AZ-900 Combined
To what should an application connect to retrieve security tokens?
Azure AD
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.Which Azure service should you use?
Azure AD Identity Protection
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.You need to recommend a storage solution for the data.Which two solutions should you recommend?
Azure Data Lake Azure SQL Data Warehouse
A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run WindowsServer 2016 and 20 of the virtual machines run Ubuntu Linux.You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.
Azure DevTest Labs
Which Azure service should you use to store certificates?
Azure key vault
((Resource groups)) provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Azure policies
A support engineer plans to perform several Azure management tasks by using the Azure CLI.You install the CLI on a computer.You need to tell the support engineer which tools to use to run the CLI.Which two tools should you instruct the support engineer to use?
Command Prompt Windows PowerShell
You need to configure an Azure solution that meets the following requirements:✑ Secures websites from attacks✑ Generates reports that contain details of attempted attacks. What should you include in the solution?
DDoS protection
Which cloud deployment solution is used for Azure virtual machines?
IaaS
A PaaS solution that hosts web apps in azure provides full control of the operating systems that host applications. (y/n)
No
Which cloud deployment solution is used for Azure SQL databases?
PaaS
You plan to migrate a web application to Azure. The web application is accessed by external users.You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.What should you include in the recommendation?
PaaS
Which two types of customers are eligible to use Azure Government to develop a cloud solution?
US gov entity US gov contractor
A PaaS solution that hosts web apps in azure provides professional development services to continuously add features to custom applications (y/n)
Yes
A PaaS solution that hosts web apps in azure provides the ability to scale the platform automatically (y/n)
Yes
You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.What should you create?
a files service in a storage account
You have a resource group named RG1.You plan to create virtual networks and app services in RG1.You need to prevent the creation of virtual machines only in RG1.What should you use?
a lock
You have an on-premises application that sends email notifications automatically based on a rule.You plan to migrate the application to Azure.You need to recommend a serverless computing solution for the application.What should you include in the recommendation?
a logic app
Your company plans to migrate all its network resources to Azure.You need to start the planning process by exploring Azure.What should you create first?
a subscription
You have an Azure environment that contains multiple Azure virtual machines.You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.You need to recommend which Azure resources must be created for the planned solution.Which two Azure resources should you include in the recommendation
a virtual network a gateway subnet
Your company plans to move several servers to Azure.The company's compliance policy states that a server named FinServer must be on a separate network segment.You are evaluating which Azure services can be used to meet the compliance policy requirements.Which Azure solution should you recommend?
a virtual network for finserver and a virtual network for the others
You need to identify the type of failure for which an Azure availability zone can be used to protect access to Azure services.What should you identify?
an Azure data center failure
Your company has an Azure environment that contains resources in several regions.A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.You need to create the Azure resource that must be used to meet the policy requirement.What should you create?
an azure policy
Azure Germany can be used by ((legal residents of Germany only.))
any user or enterprise that requires its data to reside in Germany
((Authorization)) is the process of verifying a user's credentials.
authentication
provides a digital online assistant that provides speech support
azure AI bot
You have an Azure web app.You need to manage the settings of the web app from an iPhone.What are two Azure management tools that you can use?
azure CLI azure cloud shell
an open-source framework for the distributed processing and analysis of big data sets in clusters
azure HDInsights
processes data from millions of sensors
azure IoT hub
can run massively parallel data transformation and processing programs across petabytes of data
azure SQL data warehoues
a cloud-based service that leverages massively parallel processing to quickly run complex queries across petabytes of data in a relational database
azure SQL data warehouse
a managed relational cloud database service
azure SQL database
From ((Azure Monitor)), you can view which user turned off a specific virtual machine during the last 14 days.
azure activity log
enforce azure mfa based on a condition
azure ad identity protection
monitors threats by using sensors
azure advanced threat protection
hosts web app
azure app services
detects and diagnoses anomalies in web apps
azure application insights
You plan to implement an Azure database solution.You need to implement a database solution that meets the following requirements:✑ Can add data concurrently from multiple regions✑ Can store JSON documentsWhich database service should you deploy?
azure cosmos database
a big data analysis service for machine learning
azure databricks
provides server less computing functionalities
azure functions
provides the platform for server less code
azure functions
Your company implements ((Azure policies)) to automatically add a watermark to Microsoft Word documents that contain credit card information.
azure information protection
Your company plans to automate the deployment of servers to Azure.Your manager is concerned that you may expose administrative credentials during the deployment.You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.What should you include in the recommendation?
azure key vault
Which Azure service should you use to correlate events from multiple resources into a centralized repository?
azure log analytics
uses past trainings to provide predictions that have high probability
azure machine learning
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.What should the company use to build, test, and deploy predictive analytics solutions?
azure machine learning studio
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1?
azure monitor
Your company plans to deploy several million sensors that will upload data to Azure.You need to identify which Azure resources must be created to support the planned solution.Which two Azure resources should you identify
azure queue storage azure IoT hub
Your company has several business units.Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.You need to recommend a solution to automate the creation of the Azure resources.What should you include in the recommendations?
azure resource management templates
((Azure policies provide)) a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
azure resource manager provides
You plan to create an Azure virtual machine.You need to identify which storage service must be used to store the data disks of the virtual machine.What should you identify?
blobs
When you are implementing a software as a service (SaaS) solution, you are responsible for ((configuring high availability.))
configuring the SaaS solution
You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files.You need to recommend which Azure feature must be used to provide the best video playback experience.What should you recommend?
content delivery network
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits.What should you do to increase the limits?
create a new support request
You create a resource group named RG1 in Azure Resource Manager.You need to prevent the deletion of the resources in RG1.Which setting should you use
delete lock
a cloud service that can be recovered after it occurs
disaster recovery
What can Azure Information Protection encrypt?
documents and email messages
a cloud service that performs quickly when it increases
dynamic scalability
Your company hosts an accounting named App1 that is used by all the customers of the company.App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?
elasticity
You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation?
fault tolerance
a cloud service that remains available after it occurs
fault tolerance
An organization that hosts its infrastructure ((in a private cloud)) can decommission its data center.
in the public cloud
You plan to extend your company's network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.You need to create an Azure resource that identifies the VPN appliance.Which Azure resource should you create
local network gateways
a cloud service that can be accessed quickly to the internet
low latency
What are two characteristics of the public cloud?
metered pricing, self-service management
You plan to deploy several Azure virtual machines.You need to control the ports that devices on the Internet can use to access the virtual machines.What should you use?
network security group
Your company plans to deploy several web servers and several database servers to Azure.You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.What should you include in the recommendation?
network security groups
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.Does this meet the goal?
no
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.Does this meet the goal?
no
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.Solution: You use the PowerApps portal.Does this meet the goal?
no
You have an Azure environment.You need to create a new Azure virtual machine from an Android laptop.Solution: You use Bash in Azure Cloud Shell (y/n)
no
You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to two or more regions.Does this meet the goal? (y/n)
no
You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to two or more scale sets.Does this meet the goal? (y/n)
no
Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify a DDoS protection plan. Does this solution work?
no
Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify an Azure Traffic Manager profile. Does this solution work?
no
Your company plans to migrate all its data and resources to Azure.The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that supports the planned migration.Solution: You create an Azure App Service and Azure Storage accounts.Does this meet the goal?
no
Your company plans to migrate all its data and resources to Azure.The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that supports the planned migration.Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.Does this meet the goal?
no
a network security group will encrypt all the network traffic sent from azure to the internet (y/n)
no
all data that is copied to an azure storage account is backed up automatically to another azure data center (y/n)
no
all the azure resources deployed to a single resource group must share the same azure region (y/n)
no
an azure storage account can contain up to 2TB of data and up to one million files (y/n)
no
authorization to access azure resources can be provided only to azure AD users (y/n)
no
availability zones are used to replicate data and applications to multiple regions (y/n)
no
azure VMs that run windows server 2016 can encrypt the network traffic sent from the VMs to a host on the internet (y/n)
no
azure advisor provides recommendations on how to configure the network settings on azure VMs (y/n)
no
azure advisor provides recommendations on how to improve the security of an azure ad environment (y/n)
no
azure advisory can generate a list of azure VMs that are protected by azure backup (y/n)
no
azure firewall will encrypt all the network traffic sent from azure to the internet (y/n)
no
azure resources can only access other resources in the same resource group (y/n)
no
from azure service health, an admin can prevent a service failure from affecting a specific VM (y/n)
no
if you assign a tag to a resource group, all the azure resources in that resource group are assigned to the same tag (y/n)
no
if you create 2 azure VMs that use the B2S size, each vm will always generate the same monthly cost (y/n)
no
if you have azure resources deployed to every region, you can implement availability zones in all the regions (y/n)
no
if you implement the security recommendations provided by azure advisor, your company's secure score will decrease (y/n)
no
if your company uses an azure free account, you will only be exposed to a subnet of azure services (y/n)
no
in a public cloud model, only guest users at your company can access the resources in the cloud (y/n)
no
in a public cloud model, only guest users in your company can access the resources in the cloud (y/n)
no
only VMs that run windows server can be created in availability zone (y/n)
no
to achieve a hybrid cloud model, a company must always migrate from a private cloud model (y/n)
no
to implement a hybrid cloud model, a company must always migrate from a private cloud model (y/n)
no
to maintain MS support, you must implement the security recommendations provided by azure advisor within a period of 30 days (y/n)
no
you can create up to 10 azure free accounts by using the same MS account (y/n)
no
You have an Azure virtual network named VNET1 in a resource group named RG1.You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 ((is deleted automatically.))
no change is needed
((Azure Key Vault)) is used to store secrets for Azure Active Directory (Azure AD) user accounts.
no change needed
After you create a virtual machine, you need to modify the network security group (NSG) to allow connections from TCP port 8080 to the ((virtual machine.))
no change needed
An Azure region contains one or more data centers that are connected by using ((a low-latency network.))
no change needed
One of the benefits of Azure SQL Data Warehouse is that ((high availability)) is built into the platform.
no change needed
When planning to migrate a public website to Azure, you must plan to ((pay monthly usage costs.))
no change needed
You have an application that is comprised of an Azure web app that has a Service Level Agreement (SLA) of 99.95 percent and an Azure SQL database that has an SLA of 99.99 percent.The composite SLA for the application is ((the product of both SLAs, which equals 99.94 percent.))
no change needed
You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must be ((deployed to a separate virtual network.))
no change needed
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.You need to limit the amount of inbound traffic to all the Azure virtual networks.What should you create?
one azure firewall
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.You need to identify which expenditure model to use for the planned Azure solution.Which expenditure model should you identify?
operational
You have an on-premises network that contains 100 servers.You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.What should you include in the recommendation?
private cloud
Your company has an on-premises network that contains multiple servers.The company plans to reduce the following administrative responsibilities of network administrators:✑ Backing up application data✑ Replacing failed server hardware✑ Managing physical server security✑ Updating server operating systems✑ Managing permissions to shared documentsThe company plans to migrate several servers to Azure virtual machines.You need to identify which administrative responsibilities will be reduced after the planned migration.Which two responsibilities should you identify?
replacing failed server hardware managing physical server security
When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same ((Azure region.))
resource group
What should you use to evaluate whether your company's Azure environment meets regulatory requirements?
security center blade in the azure portal
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.You need to recommend a solution to minimize the impact on users after the planned migration.What should you recommend?
sync all AD user accounts to azure AD
If a resource group named RG1 has a delete lock, ((only a member of the global administrators group can delete RG1.))
the delete lock must be removed before an administrator
You plan to migrate several servers from an on-premises network to Azure.You need to identify the primary benefit of using a public cloud service for the servers.What should you identify?
the public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud
Your company plans to migrate all on-premises data to Azure. You need to identify whether Azure complies with the company's regional requirements.What should you use?
the trust center
You have several virtual machines in an Azure subscription. You create a new subscription. ((The virtual machines cannot be moved to the new subscription.))
they can
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed (y/n)
yes
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.Solution: You use PowerShell in Azure Cloud Shell.Does this meet the goal?
yes
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.Solution: You use the Azure portal.Does this meet the goal?
yes
You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to two or more availability zones.Does this meet the goal? (y/n)
yes
Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify an Azure firewall.Does this solution work?
yes
Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that supports the planned migration. Solution: You create an Azure App Service and Azure SQL databases .Does this meet the goal?
yes
a company can extend the computing resources of its internal network by using the public cloud (y/n)
yes
a company can extent the capacity of its internal network by using the public cloud (y/n)
yes
a resource group can contain resources from multiple azure regions (y/n)
yes
all azure free accounts expire after a specific period (y/n)
yes
azure advisor provides recommendations on how to reduce the cost of running azure Vms (y/n)
yes
azure has built-in authentication and authorization services that provide secure access to azure resources (y/n)
yes
azure provides flexibility between capex and opex (y/n)
yes
data that is copied to an azure storage account is maintained automatically in at least 3 copies (y/n)
yes
from azure service health, an admin can create a rule to be alerted if an azure service fails (y/n)
yes
from azure service health, an admin can view the health of all services deployed to an azure environment, and all the other services available in azure (y/n)
yes
identities stored in azure ad, third party cloud services, an on-prem AD can be used to access azure resources (y/n)
yes
if you delete a resource group, all the resources in the group will be deleted (y/n)
yes
if you set permissions to a resource group, all the azure resources in that resource group inherit the permissions (y/n)
yes
when an azure vm is stopped you continue to pay storage costs associated to the vm (y/n)
yes