tolerant storage for critical applications. ○ *Network costs* - cabling, switches, access points, routers, wide area networks, and Internet connections. ○ *Data center infrastructure costs* - costs for construction and building equipment. ○ *Backup and archive costs* - backup maintenance and consumables like tapes and tape drives. ○ *Organization continuity and disaster recovery costs* - recovering from disasters and continuing operations while using backup generators.
Q: What are the top five (5) most common issues that may negatively impact availability?
○ An application failure (e.g., bug) ○ A system failure (e.g., a VM crash) ○ A network outage ○ A power outage ○ A problem with a dependent system, such as an external database or service
Q: Which of the following best describes cloud computing? ○ Delivery of computing services over the internet. ○ Delivery of apps like Office 365 over the internet. ○ Hosting your website on the internet.
Cloud computing is the on-demand availability of computer system resources, especially data storage and computing power, without direct active management by the user. Large clouds often have functions distributed over multiple locations.
T/F: Zonal services enable you to choose which Availability Zones they reside.
*True* A *Zonal Service* (e.g., a VM) only runs in the Availability Zone (AZ ) in which it was created. It is not automatically replicated to other AZs. If you want the service in other AZs, you have to manually create them in those AZs.
T/F: Availability Zones are data centers within a single region that are entirely physically separated. If one zone is affected by an outage, the others continue to operate.
*True*
T/F: In Azure, a resource is an entity managed by Azure. Virtual machines, virtual networks, and storage accounts are all examples of Azure resources.
*True*
T/F: When region pairs are available, if one of the regions experiences a disaster or failure, the services in that region automatically fail over to its region pair.
*True*
Q: Which of the following situations would be a good example of when to use a resource lock? ○ A ExpressRoute circuit with connectivity back to the on-premises network. ○ A non-production virtual machine used to test occasional application builds. ○ A storage account used to temporarily store images processed in a development environment.
*A ExpressRoute circuit with connectivity back to the on-premises network.* As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental user deletions and modifications. The lock overrides any user permissions.
Resource Groups can represent a logical grouping of... ○ Services by their lifecycle (e.g., dev/test, beta, prod) ○ Services for billing and tracking purposes ○ Services by their resource types (e.g., all VMs or all SQL databases) ○ Services by department (e.g., Sales, Engineering, etc.) ○ Services by geographic location (e.g., US vs Europe) ○ All the above
*All of the above* Resource groups enable you to group resources in any way that best suits your organization's needs.
Q: Which of the following enables you to deploy a web app or service? ○ App Service ○ Virtual Machine ○ Container Instance ○ Kubernetes Service ○ All of the above
*All of the above* can be used to host web apps and services. Each service has its merits and can be used in specific scenarios.
Q: Which of the following can be used to host a containerized app? ○ App Service ○ Virtual Machine ○ Functions ○ Container Instance ○ Kubernetes Service
*App Service* is an HTTP-based service for hosting web applications, REST APIs, and mobile back-ends. App Service supports both web apps and containers (via Docker). *Container Instance* and *Kubernetes Service* are designed purely for container deployments.
Q: Which of the following is designed to protect you from data center-level failures (e.g., a power outage at a specific data center)? ○ Regions ○ Region Pairs ○ Availability Zones ○ Geographies
*Availability Zones* are designed to protect you from data center-level failures (e.g., a power outage at a specific data center). Availability Zones are physically separate data centers within a region that are tolerant to local failures.
Q: How can you ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers? ○ Configure the network to ensure that VMs on the same physical host are isolated. ○ This is not possible. These workloads need to be run on-premises. ○ Run the VMs on Azure Dedicated Host.
*Azure Dedicated Host* provides dedicated physical servers to host your Azure VMs for Windows and Linux.
Q: Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds? ○ Azure Functions ○ Azure App Service ○ Azure Container Instances
*Azure Functions* is used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.
Q: Which is the best way to safely store certificates so that they're accessible to cloud VMs? ○ Place the certificates on a network share. ○ Store them on a VM that's protected by a password. ○ Store the certificates in Azure Key Vault.
*Azure Key Vault* enables you to safely store certificates in a single, central location. Key Vault also makes it easy to enroll and renew certificates from public certificate authorities (CAs).
Let's assume an organization wants to implement a serverless workflow to solve a business problem. One of the requirements is the solution needs to use a designer-first (declarative) development model. Q: Which of the following meets the requirements? ○ Azure Functions ○ Azure Logic Apps ○ Azure App Service
*Azure Logic Apps* have a "Designer-First" (declarative) experience for the user by providing a visual workflow designer accessed via the Azure Portal. Users get access to the full source code (JSON template) that is automatically created by visual designer and can also author Logic Apps via Visual Studio with a designer plugin or by coding.
Q: What's the easiest way for you to combine security data from all of your monitoring tools into a single report that you can take action on? ○ Collect security data in Azure Sentinel. ○ Build a custom tool that collects security data, and displays a report through a web application. ○ Look through each security log daily and email a summary to your team.
*Azure Sentinel* is Microsoft's cloud-based Security Information and Event Management (SIEM). A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats.
Let's assume your company wants to build a new voting kiosk for sales to governments around the world. Q: Which of the following should the company choose to ensure the highest degree of security? ○ IoT Hub ○ IoT Central ○ Azure Sphere
*Azure Sphere* provides the highest degree of security to ensure the device has not been tampered with.
Let's assume your company has a team of remote workers that need to use Windows-based software to develop your company's applications, but your team members are using various operating systems like macOS, Linux, and Windows. Q: Which of the following would best help this scenario? ○ Azure App Service ○ Azure Virtual Desktop ○ Azure Container Instances
*Azure Virtual Desktop* enables your team members to run Windows in the cloud, with access to the required applications for your company's needs.
A new project has several resources that need to be administered together. Q: Which of the following would be a good solution? ○ Azure templates ○ Azure resource groups ○ Azure subscriptions
*Azure resource groups*
Q: How can you ensure employees at your company can access company applications only from approved tablet devices? ○ Single sign-on (SSO) ○ Conditional Access ○ Multifactor authentication
*Conditional Access* enables you to require users to access your applications only from approved or managed devices.
Q: What is elasticity?
*Elasticity* is the ability to automatically add or remove resources (e.g., CPUs, memory, storage, etc.) based on changing application traffic patterns (more customers, more resources; fewer customers, fewer resources).
T/F: An Azure Region Pair is a relationship between two Azure Regions within different geographies for disaster recovery purposes.
*False* An Azure Region Pair is a relationship between two Azure Regions *within the same geography* for disaster recovery purposes.
T/F: Availability Zones are separate data centers that share infrastructure, such as power, networking, cooling, water, etc.
*False* Availability Zones are separate data centers with *independent* power, networking, cooling, water, etc. This is done to eliminate single points of failure and increase fault tolerance for your apps.
T/F: Two virtual machines that use D2d v4 instance will always be billed the same monthly costs?
*False* Because despite having the same instance type, the two VMs may differ on the following specifications: type of OS, region location of each VM, and storage size, type, and transaction. These must always be specified when creating a virtual machine.
T/F: Each data center is separated by hundreds of miles.
*False* Each *region* is separated by hundreds of miles. Within each Azure region, there are 1 to 3 data centers with independent power, cooling, and networking. Some data centers, such as US East and US East 2, are next door to one another in Boydton, Virginia.
T/F: When Microsoft has to perform updates, they perform those updates on the region pair at the same time.
*False* Microsoft performs those updates on one region in the region pair at a time. Once those updates are complete, Microsoft move on to the next region in the region pair.
T/F: For better granularity of permissions and management, it is recommended resource groups be nested to represent an organizational or application hierarchy?
*False* Resource Groups cannot be nested.
T/F: Once created, resources cannot be moved from one resource group to another?
*False* Resources can quickly and easily be moved from one resource group to another.
T/F: Subnets can be nested to provide more granular segmentation of a virtual network.
*False* Subsets cannot be nested.
T/F: The following are properties of a public cloud: ○ Provides the most flexibility ○ Organizations determine where to run their applications ○ Organizations control security, compliance, or legal requirements
*False* The following are properties of a *hybrid cloud*: ○ Provides the most flexibility ○ Organizations determine where to run their applications ○ Organizations control security, compliance, or legal requirements
T/F: The use of Availability Zones protects your app from substantial region-wide outages.
*False* The use of Availability Zones DOES NOT protect your app from more substantial region-wide outages. This is where Azure Region pairing comes in. Both Availability Zones and Region Pairing should be used as part of your organization's disaster recovery and fault tolerance planning.
T/F: To ensure high availability, all Azure services support Availability Zones.
*False* Two types of Azure services support Availability Zones: ○ A Zonal Service (e.g., a VM) only runs in the AZ in which it was created. It is not automatically replicated to other AZs. ○ Zone-redundant services, such as zone-redundant storage and Azure SQL Database, automatically replicate data and configuration across AZs. For example, when deploying a new storage account specifying ZRS as the replication option will enable automatic AZ replication.
T/F: You need to purchase an Azure account before you can use any Azure resources.
*False* You can use a free Azure account or a Microsoft Learn sandbox to create resources.
T/F: Zone-enabled Azure regions must have a minimum of two Availability Zones.
*False* Zone-enabled Azure regions must have a *minimum of three (3)* Availability Zones.
T/F: An Availability Set enables you to deploy two or more Azure services into two distinct data centers within a region.
*False* ○ An *Availability Set* enables you to create two or more virtual machines in different physical server racks within a single data center. ○ You can also deploy your app and/or Azure services to two or three Availability Zones to increase fault tolerance. Each AZ is a data center within a region. Each AZ has its own power source, network, cooling, water, etc.
Q: Which of the following enable you to deploy small pieces of code without worrying about the underlying platform and infrastructure? ○ App Service ○ Virtual Machine Scale Set ○ Functions ○ Kubernetes Service ○ Container Instances
*Functions* Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure. Functions enables you to develop small pieces of code and host them as a web service.
Let's assume your company is building a new solution. The solution's workload will be highly variable. The company wants to minimize costs and doesn't need control over the environment. Q: Which of the following best fits their needs? ○ App Service ○ Kubernetes Service ○ Virtual Machine ○ Functions ○ Container Instances
*Functions* Functions is a serverless web service hosting platform. It scales well and with consumption-based pricing, it is ideal for hosting applications with an unpredictable workload demand. As requests increase, Azure Functions meet the demand with as many resources and function instances as necessary. As requests fall, any extra resources and application instances drop off automatically.
Q: What is the name of the deployment model in which a customer utilizes a combination of its own data center and a cloud provider's infrastructure?
*Hybrid cloud* The definition of hybrid is "a thing made by combining two or more different elements." Combining a public cloud with an on-premises cloud is an example of a hybrid cloud.
Q: According to the shared responsibility model, which cloud service type places the most responsibility on the customer? ○ Infrastructure as a Service (IaaS) ○ Software as a Service (SaaS) ○ Platform as a Service (PaaS)
*Infrastructure as a Service (IaaS)* places the most responsibility on the consumer, with the cloud provider being responsible for only the basics of physical security, power, and connectivity.
Let's assume your company wants to quickly manage its individual IoT devices by using a web-based user interface. Q: Which of the following should it choose? ○ IoT Hub ○ IoT Central ○ Azure Sphere
*IoT Central* quickly creates a web-based management portal to enable reporting and communication with IoT devices.
Q: If you want to run some legacy applications which require specialized infrastructure, which cloud deployment would you choose? ○ Public cloud ○ Private cloud ○ Hybrid cloud
*Private Cloud or possibly Hybrid Cloud* In most cases like this one, you would choose a Private Cloud. However, if there are additional services available in the Public Could that could be used to enhance your legacy apps, a Hybrid Cloud could be useful.
Q: Which of the following cloud deployment models provides the greatest degree of control? ○ Public cloud ○ Private cloud ○ Hybrid cloud
*Private cloud* With a private cloud, you select and manage the physical infrastructure, OSs, middleware, and apps. You control every aspect of the stack.
Q: Which of the following cloud deployment models enables customers to take advantage of high availability, agility, and consumption-based pricing without needing to manage any infrastructure? ○ Public cloud ○ Private cloud ○ Hybrid cloud
*Public cloud*
Q: What is difference between scalability and elasticity?
*Scalable* environments only care about increasing capacity to accommodate an increasing workload. *Elastic* environments automatically add or remove resources (e.g., VMs, memory, storage, etc.) based on changing application traffic patterns (more customers, more resources; fewer customers, fewer resources).
Q: Which of the following can be used to reduce the number of times users must authenticate to access multiple applications? ○ Single sign-on (SSO) ○ Conditional Access ○ Multifactor authentication
*Single sign-on (SSO)* enables a user to remember only one ID and one password to access multiple applications.
Q: Which of the following can help you stay organized and track usage based on metadata associated with resources? ○ Tags ○ Tracers ○ Values
*Tags* enable you to associate metadata with resources to help keep track of resource management, costs and optimization, security, and so on.
Q: What happens to the resources within a resource group when an action or setting at the Resource Group level is applied? ○ Current resources inherit the setting, but future resources don't. ○ Future resources inherit the setting, but current ones don't. ○ The setting is applied to current and future resources.
*The setting is applied to current and future resources.*
T/F: A virtual machine is a software emulation of physical hardware with its own CPU, memory, network interface, and storage. It enables you to emulate multiple virtual computers using a single physical computer.
*True*
T/F: A private cloud can be physically located at your organization's on-site (on-premises) data center, or it can be hosted by a third-party service provider?
*True* A private cloud can be physically located at your organization's on-site (on-premises) data center, or it can be hosted by a third-party service provider.
T/F: Azure Resource Manager (ARM) is a centralized management layer for managing all Azure resources?
*True* All resource requests (create, update, delete) go through the Azure Resource Manager (ARM), regardless of the interface (e.g., web, CLI, or API)
T/F: Azure Virtual Network enables customers to replicate their on-premise networking infrastructure in the cloud.
*True* Azure Virtual Network enables Azure resources to securely communicate with each other, the internet, and on-premises networks. Key scenarios that you can accomplish with a virtual network include: ○ communication of Azure resources with the internet ○ communication between Azure resources ○ communication with on-premises resources ○ filtering network traffic ○ routing network traffic ○ integration with other Azure services
T/F: Each region is paired with another region.
*True* Each Azure region is paired with another region, usually within the same geography. Together they make a regional pair. Brazil South is unique because it's paired with a region outside of its geography. Brazil South's regional pair is South Central US.
T/F: A single resource group can contain resources from different regions?
*True* There is no limitation. Multiple resources from multiple regions may reside to the same resource group.
T/F: Capital Expenditure (CapEx) is money spent upfront on physical infrastructure?
*True* These costs may include servers, storage, networking gear, data center construction, etc.
Let's assume a company wants to migrate its on-premises app to the could without redesigning it. During the assessment, the company discovers the app cannot be containerized. Q: Which of the following should the company choose? ○ App Service ○ Kubernetes Service ○ Virtual Machine ○ Functions ○ Container Instances
*Virtual Machine* Because a VM is simply an emulation of physical hardware, they can accommodate most customer needs. They are often used for "lift-and-shift" scenarios. Other services often require small or major app redesign to support containerization.
Q: Which Azure compute resource can be deployed to manage a set of identical virtual machines? ○ Virtual machine scale sets ○ Virtual machine availability sets ○ Virtual machine availability zones
*Virtual machine scale sets* let you deploy and manage a set of identical virtual machines.
Q: What is a hybrid cloud?
A *hybrid cloud* is a computing environment that combines a public cloud and a private cloud by enabling applications and data to be shared between them.
Q: Which of the following can use biometric properties, such as facial recognition, to enable users to prove their identities? ○ Single sign-on (SSO) ○ Conditional Access ○ Multifactor authentication
Authenticating through *multifactor authentication* can include something the user knows, something the user has, and something the user is.
Q: For which of the following is the Azure Content Delivery Network (CDN) best suited? ○ Even distribution of incoming traffic ○ Storage of flat files in Azure at a low cost ○ Caching and global distribution of web app content to minimize latency of delivery to customers ○ Web app content management
Azure Content Delivery Network (CDN) *caches and distributes web app content* across multiple PoPs (points of presence) worldwide. It enables users to quickly receive content from a nearby location.
Q: Azure SQL Database is an example of which of the following: ○ Software as a Service (SaaS) ○ Platform as a Service (PaaS) ○ Infrastructure as a Service (IaaS)
Azure SQL Database is an example of *Platform as a Service (PaaS)* because Microsoft maintains the underlying SQL Server and VM. Customers need only create tables, upload data, and configure their apps to use the database.
Q: What's the best way to ensure your development team doesn't provision too many virtual machines at the same time? ○ Do nothing. Let the development team use what they need. ○ Apply spending limits to the development team's Azure subscription. ○ Verbally give the development lead a budget and hold them accountable for overages.
If the development team exceeds its *spending limits,* active resources are deallocated. You can then decide whether to increase its limit or provision fewer resources.
Q: Operational Expenditures (OpEx) can be claimed as tax deductions __________?
Operational Expenditures (OpEx) can be claimed as tax deductions *in the same year.*
Q: Which is the best first step you should take to compare the costs of running your apps on Azure versus in your own data center? ○ They're just test environments. Spin them up and check the bill at the end of the month. ○ Assume that running in the cloud costs about the same as running in the data center. ○ Run the Total Cost of Ownership (TCO) Calculator.
Running the *Total Cost of Ownership (TCO) Calculator* is a great first step because it can provide an accurate comparison of running workloads in the data center versus on Azure, certified by an independent research company.
Q: SQL Server installed on a virtual machine is an example of which of the following: ○ Software as a Service (SaaS) ○ Platform as a Service (PaaS) ○ Infrastructure as a Service (IaaS)
SQL Server installed on a virtual machine is an example of *Infrastructure as a Service (IaaS).*
Q: Which of the following enables even traffic distribution across multiple services? ○ Azure Virtual Machine ○ Virtual Network Gateway ○ Azure Load Balancer ○ Azure Application Gateway ○ Azure Content Delivery Network
The *Azure Load Balancer* can be used to evenly distributed TCP/UDP network traffic. The *Azure Application Gateway* can be used to evenly distribute HTTP/S (web app) network traffic.
Q: What's the best method to estimate the cost of migrating to the cloud while incurring minimal costs? ○ Migrate a small sample to the cloud and track costs over time. ○ Use the Total Cost of Ownership (TCO) Calculator to estimate expected costs. ○ Migrate to the cloud, but track usage closely using tags to rapidly understand costs.
The *Total Cost of Ownership (TCO) Calculator* lets you input your current infrastructure and requirements and provides you an estimate for running in the cloud.
Let's assume you have some service in your on-premise data center and decide to utilize some additional Azure Virtual Machines. You need to build a unified networking infrastructure between your on-premise network and Azure. Q: Which of the following enables you to securely connect your network to Azure? ○ Azure Virtual Network ○ Virtual Private Network (VPN) Gateway ○ Azure Load Balancer ○ Azure Application Gateway ○ Azure Subnet ○ vNet Peering
The *Virtual Private Network (VPN) Gateway* enables you to securely connect your on-premise network to Azure through a site-to-site VPN over the public internet.
Q: Which of the following cloud models use some data centers focused on providing cloud services to anyone that wants them, and some data centers that are focused on a single customer? ○ Public cloud ○ Hybrid cloud ○ Multi-cloud
The *hybrid cloud* model is a combination of public cloud and private cloud, using both data centers dedicated solely to one customer and data centers that are shared with the public.
Q: Which of the following is not a feature of Cloud computing? ○ Faster innovation ○ A limited pool of services ○ Speech recognition and other cognitive services
The cloud offers a *nearly limitless pool* of raw compute, storage, and networking components to help you deliver innovative and novel user experiences quickly.
Q: Which is the most efficient way for the testing team to save costs on virtual machines on weekends when testers are not at work? ○ Delete the virtual machines before the weekend and create a new set the following week. ○ Deallocate virtual machines when they're not in use. ○ Just let everything run. Azure bills you only for the CPU time that you use.
When you *deallocate virtual machines*, the associated hard disks and data are still kept in Azure. But you don't pay for CPU or network consumption, which can help save costs. Stopped(Allocated) is simply the "Powered off" state. Azure keeps the hardware reserved so you can immediately resume using your VM. Since the hardware is still reserved, you are billed. VMs must be *Stopped(Deallocated)* to prevent billing.
Q: What is scaling out?
When you *scale out*, you add additional computers or VMs. Typically, each additional computer or VM you add is identical to the previous ones serving your app. Scaling out provides additional resources so your app can handle an increased workload (e.g., traffic, transactions, etc.).
Q: What is scaling up?
When you *scale up* (sometimes call vertical scaling), you move your app to a more powerful computer or VM with faster and/or additional resources, such as a faster CPU, more memory, and more and faster storage (HDD vs SSD).
Q: How can you enforce having only certain applications run on your virtual machines (VMs)? ○ Connect your VMs to Azure Sentinel. ○ Create an application control rule in Azure Security Center. ○ Periodically run a script that lists the running processes on each VM. You can then shut down any applications that shouldn't be running.
With *Azure Security Center*, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs.