AZ900 Azure Fundamentals Practice Questions

ACG - You need to protect emails, documents and important data that will be shared outside your company. What Azure service should you use? A) Azure Artifacts B) Azure Information Protection C) Azure Data Box D) Azure Pipelines

B) Azure Information Protection Azure Information Protection allows you to protect emails, documents and other data and define who can access the information and what they can do with it. Azure Artifacts is a developer tool for managing source code packages. Azure Pipelines is a developer tool for continuous deployment. Azure Data Box is a physical box for transferring data Further information: https://azure.microsoft.com/en-au/services/information-protection/

ACG - Which of the following services would be considered Software-as-a-Service (SaaS)? (Choose 2) A) Office 365 B) Kubernetes C) Azure Active Directory D) Virtual Machines

A and C Azure Active Directory and Office 365 are considered as SaaS due to the level of provider responsibility. Virtual Machines are defined as IaaS as you hold responsibility for everything from the operating system upwards in the shared responsibility model, with Kubernetes defined as PaaS. Further information: https://azure.microsoft.com/en-gb/overview/what-is-saas/ https://azure.microsoft.com/en-gb/overview/what-is-paas/ https://azure.microsoft.com/en-gb/overview/what-is-iaas/

ACG - What types of data does Azure Monitor collect? (Choose 2) A) Subscription monitoring data B) Only activity logs C) Only metrics D) Physical hardware data E) Metrics and activity logs

A and E Azure Monitor collects two broad types of data: metrics and logs. Within these data types sits subscription monitoring data. Physical hardware data is not collected by Azure Monitor. Further information: https://docs.microsoft.com/en-us/azure/azure-monitor/overview

ACG - Which of the following is an Azure compute service? A) Azure Functions B) Azure SQL Database C) Azure Advisor D) Azure Data Factory

A) Azure Functions Azure Functions is the only Azure compute service in the provided options. Azure Functions is a managed Function as a Service (FaaS) offering, providing the ability to run small pieces of code called functions in the cloud. Further information: https://docs.microsoft.com/en-gb/azure/architecture/guide/technology-choices/compute-decision-tree

MSFT - Apply and monitor infrastructure standards with Azure Policy Where can you obtain details about the personal data Microsoft processes, how Microsoft processes it, and for what purposes? A) Microsoft Privacy Statement B) Compliance Manager C) Azure Service Health D) Trust Center

A) Microsoft Privacy Statement You can obtain the details about how Microsoft uses personal data in the Microsoft Privacy Statement.

ACG - A Service Level Agreement (SLA) is? A) Microsoft's commitment for uptime and connectivity B) An agreement between Microsoft and the Client detailing the schedule of new service releases C) A Microsoft agreement ensuring you the Client will pay service charges D) A document explaining Microsoft Cloud Security

A) Microsoft's commitment for uptime and connectivity The Service Agreement by Microsoft describes the commitment to the customer on uptime and connectivity availability for Azure services. Most but not all Azure services have a financially backed guarantee. Further information: https://azure.microsoft.com/en-gb/support/legal/sla/ https://azure.microsoft.com/en-gb/support/legal/sla/summary/

ACG - What kind of service architecture is Azure DevOps? A) PaaS B) SaaS C) IaaS D) On-premises E) Serverless

A) PaaS Azure DevOps is a PaaS solution, where you manage the platform and the services on it, but not the infrastructure. Further information: https://azure.microsoft.com/en-au/services/devops/

MSFT - Predict costs and optimize spending for Azure Azure Cost Management allows you to _________. A) See historical breakdowns of what services you are spending your money on. B) See estimates of what your services might cost if you make a change.

A) See historical breakdowns of what services you are spending your money on. Cost Management analyzes where you are historically spending your money and can track it against budgets you have set.

ACG - What methods are available to connect to the Azure Public Cloud? (Choose 3) A) Client or Site to Site VPN B) Physically at the Azure datacentre C) Express Route D) Over the internet

A, C, D The methods to connect to the Azure Public Cloud are over the internet to public endpoints, via site or client VPN's to devices you configure in the Cloud environment or through a dedicated connection such as Express Route. As a customer it is not possible to connect directly into the environment whilst being physically at the datacentre. Further information: https://azure.microsoft.com/en-gb/product-categories/networking/

ACG - What are the advantages of using a database for storing data? (Choose 2) A) Databases are more secure for storing data than regular Azure Storage. B) You can store more data in less space due to the compression algorithms used by databases. C) It is a very powerful way of getting the data out in exactly the format you want. D) It is a much cheaper option than using regular Azure Storage. E) The data is sorted for you when it is inserted. F) You can manage access to data in a database more granularly than for any other type of storage.

C and E The power of a database is how the data is sorted and indexed, as well as the flexibility in how to get the data out again. Databases are not cheaper, more secure or more space efficient than other types of storage. Further information: https://azure.microsoft.com/en-au/services/sql-database/

ACG - What is the best explanation for an address space on a Virtual Network? A) The range of external IP addresses that can access a Virtual Network on Azure. B) The range of Azure services that can connect to any particular Virtual Network. C) A range of IP addresses that are available to the Virtual Network for connected services. D) A Virtual Network needs to register an address space with Azure for use for your account. This address space is managed by Microsoft.

C) A range of IP addresses that are available to the Virtual Network for connected services. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

MSFT - Control and organize Azure resources with Azure Resource Manager Which of the following would be the most efficient way to ensure a naming convention was followed across your subscription? A) Send out an email with the details of your naming conventions and hope it is followed B) Create a policy with your naming requirements and assign it to the scope of your subscription C) Give all other users except for yourself read-only access to the subscription. Have all requests to create resources sent to you so you can review the names being assigned to resources, and then create them.

B) Create a policy with your naming requirements and assign it to the scope of your subscription

MSFT - Create an Azure account: Your billing is based on your usage of Azure resources and is invoiced ______________ A) Annually B) Monthly C) Daily

B) Monthly Azure usage is billed monthly.

MSFT - Control and organize Azure resources with Azure Resource Manager Which of the following is not a feature of resource groups? A) Resources can be in only one resource group. B) Resources can be moved from one resource group to another resource group. C) Resource groups can be nested. D) Role-based access control can be applied to the resource group.

C) Resource groups can be nested.

ACG - How many tenants can a user in Azure Active Directory belong to? A) It depends on the Azure subscription type. B) There is no limit. C) One main tenant and two child tenants. D) One.

D) One. A user on Azure is always a member of one Azure Active Directory tenant. Further information: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-create-new-tenant

MSFT - Apply and monitor infrastructure standards with Azure Policy Which Azure service allows you to configure fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs? A) Locks B) Policy C) Initiatives D) Role-based Access Control

D) Role-based Access Control Role-based access control (RBAC) provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs. RBAC is provided at no additional cost to all Azure subscriber.

ACG - What is "serverless" computing? A) An application that is running on the cloud platform without the use of servers. B) A theory for making computing completely cloud-based for certain scenarios. C) A simpler version of Platform-as-a-Service. D) When all servers for a solution are abstracted away and managed by someone else.

D) When all servers for a solution are abstracted away and managed by someone else. Serverless computing solutions provide a simple way to create manageable and scalable solutions at low costs. There is always a server somewhere to run your application, but you don't control it. Serverless is a kind of extreme PaaS. Further information: https://azure.microsoft.com/en-au/solutions/serverless/

ACG - What are the main components of an Azure VPN Gateway setup? (Choose 3) A) An on-premises network with a complimentary gateway that can accept the encrypted data. B) The VPN Gateway must be attached to an Azure Virtual Network. C) An Azure Load Balancer to distribute the traffic between on-premises and Azure correctly. D) A secure connection, called a tunnel, which encrypts the traffic sent through it. E) A static backend pool of VMs that can be targeted as traffic builds up. F) An Azure Storage account for storing any requests that can't be delivered immediately.

A, B and D What are the main components of an Azure VPN Gateway setup? (Choose 3) An on-premises network with a complimentary gateway that can accept the encrypted data. The VPN Gateway must be attached to an Azure Virtual Network. An Azure Load Balancer to distribute the traffic between on-premises and Azure correctly. A secure connection, called a tunnel, which encrypts the traffic sent through it. A static backend pool of VMs that can be targeted as traffic builds up. An Azure Storage account for storing any requests that can't be delivered immediately. https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

MSFT - Core Cloud Services - Manage services with the Azure portal: Azure Advisor provides advice on which of these topics: A) Creating an Azure account B) Best practices and security for your services C) Using the Azure portal effectively

B) Best practices and security for your services Azure Advisor is a free service built into Azure that provides recommendations on high availability, security, performance, and cost.

MSFT - Predict costs and optimize spending for Azure Which one of these is not a cost-saving solution? A) Deallocate virtual machines during off hours. B) Use Azure Reserved Virtual Machine Instances. C) Load balance your virtual machines for incoming messages. D) Right-size underutilized virtual machines.

C) Load balance your virtual machines for incoming messages. Load balancing is used for performance optimization not cost savings.

ACG - To access the Azure Cloud Shell (>_), what do you need to do? A) The Cloud Shell is not accessible from the Azure Portal B) Select the icon (>_) in the list on the left menu of the Azure Portal C) Select the icon (>_) in the top menu of the Azure Portal D) Type 'Open Cloud Shell' in the Azure Portal search bar

C) Select the icon (>_) in the top menu of the Azure Portal The Azure Cloud Shell is accessible by selecting the (>_) button in the top menu of the Azure Portal (https://portal.azure.com). Further information: https://portal.azure.com

ACG - The Angry Llamas corporation has asked you to implement a solution that will monitor users in their on-premises environment and their behavior, to make sure any suspicious behavior is caught. What is a solution to do this? A) Use Azure Information Protection to monitor, analyse and profile user behavior, and raise alerts if unusual behavior is detected. B) Use the alert feature in Azure Active Directory to monitor user behavior and raise alerts for anything out of the ordinary. C) Use Advanced Threat Protection to monitor, analyse and profile user behavior, and raise alerts if unusual behavior is detected. D) Use an Azure Firewall to monitor the traffic entering the network and the Azure services attached to it.

C) Use Advanced Threat Protection to monitor, analyse and profile user behavior, and raise alerts if unusual behavior is detected. Advanced Threat Protection monitors user behavior, and if there is something out of the ordinary you will get an alert. Azure Information Protection protects documents and emails. Azure Firewall only protects the traffic that comes into a network. Further information: https://azure.microsoft.com/en-au/features/azure-advanced-threat-protection/

MSFT - Control and organize Azure resources with Azure Resource Manager Which of the following might be a good usage of tags? A) Using tags to associate a cost center with resources for internal chargeback B) Using tags in conjunction with Azure Automation to schedule maintenance windows C) Using tags to store environment and department association D) All of the above are good ways to use tags

D) All of the above are good ways to use tags

ACG - You are in a client meeting with a customer. They would like to run their website in Azure App Service as in the past they have lost business due to their own platform not being able to adapt quickly enough to customer demand. Which App Service feature will this customer benefit from? A) Staging Slots B) Azure Compute Units C) Traffic Manager D) Autoscale

D) Autoscale Autoscale provides the capability to dynamically change the level of resources running the application. An example of this would be to scale your web app so that it runs on additional instances as the load to your application increases. Further information: https://docs.microsoft.com/en-gb/azure/azure-monitor/platform/autoscale-get-started

ACG - You are developing a web application which will be used to stream videos. Which of the following Azure storage types are best suited to this use case? A) Azure Queue storage B) Azure Files C) Disk storage D) Azure Blob storage

D) Azure Blob storage Azure Blog storage is an object-based storage service ideal for storing large amounts of unstructured data, including video streams. It can be accessed via HTTP and HTTPS or via a variety of client libraries. Azure Files provides network file shares using the Server Message Block (SMB) protocol, or via a URL. This storage is suitable for storing files, but not streaming video. Azure Queue is used to store messages which different parts of an application architecture can use to communicate. It is not suitable for streaming or storage of large files. Disk storage provides a managed virtual hard disk in the cloud, but is not suited to streaming. Further information: https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction

ACG - You want to get started in Artificial Intelligence on Azure using a visual workspace. Which service should you use? A) Azure Machine Learning service B) Azure Cognitive Services C) Microsoft Machine Learning Server D) Azure Machine Learning Studio

D) Azure Machine Learning Studio Azure Machine Learning Studio provides a drag-and-drop visual interface for machine learning using preconfigured algorithms. Azure Machine Learning service is a managed cloud service for machine learning where you can train, deploy, and manage models in Azure using Python and CLI. Azure Cognitive Services is a set of APIs that enable you to build apps that use natural methods of communication. Further information: https://docs.microsoft.com/en-us/azure/architecture/data-guide/technology-choices/data-science-and-machine-learning

MSFT - Apply and monitor infrastructure standards with Azure Policy Which of the following services provides up-to-date status information about the health of Azure services? A) Compliance Manager B) Azure Monitor C) Service Trust Portal D) Azure Service Health

D) Azure Service Health Azure Service Health is the correct answer, because it provides you with a global view of the health of Azure services. With Azure Status, a component of Azure Service Health, you can get up-to-the-minute information on service availability.

ACG - Which of the following is a Software as a Service (SaaS) solution? A) Azure Functions B) Azure App Service C) Azure SQL Databases D) Microsoft Office 365

D) Microsoft Office 365 Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet such as email or Microsoft Office 365. SaaS provides a complete software solution that you rent on a pay-as-you-go basis. Azure SQL Databases and Azure App Service are Platform as a Service (PaaS) solutions. Azure Functions is a Function as a Service (FaaS) solution. Further information: https://azure.microsoft.com/en-au/overview/what-is-saas/

ACG - What is the aim of using Azure Functions in a serverless architecture on Azure? A) Improve performance and splitting up data processing into many smaller parts. B) Be into the latest and greatest. All the cool kids are doing serverless. C) To get rid of virtual machines, as they are slow and costly. D) To have each function do a single task, which enables high performance and separation of application responsibilities.

D) To have each function do a single task, which enables high performance and separation of application responsibilities. Azure Functions are great at doing a single task over and over again without you having to worry about the infrastructure. Further information: https://azure.microsoft.com/en-au/services/functions/

MSFT - Predict costs and optimize spending for Azure Which one of the following systems is used to determine Azure costs for each billing period? A) The Azure website B) Number of created virtual machines C) The Azure pricing calculator D) Usage meters

D) Usage meters Correct. Azure is billed according to your consumption based on monthly usage meters.

ACG - What do you use to make sure that users of your application are who they say they are? A) Azure Regions. B) Azure Subscriptions. C) Azure Active Directory. D) Authorization E) Authentication

E) Authentication Authentication is confirming users are who they say they are. Authentication is granting them access to features and areas once authenticated. Azure Active Directory is used to manage the users in your Azure account. Azure Subscriptions are billing entities for all your Azure services, and Azure Regions are geographical regions for where your services are hosted. Further information: https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

ACG - Which statements are true about Azure Key Vault? (Choose 2) A) Access to secrets and passwords can be granted or denied very fast and as needed. B) Access to a secret can be passed between third party apps, if authorized in the Azure Portal. C) You can share a password with a third party to use, without ever revealing the password itself. D) Azure Key Vault removes the need for passwords in your services. E) Azure Key Vault defines security policies for Azure services.

A and C Azure Key Vault is a secure place to store passwords and other secrets. Once stored, you can never retrieve the actual value, but you can share access to the value with other third party clients and other Azure services. You can also restrict or deny access easily and quickly, should it be necessary. Further information: https://azure.microsoft.com/en-au/services/key-vault/ https://docs.microsoft.com/en-au/azure/key-vault/

ACG - Which of the following is an Azure IoT software-as-a-service solution? A) Azure IoT Cloud B) Azure IoT Manager C) Azure Device Farm D) Azure IoT Hub E) Azure IoT Central

Azure IoT Central is a Software-as-a-Service (SaaS) solution that provides pre-made Internet of Things (IoT) connections and dashboards to get set up quickly. Azure IoT Hub is a Platform-as-a-Service solution that provides more control over IoT data collection and processing. Azure Device Farm, Azure IoT Manager and Azure IoT Cloud are not valid services. Further information: https://docs.microsoft.com/en-in/azure/iot-central/core/overview-iot-central

ACG - What is the service for managing privacy on Azure called? A) Azure Privacy Center. B) It depends on your subscription level. C) Azure User Safety Portal. D) Azure Privacy Portal. E) There isn't a single service, as privacy is part of every service on Azure.

E) There isn't a single service, as privacy is part of every service on Azure. Privacy is a core component of each and every Azure service, so there isn't a single service. All products are built with privacy as a first class citizen. Further information: https://azure.microsoft.com/en-au/overview/trusted-cloud/privacy/

MSFT - Control and organize Azure resources with Azure Resource Manager Which of the following would be good to put a resource lock on? A) An ExpressRoute circuit with connectivity back to your on-premises network B) A non-production virtual machine used to test occasional application builds C) A storage account used to temporarily store images processed in a development environment

A) An ExpressRoute circuit with connectivity back to your on-premises network

ACG - You are asked to identify the benefits of using a serverless solution with Azure Functions. Which of the following are benefits of Azure Functions? (Choose 2) A) No infrastructure to manage B) No execution timeouts C) Automatic scalability D) Always running

A and C Serverless computing with Azure Functions enables developers to build applications faster by eliminating the need for them to manage infrastructure. With Azure Functions, Azure automatically provisions, scales and manages the infrastructure required to run the code. Azure Functions are triggered by events and run for only a short period of time so are not always running. Further information: https://azure.microsoft.com/en-au/overview/serverless-computing/

ACG - What services does Azure App Service provide? (Choose 2) A) API App B) KMS App C) Web App D) IOT App

A and C The main features of Azure App Service are to provide Web Apps, Web Apps for Containers and API Apps. In addition, Mobile Apps can be created through the Web App service. Web Apps can be built using popular frameworks such as .NET, .NET Core, Java, Node.js, Python, PHP and Ruby which then runs on either Windows or Linux. Further information: https://azure.microsoft.com/en-gb/services/app-service/

ACG - In which scenario would you use an Application Gateway? (Choose 2) A) For incoming traffic, to make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers. B) To manage the IP addresses for an Azure Subscription and to ensure only secure traffic is allowed. C) To send encrypted traffic between an Azure Virtual Network and an on-premises location over the public Internet. D) If traffic with specific properties that needs to be processed by a particular VM. E) To make sure the connection from a Virtual Network to the Internet is secure.

A and D An application gateway is similar to a load balancer, but can redirect traffic based on attributes in the HTTP request, the request coming in from the internet. You can have a VM handling video, one handling images and so on. Application Gateways do not handle traffic security, nor manage any Virtual Networks. Further information: https://docs.microsoft.com/en-us/azure/application-gateway/overview

ACG - Which features are in Azure Cost Management? (Choose 2) A) Visualize current costs for your Azure account. B) Recommendations to move services between Azure regions to save on cost. C) Automatic shutdown of services that haven't been used for a set period of time. D) Visualize future costs for your Azure account. E) Potential discounts through gamification of using best practices.

A and D Azure Cost Management is a part of the Azure Portal that can visualize your current and future costs. It also includes tools for financial governance to make sure you don't get unexpected costs from incorrect use of Azure resources. There are no discounts, gamification, or automatic shutdown services. Further information: https://azure.microsoft.com/en-au/services/cost-management/ https://docs.microsoft.com/en-au/rest/api/cost-management/

ACG - What command-line environments are available for use in the Azure Cloud Shell? (Choose 2) A) Bash B) MS-DOS C) Windows D) PowerShell

A and D The Azure Cloud Shell supports the Bash and PowerShell command-line environments. MS-DOS and Windows are Operating Systems and are therefore not valid options. Further information: https://azure.microsoft.com/en-au/features/cloud-shell/

ACG - Which problem does adding a load balancer solve? (Choose 2) A) When there is too much data for a single VM to handle, a load balancer can distribute traffic to many VMs. B) A load balancer ensures that the load is evenly distributed between 2-5 Virtual Machines. C) When a Virtual disk is running out of space on a Virtual Machine the incoming data can be directed to another Virtual Machine to manage the load. D) A load balancer manages the connections from the Internet to a single Virtual Machine to ensure there is no overload. E) If traffic with specific properties needs to be processed by a particular VM, a load balancer can manage this.

A and E A load balancer sits in front of two or more Virtual Machines to manage, and balance, the load to the Virtual Machines. This can be based on amount of incoming traffic or specific properties in the traffic. A load balancer has nothing to do with Virtual disks, and the max number of VMs to manage starts at 100 and goes up to 1000. Further information: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

ACG - What is an Azure Function? (Choose 2) A) A single unit of compute that is triggered by a separate process. B) An add-on to any paid Azure subscription that allows using Azure services as functions in your applications. C) A function to update any resources on Azure. D) A foundational component of any Azure infrastructure. E) A serverless service on Azure.

A and E Azure Functions are single-task services that can take an input, process it, and then die. It is the first serverless product on Azure. It is a stand-alone product which doesn't rely on other Azure services, although Functions can certainly integrate with them. Functions are available on all subscriptions and are very inexpensive to use. Further information: https://docs.microsoft.com/en-us/azure/azure-functions/ https://azure.microsoft.com/en-au/services/functions/

ACG - What is the response time for Severity B on the Professional Direct Support Plan? A) 2 hours. B) 8 hours. C) 1 hour. D) 4 hours.

A) 2 hours. You may think this question is needlessly specific, but Microsoft love to test students on the support matrix and you will likely get a question like this on the exam. Memorize the entire support matrix. No arguing. Do it now. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - Which of the following solutions describes Azure Cosmos DB? A) A globally distributed multi-model database service. B) A MySQL compatible database solution with high availability and elastic scaling. C) A powerful database service designed specifically for analytics. D) A scalable in-memory data store.

A) A globally distributed multi-model database service. Azure Cosmos DB is a globally distributed multi-model database offering designed to guarantee low latency and high availability. It is compatible with Cassandra, MongoDB and other NoSQL workloads. Azure Database for MySQL runs MySQL workloads with elastic scaling. Azure Cache for Redis is a scalable in-memory data store. Azure Synapse Analytics brings together data warehousing and analytics. Further information: https://azure.microsoft.com/en-au/product-categories/databases/

ACG - What is a scale set? A) A pool of identical VMs that can be activated or deactivated as needed. B) A set of similar services that all work together for a service or application. C) A range of sizes of Virtual Machines ready to take over a workload. D) A set of Virtual Machines running in the same datacentre.

A) A pool of identical VMs that can be activated or deactivated as needed. Scale sets are used to scale an application up or down by quickly adding or removing VMs. The VMs in the scale set are identical and can be created very fast. They aren't necessarily located in the same datacenter either. Further information: https://docs.microsoft.com/en-us/azure/V-machine-scale-sets/overview

ACG - What is an Azure region? A) A set of datacenters close together. B) A collection of similar services that can be hosted in an Azure data centre. C) One or more datacenters equipped with independent power, cooling, and networking. D) A geographical part of the Azure platform.

A) A set of datacenters close together. Azure regions used correctly can create a more robust and better performing application. Regions are not a geographic distinction necessarily, but a more loose definition. It has to do with hardware, and enables high availability and elasticity. Further information: https://azure.microsoft.com/en-us/global-infrastructure/regions/

ACG - What are security policies used for in Azure? A) A set of rules that Azure can use to evaluate if your configuration of a service is secure and complies with your organization's security guidelines. B) A set of rules that Azure uses to validate user access and permissions to Azure resources. C) Rules used to restrict and validate access to files and documents hosted on Azure. D) To connect to outside security services that aren't part of the Azure Trusted Providers program.

A) A set of rules that Azure can use to evaluate if your configuration of a service is secure and complies with your organization's security guidelines. Security policies in Azure define the desired configuration of your services and workloads. They help ensure you're complying with your company's security requirements. User access and permissions are done through Azure Active Directory. Restricting access to files can be done with Azure Information Protection. Further information: https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

ACG - Which of the following can be configured through Azure Blueprints? A) All of the above B) Role Assignments C) Policy Assignments D) Resource Manager Templates

A) All of the above All of the answers provided are possible through Blueprint configuration. Blueprints are used by Architects and Engineers to design and build environments and are a useful tool in ensuring you have commonly defined subscriptions for certain use case types. Further information: https://azure.microsoft.com/en-gb/services/blueprints/

ACG - What is an address space on a Virtual Network? A) An address space is a range of IP addresses that can be assigned to services attached to the Virtual Network. B) A definition of what types of resources can connect to either a private or public network hosted on Azure. C) A portion of the complete address space for a given Azure subscription can be assigned to a Virtual Network. D) A reserved number of public IP addresses that you can use to connect a Virtual Network to the public Internet.

A) An address space is a range of IP addresses that can be assigned to services attached to the Virtual Network. An address space on a Virtual Network is a number of IP addresses that are unique only on the specific Virtual Network. These IP addresses are assigned to resources connected to the VNet, which allows the resources to interact and communicate. There is no limit to the number or VNets you can have, nor to the number of address spaces. Further information: https://docs.microsoft.com/en-gb/Office365/Enterprise/microsoft-cloud-it-architecture-resources

MSFT - Core Cloud Services - Introduction to Azure Which of the following is an example of an Azure application platform? A) Azure App Service B) Azure Load Balancer C) Azure Table Storage D) Azure Cache for Redis

A) Azure App Service Azure App Service is an HTTP-based service that enables you to build and host many types of web-based solutions without managing infrastructure.

ACG - Which Azure DevOps tool would you use to share applications and code libraries? A) Azure Artifacts B) Azure Test Plans C) Azure Pipelines D) Azure Repos E) Azure Boards

A) Azure Artifacts Azure Artifacts is a service in Azure DevOps, which can host code libraries and applications for you to share internally or externally. Azure Boards is for project managers. Azure Repos holds your source code. Azure Test Plans is used to create manual and automatic test scenarios for your application. Azure Pipelines is the process that builds and deploys your application. Further information: https://azure.microsoft.com/en-au/services/devops/

ACG - If you have large amounts of data that need to be processed in parallel on many machines, what is the best service to use on Azure? A) Azure Data Lake Analytics B) Azure Scale Set for virtual machines. C) Create several Azure DevOps Pipelines that can each process and control a large number of virtual machines. D) Azure Functions can be run in parallel with millions of instances. Each Function could process one piece of data.

A) Azure Data Lake Analytics Azure Data Lake Analytics is a managed service that can process very large amounts of data in parallel. Scale sets are used to add VMs to an application to help with increased traffic load. Azure DevOps is for deploying and managing your application in development. Azure Functions are great at doing a single thing, and then doing it many times. Further information: https://azure.microsoft.com/en-au/services/data-lake-analytics/

ACG - Which of the following Azure storage types is most suitable for sharing files using the Server Message Block (SMB) protocol? A) Azure Files B) Blob Storage C) Disk Storage D) Azure Storage Explorer

A) Azure Files Azure Files provides highly available network file shares using the SMB protocol. This allows multiple VMs to read and write the files, and files may be accessed remotely using a URL. Disk Storage allows data to be stored persistently and attached as a virtual hard disk. Blob Storage is designed for storing large amounts of unstructured data but can not be accessed via SMB. Azure Storage Explorer is a standalone app for Windows, Mac and Linux which enables you to work visually with your storage data. Further information: https://docs.microsoft.com/en-us/azure/storage/common/storage-introduction#disk-storage

ACG - You have a need to create a new IoT solution quickly with minimal setup and development time. Which Azure product or solution can best help with these requirements? A) Azure IoT Central is a Software-as-a-Service solution that can help ease the costs and effort of developing a whole IoT solution from scratch. B) A combination of Azure Edge for IoT combined with a CDN and Cosmos DB will meet the requirements. C) Azure IoT Hub provides a managed and secure backend for millions of IoT devices. D) Azure Event Grid is perfect for connecting millions of devices with a backend.

A) Azure IoT Central is a Software-as-a-Service solution that can help ease the costs and effort of developing a whole IoT solution from scratch. Azure IoT Central is a fully managed SaaS solution that provides all parts of your IoT solution. You only have to manage dashboards and data connections. No code is needed. Further information: https://azure.microsoft.com/en-au/services/iot-central/

ACG - You are in the early stages of building your AI World Domination application. Which is the best Azure tool for managing your models, projects, data sets and more for the application? A) Azure Machine Learning Studio. B) PyTorch for Azure ML. C) Azure Event Grid. D) Azure Machine Learning Service.

A) Azure Machine Learning Studio. Azure Machine Learning Studio lets you manage your models, projects and other data for your machine learning applications. It is a one-stop shop for working with ML on Azure. The Azure Machine Learning Service are the Azure resources that run your actual ML implementation. PyTorch is a programming language for using machine learning. Azure Data Lake Analytics is a Big Data tool for processing and analyzing Big Data. Further information: https://studio.azureml.net/

ACG - Which Azure service can you use to make sure your virtual machines are running smoothly and without problems? A) Azure Monitor. B) Azure Information Protection C) Advanced Threat Protection D) Azure Blueprints.

A) Azure Monitor. Azure Monitor collects and analyzes telemetry data from your virtual machines to provide your with alerts and recommendations for how they are running. Advanced Threat Protection monitors the behavior of the users in your Azure account. Azure Blueprints is a template for creating new compliant services in Azure. Azure Information Protection looks after the use and editing of your company documents. Further information: https://docs.microsoft.com/en-us/azure/azure-monitor/overview

MSFT - Apply and monitor infrastructure standards with Azure Policy Which Azure service allows you to create, assign, and, manage policies to enforce different rules and effects over your resources and stay compliant with your corporate standards and service-level agreements (SLAs)? A) Azure Policy B) Azure Blueprints C) Azure Security Center D) Role-based Access Control

A) Azure Policy Azure Policy is a service in Azure that you use to create, assign, and, manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service-level agreements (SLAs).

ACG - Which Azure calculator would you use to figure out monthly costs for Azure services? A) Azure Pricing Calculator. B) Azure Service Calculator. C) Total Cost of Ownership Calculator. D) Azure Portal Service Estimation.

A) Azure Pricing Calculator. The Pricing Calculator for Azure is a comprehensive tool that you can use to estimate any combination of services on Azure. The Total Cost of Ownership Calculator can indicate the savings achieved by moving your on-premises services to Azure. The Azure Portal can only estimate costs of existing services that you have in your account. Further information: https://azure.microsoft.com/en-au/pricing/calculator/

ACG - What is the difference between Microsoft SQL Server and Azure SQL? A) Azure SQL is a managed service, meaning Azure takes care of all the infrastructure maintenance. B) Microsoft SQL Server is a managed service, meaning Azure takes care of all the infrastructure maintenance. C) Azure SQL is faster than Microsoft SQL Server. D) Microsoft SQL Server is faster than Azure SQL.

A) Azure SQL is a managed service, meaning Azure takes care of all the infrastructure maintenance. Azure SQL is a managed service, which means Microsoft takes care of all the hardware and maintenance tasks for running the database. You only have to worry about using the database for storing and retrieving data. There is no noticeable performance advantage with using either SQL service. Further information: https://azure.microsoft.com/en-au/services/sql-database/

ACG - Which services can feed data into Azure Monitor? A) Both Azure services and on-premises services. B) Only Azure services that are available on a premium subscription. C) Only on-premises services that connect to an Azure service. D) All services that are hosted on Azure itself.

A) Both Azure services and on-premises services. Azure Monitor can accept data from almost any service, in order to monitor their operation and health. You get a single dashboard to view all of the current metrics, or you can delve into the archived data through the interactive query language. Further information: https://azure.microsoft.com/en-au/services/monitor/

MSFT - Core Cloud Services - Security, responsibility, and trust in Azure There has been an attack on your public-facing website, and the application's resources have been overwhelmed and exhausted, and are now unavailable to users. What service should you use to prevent this type of attack? A) DDoS protection B) Azure Firewall C) Network Security Group D) Application Gateway

A) DDoS protection DDoS protection is the correct answer, because it will help prevent DDoS attacks.

ACG - True or False: Network load balancers can only be used for internet traffic? A) False B) True

A) False Network load balancers can be external (internet) facing or internal facing. Using internal load balancers is a great way to provision redundancy and scalability within your application and database tiers, and is a common deployment methodology. Further information: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#targetText=With%20Azure%20Load%20Balancer%2C%20you,high%20availability%20for%20your%20services.&targetText=Additionally%2C%20a%20public%20Load%20Balancer,addresses%20to%20public%20IP%20addresses.

ACG - What is high availability in cloud computing? A) If one resource on Azure dies unexpectedly, another resource will almost instantly take over the workload. B) Azure will provide an infinite number of resources to your application to make sure it always runs optimally. C) High availability refers to the availability of the Azure Portal. You can always get access to an overview of what your Azure services are doing. D) Microsoft guarantees you will always have access to the resources on Azure.

A) If one resource on Azure dies unexpectedly, another resource will almost instantly take over the workload. High availability is one of the core benefits of using cloud computing. It ensures that backup resources are ready to take over any workload. While it may seem so at times, Azure doesn't have an infinite number of resources, and there is no guarantee from Microsoft about access. Further information: https://azure.microsoft.com/en-gb/features/resiliency/

MSFT - Core Cloud Services - Security, responsibility, and trust in Azure Cloud security is a shared responsibility between you and your cloud provider. Which category of cloud services requires the greatest security effort on your part? A) Infrastructure as a service (IaaS) B) Platform as a service (PaaS) C) Software as a service (SaaS)

A) Infrastructure as a service (IaaS) At this level, the cloud provider provides physical security to compute resources. However, it's your responsibility to patch and secure your operating systems and software, as well as configure your network to be secure.

ACG - Which cloud service model do Virtual Machines belong to? A) Infrastructure-as-a-Service. B) Serverless. C) Platform-as-a-Service. D) Software-as-a-Service.

A) Infrastructure-as-a-Service. Infrastructure-as-a-Service includes services that emulate hardware, such as Virtual Machines, networks and storage. Platform-as-a-Service describes services that abstract away IaaS and provide managed services. Software-as-a-Service includes full software solutions, which you subscribe to. Serverless is an approach where you don't have to manage any kind of servers or compute services. Serverless is a kind of extreme PaaS. Further information: https://azure.microsoft.com/en-gb/services/V-machines/

ACG - You have been asked to automate part of a business process into Azure. You do not have a scripting background but need to automate the movement of files uploaded to an SFTP server to a storage account. Which service provides you with an easy way to do this using a graphical interface? A) Logic Apps B) Web App C) Azure Batch D) Azure Functions

A) Logic Apps Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Although this is possible with Azure Functions you would be required to code this yourself. Further information: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview#how-does-logic-apps-differ-from-functions-webjobs-and-flow

MSFT - Predict costs and optimize spending for Azure Complete the following sentence. As an Azure customer, Azure Reservations offer discounted prices if you _________ A) Make upfront commitments on compute capacity B) Provision many resources C) Have a free account D) Set Spending Limits

A) Make upfront commitments on compute capacity Azure Reservations offer discounted prices on certain Azure products and resources. To get a discount, you reserve products and resources through an upfront commitment. You can then either prepay or pay monthly for one or three years of usage of certain Azure resources.

MSFT - Core Cloud Services - Introduction to Azure What is Azure? A) Microsoft's cloud computing platform, which provides compute power, storage, and services over the Internet using a pay-as-you-go pricing model. B) A single data center located in Redmond, Washington. C) A hosting environment specifically for virtual machines

A) Microsoft's cloud computing platform, which provides compute power, storage, and services over the Internet using a pay-as-you-go pricing model. Azure provides raw compute power and storage, as well as services to help you explore new software paradigms such as intelligent bots and mixed reality.

ACG - Can virtual networks span across multiple regions? A) No, virtual networks are region specific B) No, virtual networks cannot but subnets can C) Yes, you can stretch a virtual network using traffic manager D) Yes, if you modify the default security policy

A) No, virtual networks are region specific It is not possible for a vNET to span multiple regions however the subnets that you create within the vNET are aligned to availability zones (where this service is available). Availability zones provide an additional level of redundancy within a region as each availability zone is made up of one or more datacenters. Further information: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq

MSFT - Core Cloud Services - Azure networking options What is an Azure region? A) One or more Azure data centers within a specific geographical location. B) A way of breaking networks into smaller networks. C) Firewall rules which define the flow of traffic in and out of Azure.

A) One or more Azure data centers within a specific geographical location. Azure regions help you deliver your apps and services closest to your users. West US and North Europe are examples.

ACG - How many tenants can a single user belong to in Azure Active Directory? A) One. B) Depends on the Azure subscription type. C) There is no limit. D) Two.

A) One. Any user on Azure must belong to a single Azure tenant. Users can be guests in other tenants but always belong to just one. The type of Azure subscription doesn't matter. Further information https://docs.microsoft.com/en-au/azure/active-directory/ https://azure.microsoft.com/en-au/services/active-directory/

ACG - Which Azure Support Plan can offer the lowest possible response time for the most critical incidents? A) Premier B) Developer C) Professional Direct D) Standard

A) Premier The Premier support plan includes up to a 15 minute response time with Azure Rapid Response, a special annual program for customers requiring extremely fast response times, or Azure Event Management services, a special short term service for when new critical workloads are being launched in Azure. This is the lowest possible response time for Azure support. Standard, Professional Direct, and Premier all offer 1 hour response times without these special programs, which can be enough for most businesses Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - Which of the following Azure support plans provide phone access for technical support queries? (Choose 2) A) Premier B) Standard C) Basic D) Developer

A) Premier B) Standard The Basic support plan does not provide access to technical support. The Developer support plan only provides access to technical support via email in business hours. Both the Standard and Premier support plans provide 24/7 access to technical support via phone and email. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - Which data sources does SQL Data Warehouse support on Azure? A) Pretty much anything, as long as you can map the data types to valid types. B) Azure SQL and Azure SQL Server. C) Any data source that conform to the ISO 8601 standard data format. D) Data sources hosted on Azure.

A) Pretty much anything, as long as you can map the data types to valid types. Azure SQL Data Warehouse supports any data type that you can map to it. The whole idea is to have many data sources that you can analyze and compare. This includes non-Azure data sources as well. ISO 8601 is not a data standard either. Sorry. Further information: https://azure.microsoft.com/en-au/services/synapse-analytics/

ACG - What type of cloud architecture is Microsoft Azure generally best described as? A) Public Cloud B) Hybrid Cloud C) Secure Cloud D) Private Cloud

A) Public Cloud Microsoft Azure is best described as a Public Cloud provider, since nearly anybody can provision services on Microsoft Azure, if they have an account on the platform. This is the same as other major public cloud providers, like AWS and Google Cloud Platform. Private Cloud's are not open to other users, and Hybrid Cloud's consist of both Public and Private Clouds. Microsoft Azure has services to cater for these, but it is not the predominant feature of Azure. Secure Cloud is not a term used to describe a Cloud architecture. Further information: https://azure.microsoft.com/en-au/overview/what-is-a-public-cloud/

MSFT - Core Cloud Services - Azure architecture and service guarantees Deploying an app can be done directly to what level of physical granularity? A) Region B) Data center C) Server rack

A) Region Azure organizes infrastructure around regions, which include multiple datacenters. You can pick the region you want resources deployed into. You can't select a specific datacenter or location within a datacenter.

ACG - What is the name of the logical container used to group together and manage resources in Azure? A) Resource Groups B) Cloud Groups C) Cloud Folders D) Resource Folders

A) Resource Groups An Azure Resource Group is a container used to hold the resources deployed in your Azure account. Resource Groups can contain almost any type of resource in Azure, such as Virtual Machines, VNets, and Storage Accounts. The other options do not exist. Further information: https://docs.microsoft.com/en-gb/azure/azure-resource-manager/management/overview

ACG - What Azure service can you use to automatically add or remove virtual machines to your environment in response to demand on your applications? A) Scale Sets B) Fault Domains C) Traffic Manager D) Virtual Networks

A) Scale Sets Scale Sets will allow automatic scaling of virtual machines residing behind a load balancer, based on metrics which you specify. Virtual networks are used to provide network connectivity for virtual machines but cannot provide scaling. Fault domains are defined sections of Azure datacentres which utilise separate power, heating, ventilation, air conditioning and top of rack switching from other fault domains ensuring outages are contained within the specific fault domain. Finally, update domains ensure protection against two servers running similar workloads or their underlying hypervisors being patched and taken offline at the same time. Further information: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

ACG - What are the two types of scaling on Azure? A) Scaling up or down, and scaling out. B) Scale Sets and High Availability C) Scaling out and scaling across. D) There is only one type of scaling: scaling up/down.

A) Scaling up or down, and scaling out. Scaling up and down is making a resource, such as a VM, larger or smaller. Scaling out is adding more resources of the same type. Further information: https://azure.microsoft.com/en-au/blog/scaling-up-and-scaling-out-in-windows-azure-web-sites/ https://docs.microsoft.com/en-us/azure/app-service/manage-scale-up

MSFT - Core Cloud Services - Azure compute options: Imagine that you work on a photo-sharing application that runs on millions of mobile devices. Demand is unpredictable because you see a spike in usage whenever a locally or nationally significant event occurs. Which Azure compute resource is the best match for this workload? A) Serverless computing B) Containers C) Virtual machines

A) Serverless computing The photo-sharing app is event driven and needs to handle unpredictable demand. Serverless computing is a good fit for this situation because it is event-based and can scale instantly to process spikes in traffic. It should also be a cost-effective choice because you will pay for compute time only when processing user data.

ACG - What are the Microsoft services that can tell you more about trust in the Azure platform? (Choose 2) A) Service Trust Portal. B) Trust Center. C) There isn't a single service, as trust is part of every service on Azure. D) Azure Privacy Portal. E) Azure User Safety Portal.

A) Service Trust Portal. B) Trust Center. You can use the Trust Center to find documentation of all the various compliance standards Azure is adhering to. You can use the Service Trust Portal to read the audit reports for any part of Microsoft's products, including Azure. Further information: https://servicetrust.microsoft.com/ https://acloud.guru/course/az-900-microsoft-azure-fundamentals/learn/privacy-compliance-and-trust/quiz/watch?backUrl=~2Fcourses

ACG - Which statement best describes the benefits of the economy of scale of using cloud providers like Microsoft Azure? A) Since Azure owns and runs so much hardware, they can do so more efficiently, and pass on the savings to the customer B) Leveraging the cloud to deliver larger and more powerful services gives a company an advantage over competitors C) Since Microsoft is a more extensive business than it's primary competitors, AWS and Google Cloud Platform, it can deliver services more cheaply D) Being able to run more workloads in Azure than your own on-premise means your business can scale bigger

A) Since Azure owns and runs so much hardware, they can do so more efficiently, and pass on the savings to the customer The economy of scale comes from the ability of cloud providers to run so much hardware, and to do so with great efficiency, that their cost of operating it is substantially lower than if we were to do it ourselves on-premise. These cost savings can then be passed along to us as consumers. The ability to scale larger and deliver more powerful services do not translate towards an economy of scale, although they are benefits of Cloud Computing. While Microsoft does have a very different business model to AWS and Google Cloud Platform, all three are able to leverage the economy of scale in similar ways; something which is not unique to Microsoft. Further information: https://azure.microsoft.com/en-au/blog/how-to-turn-cloud-economics-to-your-advantage/

MSFT - Core Cloud Services - Azure data storage options A newly released mobile app using Azure data storage has just been mentioned by a celebrity on social media, seeing a huge spike in user volume. To meet the unexpected new user demand, what feature of pay-as-you-go storage will be most beneficial? A) The ability to provision and deploy new infrastructure quickly B) The ability to predict the service costs in advance C) The ability to meet compliance requirements for data storage

A) The ability to provision and deploy new infrastructure quickly As the user demand increases, the agility to deploy new servers or services as needed can help scale to meet the increased user load.

ACG - When using a Content Delivery Network, caching is a critical part of it. What is the advantage of using effective caching for your web applications? A) The cache's primary purpose in any computing scenario is to speed things up. B) Caching is an alternative to using a Load Balancer for improving performance and routing for your web application. C) Caching is used to store data when your Azure Storage account is either unavailable or at capacity. D) Caching is the main connection between Azure regions and creates a dedicated link to each user of your application, increasing reliability.

A) The cache's primary purpose in any computing scenario is to speed things up. A cache holds temporary copies of original files, such as a copy of an image. The cache's primary purpose in any computing scenario is to speed things up. Further information: https://docs.microsoft.com/en-us/azure/cdn/cdn-how-caching-works

ACG - What is the purpose of "models" in Machine Learning and Artificial Intelligence? A) The definition of what you want your Machine Learning implementation to learn. B) The size and capacity of the Machine Learning service. C) Defining the version of your Machine Learning application. D) The framework for integrating other Azure services with your particular Machine Learning instance.

A) The definition of what you want your Machine Learning implementation to learn. A model is the way that you define what you want your machine learning implementation to learn. You give it a model, which is a set of rules, and the application then starts playing this model over and over again with the data you have provided. Over time, usually very fast, the model will find patterns in the data that follow the rules you have provided. Further information: https://docs.microsoft.com/en-gb/azure/machine-learning/how-to-deploy-and-where https://azure.microsoft.com/en-au/services/machine-learning/

ACG - What significance does the name for your Azure storage account have? A) The name you give the storage account becomes the main web address for accessing the files in it. It must be unique across all of Azure. B) Each storage account name is linked to a set of users that can access it. C) The name you give the storage account becomes the main web address for accessing the files in it. It must be unique within your Azure subscription. D) No significance. You can name a storage account what you want.

A) The name you give the storage account becomes the main web address for accessing the files in it. It must be unique across all of Azure. Each storage account on Azure must have a unique name, as that is used to identify it on the Internet by giving it a web address. Storage account access management is done through Azure Active Directory. Further information: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview

ACG - How do you submit a support ticket? A) Through the Azure Portal. B) Use the phone number for your region and support level, as noted in the Azure Portal. C) Using the email address [email protected], making sure you add your account ID in the subject line. D) Through the Azure Support Portal which comes with any paid support plan.

A) Through the Azure Portal. A support ticket is submitted through the Support section of the Azure Portal. Depending on your Support Level, you will have various options to submit billing, technical and other kinds of support tickets. Further information: https://azure.microsoft.com/en-au/support/options/

ACG - What scope level is the developer support contract aimed at? A) Trial and non-production environments B) Business-critical dependence C) Production workload environments D) Substantial dependence across multiple products

A) Trial and non-production environments The Developer support contract is most suited to Trial and non-production environments as you only have Business hours access to support engineers via email Further information: https://azure.microsoft.com/en-gb/support/plans/

MSFT - Core Cloud Services - Manage services with the Azure portal: True or false: Azure Cloud Shell is an interactive, browser-accessible shell for managing Azure resources? A) True B) False

A) True Azure Cloud Shell is an interactive shell for managing Azure resources. You can control and administer all of your Azure resources in the current subscription through a command-line interface built right into the portal.

MSFT - Predict costs and optimize spending for Azure True or false: You can share your estimate through an Excel spreadsheet or through a URL. A) True B) False

A) True Clicking Export at the bottom of the estimate will export an Excel spreadsheet that you can share, or you can click Share to get a URL link that you can share with your team.

MSFT - Predict costs and optimize spending for Azure True or false: PaaS is generally less expensive than IaaS. A) True B) False

A) True IaaS requires Azure to dedicate resources while PaaS give Azure more flexibility in how services are delivered. This means Azure can fill and operate hardware efficiently and therefore offer PaaS services at a savings over IaaS.

MSFT - Predict costs and optimize spending for Azure True or false: Azure has money-saving options for test and development servers. A) True B) False

A) True The Azure Enterprise Dev/Test and Azure Pay-As-You-Go Dev/Test benefits give you several discounts, most notably for Windows workloads, eliminating license charges and billing you only at the Linux rate for virtual machines. This also applies to SQL Server and any other Microsoft software that is covered under a Visual Studio subscription.

.MSFT - Apply and monitor infrastructure standards with Azure Policy True or false: You can download published audit reports and other compliance-related information related to Microsoft's cloud service from the Service Trust Portal A) True B) False

A) True You can download published audit reports and other compliance-related information related to Microsoft's cloud service from the Service Trust Portal.

MSFT - Core Cloud Services - Azure data storage options Which of the following situations would yield the most benefits from relocating an on-premises data store to Azure? A) Unpredictable storage demand that increases and decreases multiple times throughout the year. B) Long-term, steady growth in storage demand. C) Consistent, unchanging storage demand.

A) Unpredictable storage demand that increases and decreases multiple times throughout the year. Azure data storage is flexible. You can quickly and easily add or remove capacity. You can increase performance to handle spikes in load or decrease performance to reduce costs. In all cases, you pay for only what you use.

ACG - What is one simple way to ensure you meet certain governance rules and regulations when setting up a new Azure environment? A) Use Azure Blueprints. B) Use Azure Compliance Monitor to compare your infrastructure against. C) Use the Azure Template Wizard when creating a new service. D) Use a support plan of Professional Direct or Premier level to get Architecture help for a new Azure environment.

A) Use Azure Blueprints. Azure Blueprints are templates for creating compliant Azure infrastructure projects. You can use them to comply with standards and regulations that apply to your company. You can get architecture help using a support plan too, but it is much more laborious. Further information: https://azure.microsoft.com/en-au/services/blueprints/

MSFT - Core Cloud Services - Azure networking options Which of the following is true about virtual networks? A) You configure virtual networks through software. B) A virtual network accepts network traffic on all ports. You configure the firewall through virtual machines. C) Virtual networks are always reachable from the internet.

A) You configure virtual networks through software. Software enables you to treat a virtual network just like your own network. Azure maintains the physical hardware for you

ACG - What is consumption-based pricing on Azure? A) You pay for the resources you use, not the time it is on. B) Any service you use on Azure has a consumption component as part of the pricing. C) Some core services on Azure are consumed constantly to keep your applications running. You pay for this consumption. D) Consumption based pricing is the model for paying for any services on a free Azure account.

A) You pay for the resources you use, not the time it is on. Consumption-based pricing is one way to get the best value out of Azure, if the usage is not time based. Consumption-based pricing is not limited to free accounts and the services are not necessarily consumed all the time. Further information: https://azure.microsoft.com/en-au/pricing/details/functions/

ACG - What are the advantages of Cosmos DB? (Choose 3) A) Infinite scaling to handle any demand. B) Very low latency. C) Very cheap data storage. D) Great backup facilities for other Azure services, such as App Services and Azure Functions. E) A large range of tools to work with Cosmos DB, such as SDKs, APIs and more. F) Improved Azure Portal experience for managing the various Cosmos DB locations in your application.

A, B, E Cosmos DB is a globally scaled distributed database solution that offers very low latency, a range of tools to interact with the data and infinite scaling to handle demand. Cosmos DB is not meant as a cheap storage service, nor for backup of data. Azure has Archive Data services for that. Further information: https://azure.microsoft.com/en-au/services/cosmos-db/

ACG - What are the three kinds of App Service? (Choose 3) A) API Apps B) Web Apps for Containers C) Event Grid for App Services D) Azure Standard Apps E) Web Apps for Linux F) Web Apps

A, B, F Azure provides three types of app services depending on your scenario. Web Apps, Web Apps for Containers and API Apps all cover a specific use case. App Services can all run on Linux, but it isn't a specific type of service. Event Grid is a separate service on Azure. Further information: https://azure.microsoft.com/en-au/services/app-service/ https://docs.microsoft.com/en-us/azure/app-service/

ACG - Which of the following are valid Azure storage redundancy types (Choose 3) A) Read-access geo-zone-redundant storage (RA-GRZS) B) Global zone storage (GZS) C) Zone redundant storage (ZRS) D) Locally redundant storage (LRS)

A, C, D Azure has many redundancy options to choose from when identifying which storage option to select. The following are all valid Azure Storage redundancy options - Locally redundant storage, Zone-redundant storage, Geo-redundant storage, Read-access geo-redundant storage, Geo-zone-redundant storage and Read-access geo-zone-redundant storage. Further information: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

ACG - What is special about the China region in Azure? (Choose 3) A) All Azure services are physically located inside China. B) You are guaranteed to be compliant with all Chinese data and IT regulations. C) You have to be a Chinese citizen to use the China region. D) All customer data is guaranteed to be geographically within China. It is priced purely in Chinese Yuan and not American Dollars.

A, C, D Services in the China region are hosted on a physically isolated instance of Azure. It is operated by 21Vianet, a company based in China. All of your customer data is kept within China, and is bound by Chinese regulations. Further information: https://azure.microsoft.com/en-au/global-infrastructure/china/

ACG - Which types of blobs are supported by Azure storage? (Choose 3) A) Append blob. B) File blob. C) Page blob. D) Standard blob. E) Block blob. F) Fast blob.

A, C, E Azure Storage supports three types of blobs: block, page and append. File storage is different than blob storage. There is no standard storage type, and of course blobs are fast. It's Azure fast! Further information: https://docs.microsoft.com/en-au/azure/storage/blobs/storage-quickstart-blobs-dotnet https://azure.microsoft.com/en-au/services/storage/blobs/

ACG - What are types of locks in Azure? (Choose 2) A) Delete. B) Open. C) Update. D) Read-only. E) Create-only. F) Closed.

A, D Locks can be put on resources to make sure there aren't any accidental or nefarious actions taken on them. The two types of locks are delete, which means you can't delete the resource, and "read only", which means you can't make any changes to the resources. Further information: https://docs.microsoft.com/en-gb/azure/azure-resource-manager/management/lock-resources

ACG - What are valid managed disk storage types on Azure? (Choose 3) A) Ultra Disk B) Slow HDD C) Premium HDD D) Premium Disk E) Premium SSD F) Standard HDD

A, E, F Azure offers 4 types of manage disk storage: Standard HDD, Standard SSD, Premium SSD and Ultra Disk. Further information: https://azure.microsoft.com/en-au/pricing/details/managed-disks/

ACG - Which are considered serverless services on Azure? (Choose 3) A) Event Grid. B) Azure Logic Apps. C) Azure Data Lake Analytics D) Azure Functions. E) Azure Front Door. F) App Services.

A,B,D Azure Functions, Logic Apps and Event Grid are all serverless services on Azure. Azure Data Lake Analytics is a Big Data tool for processing and analyzing Big Data. App Services is a PaaS offering for web applications. Azure Front Door is a scalable and secure web frontend for your web applications. Further information: https://azure.microsoft.com/en-au/services/functions/ https://azure.microsoft.com/en-au/services/logic-apps/

ACG - What are the characteristics of an Availability Zone? (Choose 3) A) Availability Zones protect your instances from the failure of a single datacenter B) Availability Zones exist within regions C) Each zone runs different Azure services D) Availability Zones only apply for Storage Accounts E) Each zone has its own isolated power, cooling, and networking

A,B,E An Azure Availability Zones are groups of datacenters within a region which have their own isolated power, cooling, and networking. This is to ensure if one part of a local power grid fails, or a major internet outage occurs in a city that it should not impact multiple datacenters. This exists to protect your instances from the failure of entire datacenters. Each availability zone will share part of the load for running every Azure service in a region. Many resource types can benefit from Availability Zones, such as Storage Accounts, Virtual Machines, and Databases Further information: https://azure.microsoft.com/en-au/global-infrastructure/availability-zones/

ACG - What are some of the advantages of using a subnet with your Azure Virtual Network? (Choose 3) A) IP address allocation on the subnet is more efficient. B) Virtual Machines will start faster, as the network provisioning is already done. C) You can logically group services on the same Virtual Network. D) You can secure a subnet individually from the entire Virtual Network. E) Subnets are more secure. F) You can save costs by only using a part of the Virtual Network through a subnet.

A,C,D Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network's address space to each subnet. This makes address allocation more efficient, you can have a separate network security group for the subnet, and you can logically group services as well. Further information: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview

ACG - What are valid use cases to use Azure Service Health in your architecture? (Choose 2) A) To find performance improvements in your App Service apps. B) To track incidents with your services in real time and get a report afterwards. C) To set up custom alerts to notify you of any outages, planned or otherwise. D) To set up a testing environment to make sure you have a valid architecture. E) To receive data from third party applications running on other cloud platforms.

B and C Azure Service Health notifies you about Azure service incidents and planned maintenance. You can use this information to take appropriate actions to limit any downtime. Azure Service Health can't receive data from any of your applications or third party services. It is only for Azure. Further information: https://azure.microsoft.com/en-au/features/service-health/

ACG - What are features of role based access control? (Choose 2) A) Use any of the five predefined roles to make user management simple and straightforward. B) Define which actions users can take on a resource. C) Define which users have access to specific Azure resources. D) Tiered privacy protection for users within your Azure Tenant. E) Multi-factor authentication.

B and C Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. You have very detailed control of resource actions and you assign roles to users to let them take those actions. You can define as many roles as you wish in RBAC. Further information: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

MSFT - Core Cloud Services - Manage services with the Azure portal: An Azure dashboard is stored as which type of file? A) XML B) JSON C) PNG

B) JSON Azure dashboards are stored as JSON files, which allow them to be uploaded and downloaded to share with other members of the Azure directory.

ACG - Why would you use a Content Delivery Network? (Choose 2) A) A CDN ensures maximum uptime for an application that is hosted in more than one datacenter. B) To provide better performance and improved user experience for end users. C) To ensure requests made from users are securely handled and served. D) For incoming traffic, to make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers. E) To better handle instantaneous high loads, such as the start of a product launch event.

B and E A CDN keeps a recent copy of your web application and can deliver this much faster to users close to an endpoint. CDNs can handle a LOT more data than a typical web server, which makes it ideal to handle traffic spikes as well. CDNs don't generally handle individual traffic routing rules nor security. Further information: https://docs.microsoft.com/en-au/azure/cdn/

ACG - What is the description of a region in Microsoft Azure? A) A geographical area containing at least one Azure datacenter per continent worldwide B) A geographical area containing at least one, but potentially multiple Azure datacenters located near each other C) A logical boundary defining the secure communication boundary between a customers virtual machines D) A geographical area containing all of the Azure datacenters located within a single countries borders

B) A geographical area containing at least one, but potentially multiple Azure datacenters located near each other An Azure Region is a geographical area, usually around one part of a particular country, that comprises of one or more physical Azure datacentres, that are connected together with very fast network connections. Regions can span across multiple countries (such as the East Asia region), and there can be more than one region per country (the US has over a dozen regions). A logical boundary for secure communication would usually refer to a VNet (a virtual network) Further information: https://azure.microsoft.com/en-au/global-infrastructure/regions/

ACG - What are characteristics of Azure Paired Regions? A) Provides the capability for some services to replicate B) All of the above C) The ability to failover from one region to the other in the event of an outage D) Only one region in a pair is patched or updated at any one time

B) All of the above A paired region has all of the characteristics from the options above. As a general rule of thumb Microsoft aims to achieve at least 300 miles of separation between datacenters in a regional pair which provides a balance between latency which is the time it takes for data to travel between destinations and distance to protect against events such as natural disasters. Further information: https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions

ACG - Which Azure products and services are available through the Azure Portal? A) Only products and services that aren't free. B) All products and services that are generally available. C) Only products that are not in private or public preview. D) Only products that are globally available.

B) All products and services that are generally available. You can access all generally available Azure products and services through the Azure Portal with any type of subscription. Some services in preview may not be available just yet. Further information: https://docs.microsoft.com/en-us/azure/azure-portal/

MSFT - Create an Azure account: Which of the following statements is true about an Azure subscription? A) Using Azure does not require a subscription B) An Azure subscription is a logical unit of Azure services C) You can't have more than one subscription

B) An Azure subscription is a logical unit of Azure services

MSFT - Create an Azure account: Which of the following statements is true about an Azure subscription? A) Using Azure does not require a subscription B) An Azure subscription is a logical unit of Azure services C) You can't have more than one subscription

B) An Azure subscription is a logical unit of Azure services An Azure subscription is a container used to provision resources in Azure. To create and use Azure services, you need an Azure subscription.

ACG - What is a distributed denial of service attack? A) An attack carried out from multiple Azure data centers. B) An attack where lots of computers targeting a single server or website with the aim of making it stop. C) An attack meant to target multiple services and bring them to a stop. D) An attack that is partly generated by cloud services and partly by on-premises servers.

B) An attack where lots of computers targeting a single server or website with the aim of making it stop. A distributed denial of service (DDoS) attack comes from a large number of sources with the sole aim of stopping your service. This is done through sending web traffic to your service until it can't handle it all and stops working. Azure has tools to protect against DDoS attacks, which sometimes aren't attacks at all, but just increased visitor interest in services or content. Further information: https://azure.microsoft.com/en-au/services/ddos-protection/ https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

ACG - What is the purpose of the Resource Manager in Azure? A) The Resource Manager interacts with internal Azure networks to monitor resource usage and user activity. B) Any creation, updating or deleting of Azure resources is done by the Azure Resource Manager. C) The Resource Manager is one of the tools you can use to create new resources on Azure. D) The Resource Manager manages existing resources once deployed to Azure.

B) Any creation, updating or deleting of Azure resources is done by the Azure Resource Manager. The Azure Resource Manager is the common architectural layer which all commands must go through to interact with Azure resources. The Resource Manager manages all resources on Azure, and is the only tool that creates resources on Azure. Further information: https://docs.microsoft.com/en-gb/azure/azure-resource-manager/management/overview

ACG - What does Infrastructure-as-a-Service describe? A) The layer of services that enable a complete cloud infrastructure for your business. B) Any hardware services provided by Azure such as Virtual Machines and Virtual Networks. C) Any service on Azure that you can rent and don't have to buy upfront. D) Services on Azure that are updated automatically to provide a stable infrastructure for your applications.

B) Any hardware services provided by Azure such as Virtual Machines and Virtual Networks. IaaS is the foundation for cloud computing, and all services on Azure are based on IaaS in some way. IaaS services on Azure never have to be bought upfront, but can be used as you need them. Also, all generally available Azure services are stable. Further information: https://azure.microsoft.com/en-au/overview/what-is-azure/iaas/

MSFT - Predict costs and optimize spending for Azure Which of the following factors affects costs? A) Global infrastructure B) Location C) Availability zone

B) Location The location you place your resources will vary the price for the resource.

ACG - You manager has approached you to say that the company has been receiving complaints from customers in America and Australia on the time it takes for images to load on their website. Currently the only infrastructure supporting the website is located in the United Kingdom and there are no plans to replicate this to the affected regions. Which Azure service could you use to help with this problem? A) Auto Scaling B) Azure CDN C) Traffic Manager D) Cosmos DB

B) Azure CDN Azure Content Delivery Network (CDN) would allow users to load images and website content from a local point of presence near their office location instead of traversing the globe, this will reduce page load times for the customers. Azure CDN is designed to handle sudden traffic spikes and heavy loads throughout the world allowing you to scale as needed without new infrastructure costs or capacity concerns. Further information: https://azure.microsoft.com/en-gb/services/cdn-overview/

MSFT - Create an Azure account: Which Azure support plan is best for business-critical workloads? A) Azure Developer B) Azure Professional Direct C) Azure Standard

B) Azure Professional Direct Azure Professional Direct support plan is best for business-critical workloads. This support plan offers 1-hour response time and priority tracking of critical cases.

ACG - What is a definition of Authentication? A) Determination of access to a system based on authorization. B) Confirmation of your identity for a system. C) Being able to log into the Azure Portal from anywhere. D) The ability of a system to determine your location when accessing it.

B) Confirmation of your identity for a system. Authentication is the process of determining that you are you. This is most commonly done using a username and password, but could also be with a fingerprint or face recognition. Further information: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

ACG - What is a definition of Authorization? A) Being able to log into the Azure Portal from anywhere. B) Determination of access to a system based on authentication. C) Confirmation of your identity for a system. D) The ability of a system to determine your location when accessing it.

B) Determination of access to a system based on authentication. Authorization determines your access to a system once you have been authenticated. This could be the right to access a certain part, create a new customer or install new software. Further information: https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad

ACG - Which support plan provides the most cost-effective access to technical support? A) Professional Direct B) Developer C) Basic D) Standard

B) Developer The Basic support plan does not provide access to technical support. The Developer support plan provides access to technical support via email in business hours and is the most-effective. Both the Standard and Professional Direct support plans provide 24/7 access to technical support via phone and email but are more costly. Further information: https://azure.microsoft.com/en-au/support/plans/

MSFT - Cloud Concepts - Principles of cloud computing: Which term from the list below would be viewed as benefits of using cloud services? A) Unpredictable costs B) Elasticity C) Local reach only

B) Elasticity Elasticity, Agility and Economies of scale are the correct answers, and would be seen as benefits that you can gain from using cloud services.

MSFT - Control and organize Azure resources with Azure Resource Manager Tags applied at a resource group level are propagated to resources within the resource group. A) True B) False

B) False

MSFT - Control and organize Azure resources with Azure Resource Manager Tags can be applied to any type of resource on Azure A) True B) False

B) False

MSFT - Predict costs and optimize spending for Azure True or false: If you already have Windows Server licenses, you have to pay for them again on Azure. A) True B) False

B) False Under certain circumstances, you can utilize the hybrid benefit for Windows Server and pay only the Linux rate.

ACG - What are some of the limitations with a free Azure account? A) A free account only allows access to all services for 30 days, after which only free services are available. B) Included Azure credits will expire after 30 days, and included free services expire after 12 months. C) Azure free accounts are only valid in certain promotional periods, such as when new services are launched. D) You can only create a free Azure account with a US address.

B) Included Azure credits will expire after 30 days, and included free services expire after 12 months. An Azure free account is meant to evaluate Azure services and is not meant for production. You can create a free account from anywhere in the world, and free accounts are always valid. Further information: https://azure.microsoft.com/en-us/free/

ACG - What Cloud model allows you to have complete control over the operating system? A) Software as a Service (SaaS) B) Infrastructure as a Service C) Platform as a Service

B) Infrastructure as a Service Infrastructure as a Service (IaaS) allows you to have complete control over the virtual machine operating system and any applications that you install onto the virtual machine Further information: https://azure.microsoft.com/en-gb/overview/what-is-iaas/

MSFT - Core Cloud Services - Azure networking options How does Azure Traffic Manager reduce latency? A) It chooses only the fastest networks between endpoints. B) It chooses the endpoint that's closest to the user's DNS server. C) It caches content, similar to how content delivery networks work.

B) It chooses the endpoint that's closest to the user's DNS server. Choosing the server that's closest to the user is a good way to reduce latency.

ACG - What does Azure Advanced Threat Protection do? A) It provides anti-malware features for Office 365 accounts. B) It identifies suspicious user activities and events. C) It checks links in emails and documents to ensure they aren't malicious. D) It provides unified endpoint security for Windows-based Virtual Machines.

B) It identifies suspicious user activities and events. Azure Advanced Threat Protection monitors and analyzes user activities, events and related information across your network. This information is used to create a baseline for each user, which future activities are compared with to identify suspicious behaviour. Advanced Threat Protection does not provide anti-malware protection, or link checking. It also does not provide endpoint security for Windows VMs specifically, as this is a task performed by Windows Defender Advanced Threat Protection. Further information: https://docs.microsoft.com/en-gb/azure-advanced-threat-protection/what-is-atp

ACG - What is a recommended use case for Azure SQL? A) Migrate all instances of Microsoft SQL Server to Azure SQL to improve security and reduce cost. B) Migrate your on-premises SQL Server instances directly to Azure and get all the benefits of managed instances. C) Update on-premises SQL Server to gain better performance and lower cost. D) Migrate Cosmos DB data if only a single geographical location is used.

B) Migrate your on-premises SQL Server instances directly to Azure and get all the benefits of managed instances. Using Azure Database Migration Service, you can migrate directly from Microsoft SQL Server to Azure SQL. It is recommended by Azure to move your on-premises SQL Server instance to Azure SQL to improve efficiency and lower costs. It is not recommended to just migrate everything, as that is a case-by-case basis. Cosmos DB data is unlikely to match directly to Azure SQL. Further information: https://azure.microsoft.com/en-au/services/database-migration/ https://azure.microsoft.com/en-au/services/sql-database/

ACG - You are looking to restrict internet traffic to a Windows virtual machine - what Azure functionality would you choose to accomplish this? A) Public IP Address B) Network Security Groups C) Resource Group D) Redis

B) Network Security Groups Appropriately configured Network Security groups allow you to control all inbound and outbound traffic for your virtual machines. A public IP address is needed to ensure that the virtual machine can be communicated to from the internet in the first place but does not offer any capability to restrict or filter traffic. Redis is used as an in-memory caching service which helps offload traffic from your database to memory in order to achieve better performance, and a resource group is used to organize resources with a common lifecycle. Further information: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

ACG - Which of the following statements apply to Network Security Groups? A) Network Security Groups cannot affect traffic between Virtual Machines in the same subnet. B) Network Security Groups always include default security rules. C) Network Security Groups must be attached to every subnet. D) Network Security Groups perform the same functions as Route Tables.

B) Network Security Groups always include default security rules. Network Security Groups always include default security rules. These can be de-prioritized but not deleted. Network Security Groups can be used to limit traffic between Virtual Machines in the same subnet and do not perform the same functions as Route Tables. They are not required to be attached to every subnet. Further information: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#network-security-groups

ACG - Which of the following statements best describes a Network Security Group? A) Network Security Groups are established connections between your network and Azure. B) Network Security Groups contain inbound and outbound security rules enabling traffic to be filtered. C) Network Security Groups are another name for peered virtual networks, allowing secure communication between resources. D) Network Security Groups are groups of devices within a subnet that perform security functions.

B) Network Security Groups contain inbound and outbound security rules enabling traffic to be filtered. Network Security Groups are used to filter traffic to and from resources in an Azure virtual network. They contain lists of security rules which allow or deny inbound and outbound traffic. The security rules contain properties such as priority, source or destination, protocol, direction, port range and action. Further information: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#network-security-groups

ACG - What are some benefits of using a Virtual Machine on Azure? A) Much cheaper than running your own servers. B) No maintenance of hardware and only paying for what you use. C) Owning the hardware but Azure maintains it. D) Much higher performance of your applications.

B) No maintenance of hardware and only paying for what you use. Virtual Machines on Azure abstract away the physical hardware layer. You don't own the hardware and don't have to worry about maintenance. Your VM will always be available regardless of any hardware issues (which are Microsoft's problem). Azure VMs are not necessarily cheaper to run or have higher performance, but you don't have to worry about maintenance or purchase of the hardware. Further information: https://azure.microsoft.com/en-gb/services/V-machines/

ACG - What is an availability zone? A) A set of data centres close together. B) One or more datacenters equipped with independent power, cooling, and networking. C) A collection of software that can enable high scalability at short notice. D) One of more datacenters that are close together to provide backup.

B) One or more datacenters equipped with independent power, cooling, and networking. Availability zones can ensure that your Azure application can handle outages and hardware failures. It can be a set of datacenters, but often availability zones are within the same datacenter too. It doesn't relate directly to scalability. Further information: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

MSFT - Cloud Concepts - Principles of cloud computing: You're developing an application and want to focus on building, testing, and deploying. You don't want to worry about managing the underlying hardware or software. Which cloud service type is best for you? A) Infrastructure as a Service (IaaS) B) Platform as a Service (PaaS) C) Software as a Service (SaaS)

B) Platform as a Service (PaaS) Platform as a Service is the best choice here because the PaaS services handle the IT management tasks for you, so you can focus on writing code.

ACG - You currently have a Basic level of support agreement with Microsoft, but your CTO has requested the company has an Azure Technical Account Manager (TAM) available to them. What is the minimal level of support contract that your company needs to achieve this? A) Standard B) Premier C) Developer D) Professional

B) Premier To be allocated a Technical Account Manager you require the highest level of Microsoft Azure support contract which is the Premier tier. Further information: https://azure.microsoft.com/en-in/support/plans/

MSFT - Predict costs and optimize spending for Azure Which tab of the Azure pricing calculator will you use to put together your estimate? A) Estimate B) Products

B) Products This tab has all the Azure services listed and is where you'll add or remove services to get your estimate.

ACG - If you want to have a response time of no more than 2 hours for severity B incidents, what is the minimum support plan you need? A) Standard B) Professional Direct C) Developer D) Premier

B) Professional Direct The Professional Direct support plan is the lowest plan that offers 2 hour response to severity B incidents. The Standard plan is 4 hours and the Developer tier doesn't have a response time for severity B. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - What is the easiest way to quickly determine your security posture on Azure? A) Create a new virtual machine and observe the initial security concerns as noted by the Azure Security Center. B) Read the secure score in the Azure Security Center. C) Use the security coverage calculator in the Azure Portal to estimate the coverage of your security policies. D) Set up an Azure Firewall and monitor how many malicious requests are stopped.

B) Read the secure score in the Azure Security Center. Azure Security Center constantly reviews your active recommendations and calculates your secure score based on them. Further information: https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score

MSFT - Core Cloud Services - Azure data storage options Suppose you work at a startup with limited funding. Why might you prefer Azure data storage over an on-premises solution? A) To ensure you run on a specific brand of hardware, which will let you form a marketing partnership with that hardware vendor. B) The Azure pay-as-you-go billing model lets you avoid buying expensive hardware. C) To get exact control over the location of your data store.

B) The Azure pay-as-you-go billing model lets you avoid buying expensive hardware. There are no large, up-front capital expenditures (CapEx) with Azure. You pay monthly for only the services you use (OpEx).

ACG - What is significant about resource groups in Azure? A) Resource groups can only hold foundational resource types. B) They aren't resources, but all resources must be in one. C) Resource groups don't contain any data, and are assigned rather than created. D) Resource groups are transferrable between regions.

B) They aren't resources, but all resources must be in one. Resources belong to a resource group, which can be a logical, geographical, customer-specific or any other type of grouping. Resource groups can contain any kind of resources from Azure, and resource have some data, which describes the resource group itself. Resource groups cannot be moved between regions. Further information: https://docs.microsoft.com/en-gb/azure/azure-resource-manager/management/overview

ACG - What is the primary use for disk storage? A) Store files larger than 2GB. B) To attach to a Virtual Machine to act as a Virtual hard drive. C) Backup facility for Virtual Machines. D) Archive large amounts of data. E) Attach to a load balancer to increase performance and throughput.

B) To attach to a Virtual Machine to act as a Virtual hard drive. Disk storage is a full Virtual hard disk that you can access. It is ideal as the disk for a Virtual machine. In fact, when you create a Virtual machine, disk storage is created too. Archive storage is different to disk storage, and while you can certainly use disk storage as backup, it is not the primary usage scenario. Further information: https://docs.microsoft.com/en-au/azure/V-machines/windows/disks-incremental-snapshots https://azure.microsoft.com/en-au/services/storage/disks/

ACG - What is a scenario where file storage is a good solution? A) Temporary file storage for a web application. B) Use Azure File Storage to supplement your on-premises file storage. C) Store files larger than 2GB. D) Archive large amounts of data.

B) Use Azure File Storage to supplement your on-premises file storage. File storage is, as the name suggest, perfect for storing files of varying types and sizes. Use file storage as an extension of your on-premises file systems to never run out of space and also prioritise what data you keep on-premises. Further information: https://azure.microsoft.com/en-au/services/storage/files/

ACG - Your company has a new Azure virtual network that needs to be secured. What is the best way to only allow specific kinds of outside traffic into this network? A) Use a load balancer in front of the network to use rules to limit the traffic. B) Use an Azure Firewall attached to the virtual network. C) Using the Azure DDoS Protection Service when configured for inbound traffic. D) Use an Azure Network Security Group attached to the virtual network.

B) Use an Azure Firewall attached to the virtual network. Azure Firewall blocks any incoming or outgoing traffic that isn't specifically allowed on a network. A Network Security Group manages the traffic to specific services, Azure DDoS Protection Service protects against attacks and a load balancer distributes traffic to specific VMs. Further information: https://docs.microsoft.com/en-us/azure/firewall/firewall-faq

ACG - You want to protect your Azure services from attacks that send large amounts of traffic from the outside world. Which is the best way you can do this? A) Use Advanced Threat Protection to secure the network. B) Use the Azure DDoS Protection Service to protect against denial of service attacks. C) Use an Azure Firewall attached to the virtual network that faces the Internet. D) Use a load balancer in front of the services to mitigate the attacks and distribute the traffic to multiple machines.

B) Use the Azure DDoS Protection Service to protect against denial of service attacks. Azure DDoS Protection protects against denial of service attacks, which involve large amounts of data directed at your service. Azure Firewall only looks at each individual request. Advanced Threat Protection monitors user behaviour internally on Azure. A load balancer only directs traffic. Further information: https://azure.microsoft.com/en-au/services/ddos-protection/

ACG - Which statement best describes a Hybrid Cloud architecture? A) Cannot be used with Microsoft Azure B) Utilizes services of both Public and Private Clouds C) Special use case for secure Government workloads D) Does not require any on-premise hardware

B) Utilizes services of both Public and Private Clouds A Hybrid Cloud architecture describes a solution that utilizes both Public and Private Cloud offerings, including private on-premise systems. This is useful, because it allows companies the flexibility of the cloud, but can also manage tight governance requirements which may not allow certain data to be held in the Public Cloud. This can require on-premise hardware. This approach is possible with Microsoft Azure, and is not specific to any type of workloads, although Governments may find this especially useful. Further information: https://azure.microsoft.com/en-au/overview/what-is-hybrid-cloud-computing/

ACG - You have a virtual machine that is highly sensitive and requires complete isolation from any other virtual machines. What is the best service to use to achieve this requirement? A) Load Balancer B) Virtual network C) Traffic manager D) Public IP address

B) Virtual network To completely isolate the virtual machine you would use a separate Virtual Network. Although it is possible to achieve this via routing tables and separate subnets in the same VNet, a separate VNet ensures complete isolation. Further information: https://docs.microsoft.com/en-us/azure////virtual-network/virtual-networks-overview

MSFT - Core Cloud Services - Introduction to Azure When should you scale out your deployment? A) When your application or service requires a more powerful CPU or more memory to run faster. B) When you need additional virtual machines to speed up your application. C) When you're using excess capacity that you don't need.

B) When you need additional virtual machines to speed up your application. Scaling out means adding additional systems, such as virtual machines. For example, you might create many virtual machines configured in the same way and use a load balancer to distribute work across them.

ACG - Which of the following are viewed as benefits of Public Cloud computing? (Choose 3) A) Capex pricing model B) Globally scalable C) Economy of scale D) Higher costs E) You no longer require an IT department F) On demand capacity

B, C and F There are many benefits to utilising the Cloud - such as having access to globally scalable on-demand capacity, and through the shared security model taking advantage of the knowledge and investment that Cloud providers have built into their product offerings. Further information: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview#targetText=With%20Azure%20Load%20Balancer%2C%20you,high%20availability%20for%20your%20services.&targetText=Additionally%2C%20a%20public%20Load%20Balancer,addresses%20to%20public%20IP%20addresses.

ACG - What are some of the likely outcomes from using Big Data analytics? (Choose 3) A) More secure access to company infrastructure. B) Create products better aligned to customer needs. C) Cost reduction on data storage. Better decision making from immediate analysis. D) A decoupling of business decisions from the development of new products. E) Cheaper and more accessible cloud computing products.

B, C, D Analyzing Big Data can often lead to more precise decision making for a business, a cost reduction on the storage of the data using a service like Azure Data Lake, and better products that take customer feedback and behavior into account. Further information https://azure.microsoft.com/en-au/product-categories/analytics/

ACG - What are some of the main aims of collecting and processing Big Data? (Choose 3) A) More robust use of the data. B) Cost reduction of data storage. C) Compliance with the current data usage regulations. Faster and better decision making. D) Speed and efficiency of analytics. E) Finding new algorithms to make the data commercial and derive value from it.

B, D, E Big Data is a technology that enables speed and efficiency when analyzing the data, cost reduction for storing the enormous amounts of data, and faster and better decision making for companies based on the data and analysis of it. Further information: https://azure.microsoft.com/en-au/solutions/architecture/advanced-analytics-on-big-data/

ACG - Which are valid support channels for Azure? (Choose 3) A) Phone a friend. B) Technical forums. C) Call Azure support on the regional number provided in the Azure Portal. D) Azure documentation. E) Social media. F) Press all the buttons in the Azure Portal.

B, D, E The Azure documentation, technical forums and official Azure social media accounts are all good ways to interact with experts and Azure professionals. There is no regional standard phone support. Pressing all the buttons may be fun, but you might also pay for that new NS48 v3 virtual machine at $6.8 per hour. Further information: https://docs.microsoft.com/en-us/azure/ https://social.technet.microsoft.com/forums/azure/en-us/home?category=windowsazureplatform

ACG - Which factors have an influence on the cost of using products and services on Azure? (Choose 3) A) The age of the resource. B) The location of the service or resource. C) Resource usage. The more you use it, the cheaper it gets. D) How much bandwidth you will use. E) Resource size.

B, D, E The factors that influence price of a service on Azure are resource size, resource location and the amount of bandwidth being used. How much you use a resource or the age of it do not influence the price. Further information: https://azure.microsoft.com/en-au/pricing/

ACG - Which are factors used to verify a user with multi-factor authentication? (Choose 3) A) Something you say. B) Something you know. C) Something you are. D) Something you feel. E) Something you have. F) Something you can recall quickly.

B,C,E Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods, being something you know, have or are. Further information: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks

ACG - Which of the following are benefits of Azure geographies? (Choose 3) A) Any Azure geography can be used by anyone B) Azure has geographies throughout the world C) Data residency is honoured within the geographical boundary D) Data can move freely between geographies E) They are fault tolerant and can withstand complete region failure

B,C,E Azure has geographies in the Americas, Europe, Asia Pacific, the Middle East and Africa providing data residency within each region to give customer piece of mind over their data sovereignty. To be able to use certain geographies, such as China, requirements must first be met. Further information: https://azure.microsoft.com/en-us/global-infrastructure/geographies/

ACG - Which are Internet of Things services on Azure? (Choose 2) A) IoT Services. B) IoT Virtual Box. C) IoT Central. D) IoT Hub. E) IoT App Services. F) IoT Management Studio.

C and D There are many Azure services for Internet of Things. Two of them are IoT Hub and IoT Central. The others listed are not valid Azure services. Further information: https://azure.microsoft.com/en-au/overview/iot/

ACG - What are region pairs? A) A method to route traffic between two Availability Zones B) Two or more regions in an Availability Set C) A region that is linked with another region in the same geography D) Two geographies working together to host an application

C) A region that is linked with another region in the same geography Azure has the concept of region pairs, these are two or more regions that are at least 300 miles apart within a single Geography. This enables the ability to replicate certain resources such as virtual machine storage across the geography providing protection against such events as natural disasters or civil unrest. Further information: https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-regions

ACG - What is a PowerShell cmdlet? A) An piece of advice from Microsoft about PowerShell updates. B) A PowerShell scripting language specifically for Azure. C) A small lightweight command to perform an action. D) A lightweight version of PowerShell that can run on mobile devices.

C) A small lightweight command to perform an act Cmdlets make up the majority of Azure features for PowerShell. This makes it easier to be consistent and efficient when interacting with Azure resources. There is no lightweight version of PowerShell and PowerShell works with many different services in Windows. Further information: https://docs.microsoft.com/en-us/powershell/scripting/developer/cmdlet/cmdlet-overview?view=powershell-6 https://docs.microsoft.com/en-us/powershell/azure/?view=azps-3.0.0

ACG - Which definition best describes compute on Microsoft Azure? A) A Virtual Machine. B) An optional component to improve the efficiency of Azure. C) Any service that performs or enables a computation. D) Any serverless service, such as Azure Functions.

C) Any service that performs or enables a computation. Compute is one of three foundational components of cloud computing. The other two are network and storage. This means that any service that performs a compute function on Azure is part of "Compute" on Azure. It isn't a single service. Further information: https://azure.microsoft.com/en-au/product-categories/compute/

ACG - You are in a client meeting with a customer and learn that the customer would like to run their website from their own vNET and subnets, but due to staff constraints they would like the least amount of overhead on the team as possible. Which Azure service would you recommend to the client? A) App Services B) Virtual Machines C) App Service Environment D) Azure Container Service

C) App Service Environment Azure App Service Environment is a deployment of Azure App Service into a subnet in a customer's Azure virtual network. It provides a fully isolated and dedicated environment for security running App service apps at high scale. Azure App Service Environment is a Platform-as-a-Service offering which enables teams to focus on building the application instead of managing the underlying hardware and operating systems. Further information: https://docs.microsoft.com/en-us/azure/app-service/environment/using-an-ase

ACG - When can you remove a resource group from Azure? A) Resource groups can be removed when an account is deactivated. B) When all the resources in the resource group have stopped. C) At any time. D) Only when the resource group is empty.

C) At any time. When a resource group is removed or deleted, all of the resources within it are deleted with it. You can remove resource groups at any time. Further information: https://docs.microsoft.com/en-gb/azure/azure-resource-manager/management/delete-resource-group?tabs=azure-powershell

ACG - How is authorization different from authentication? A) Authorization is validating the IP address you are using has access to the application. B) There is no difference. C) Authentication is verifying that you are who you say you are. Authorization is granting access to features, sections, applications and more, once you have authenticated. D) Authorization is verifying that you are who you say you are. Authentication is granting access to features, sections, applications and more, once you have authenticated.

C) Authentication is verifying that you are who you say you are. Authorization is granting access to features, sections, applications and more, once you have authenticated. Authentication is confirming users are who they say they are. Authorization is granting them access to features and areas once authenticated. Further information: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios

MSFT - Core Cloud Services - Azure architecture and service guarantees To use Azure datacenters that are made available with power, cooling, and networking capabilities independent from other datacenters in a region, choose a region that supports _________? A) Geography distribution B) Service-Level Agreements (SLAs) C) Availability Zones

C) Availability Zones Availability Zones are datacenters set up to be an isolation boundary from others in the region, with their own power, cooling, and networking. If one zone in a region goes down, other Availability Zones in the region continue to work.

ACG - You are migrating an application from on premise to the Azure Cloud, the application communicates with a file share hosted on a Windows server that no other applications have access to. Which Azure storage service could be used to migrate the file share to? (Choose 2) A) Azure Data Lake B) SQL Data Warehouse C) Azure Disks D) Azure files

C) Azure Disks D) Azure files Both Azure Files and Azure Disks can be used to house the migrated Windows file share data. Further information: https://azure.microsoft.com/en-gb/services/storage/files/ https://azure.microsoft.com/en-gb/services/storage/disks/

ACG - Your company wants to use Azure to manage all of their IoT devices. They are going to create the infrastructure themselves, but need a backend in Azure to manage the flow of data, and to ensure security as well as ease of deployment of new devices. Which Azure product or solution would be suitable? A) A combination of Azure Edge for IoT combined with a CDN and Cosmos DB will meet the requirements. B) Azure IoT Central is the perfect SaaS solution for this scenario. C) Azure IoT Hub provides a managed and secure backend for millions of IoT devices. D) Azure Event Grid is perfect for connecting millions of devices with a backend.

C) Azure IoT Hub provides a managed and secure backend for millions of IoT devices. Azure IoT Hub is a solution for providing managed services for large IoT projects. It provides secure and reliable communication from devices to the Azure backend. Azure IoT Central is a SaaS solution that provides both managed connections and security as well as the dashboards and applications to use the data. Event Grid is used to connect many Azure services. Further information: https://azure.microsoft.com/en-au/services/iot-hub/

.MSFT - Core Cloud Services - Security, responsibility, and trust in Azure You want to store certificates in Azure to centrally manage them for your services. Which Azure service should you use? A) AIP B) Azure AD C) Azure Key Vault D) Azure ATP

C) Azure Key Vault Azure Key Vault is the correct answer, because it is a centralized cloud service for storing application secrets, referred to as a secret store.

MSFT - Core Cloud Services - Azure networking options Which is true about Azure Load Balancer? A) You must use Azure Load Balancer if you want to distribute traffic among your virtual machines running in Azure. B) Azure Load Balancer works with internet-facing traffic only. C) Azure Load Balancer distributes traffic among similar systems, making your services more highly available.

C) Azure Load Balancer distributes traffic among similar systems, making your services more highly available. If one system is unavailable, Azure Load Balancer stops sending traffic to it. It then directs traffic to one of the responsive servers.

ACG - Which of the below is a compute service which allows you to run VMs inside a cloud network? A) Cloud Services B) Azure Virtual Network C) Azure Virtual Machines D) Redis Cache

C) Azure Virtual Machines Azure Virtual machines is a compute service which allows you to run virtual machines in the Cloud. Further information: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview

MSFT - Create an Azure account: When you create an Azure resource like a virtual machine, you select the ______________ it belongs to. A) Billing account B) Billing profile C) Azure subscription

C) Azure subscription An Azure subscription is a container used to provision resources in Azure.

ACG - What type of storage is archive storage? A) It's own type. Archive storage. B) Disk storage C) Blob storage. D) File storage.

C) Blob storage. Archive storage is a very cheap version of blob storage meant to store data that is very infrequently used, such as system backups. File storage is meant for storing your company files in the cloud. Disk storage is used as disk drive for Virtual Machines. Further information: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal

MSFT - Core Cloud Services - Security, responsibility, and trust in Azure Which of these approaches is the strongest way to protect sensitive customer data? A) Encrypt data as it sits in your database B) Encrypt data as it travels over the network C) Encrypt data both as it sits in your database and as it travels over the network

C) Encrypt data both as it sits in your database and as it travels over the network Encrypting your data at all times, both as it sits in your database and as it travels over the network, minimizes the opportunity for an attacker to access your data in plain text.

ACG - Why is cloud agility important for businesses? A) To automatically improve the fidelity of resource usage and utilize the platform better. B) To be able to quickly scale resources when needed at short notice. C) Focus on business value instead of provisioning and maintenance of resources. D) To increase the return on investment from using cloud elasticity.

C) Focus on business value instead of provisioning and maintenance of resources. The agility of cloud computing lets businesses focus on the important decisions and not setting up infrastructure and other non-core activities. Cloud elasticity doesn't relate to agility as a business advantage and scaling resources quickly is cloud scalability. Further information: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/agility-outcomes

ACG - A cloud architecture consisting of both on-premise and public cloud networks is joined to allow applications to operate across the two. What is this known as? A) Public Cloud B) Private Cloud C) Hybrid Cloud D) Stretched Cloud

C) Hybrid Cloud A Hybrid Cloud is created when on-premise and public cloud environments are joined. This is a method many companies with existing on-premise infrastructure transition through in their journey to cloud, as it gives flexibility between the two environments and enables a phased migration approach. Further information: https://docs.microsoft.com/en-gb/Office365/Enterprise/microsoft-cloud-it-architecture-resources

MSFT - Cloud Concepts - Principles of cloud computing: Suppose you have two types of applications: legacy applications that require specialized mainframe hardware and newer applications that can run on commodity hardware. Which cloud deployment model would be best for you? A) Public cloud B) Private cloud C) Hybrid cloud

C) Hybrid cloud A hybrid cloud is a public and private cloud combined. You can run your new applications on commodity hardware you rent from the public cloud and maintain your specialized mainframe hardware on-premises.

ACG - Which type of cloud service gives you the most flexibility and control over the solutions you implement? A) SaaS B) PaaS C) IaaS D) FaaS

C) IaaS IaaS, or Infrastructure as a Service, is the most flexible of cloud services, allowing you the most control over the solutions you implement in Azure, where you can run your own virtual machines, and design your own storage. Platform as a Service (PaaS) manages the OS, Middleware, and Runtimes. Function as a Service (FaaS) is similar to PaaS in this respect. Software as a Service (SaaS) manages the Applications and Data. Further information: https://azure.microsoft.com/en-au/overview/what-is-iaas/ https://azure.microsoft.com/en-au/overview/what-is-paas/ https://azure.microsoft.com/en-au/overview/what-is-saas/

ACG - When would you use Azure Logic Apps to solve a problem? A) When a Function can't solve a problem as a single task. B) If you have to send emails as part of your workflow when processing data from multiple data sources. C) If you have to integrate very different systems inside and outside of Azure. D) When you have to use more than one Azure subscription. E) If there are too many integration points to handle with Azure Functions.

C) If you have to integrate very different systems inside and outside of Azure. Logic Apps are a way to connect many different and varied systems both within and outside Azure. You can integrate apps, data, systems, and services across enterprises or organizations. Further information: https://azure.microsoft.com/en-au/services/logic-apps/ https://docs.microsoft.com/en-au/azure/logic-apps/

ACG - Your company is migrating an internal web application to the cloud. The application requires specific configuration changes within the Operating System. Which of the following cloud deployment solutions would be most suitable? A) Software as a Service (SaaS) B) Function as a Service (FaaS) C) Infrastructure as a Service (IaaS) D) Platform as a Service (PaaS)

C) Infrastructure as a Service (IaaS) Only Infrastructure as a Service provides the required level of access to the Operating System. Platform as a Service (PaaS) is a complete development and deployment environment in the cloud, but does not provide the same level of Operating System access as an IaaS solution. Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet but provides no access to the Operating System. Function as a Service (FaaS) such as Azure Functions are small single-purpose applications which do not provide Operating System access. Further information: https://azure.microsoft.com/en-au/overview/what-is-iaas/

ACG - What is a good reason to use the Azure CLI? A) You can use products and services that aren't available in the Azure Portal. B) You can use the Azure CLI with more than one cloud provider. C) It rarely changes, and the commands stay the same for the most part. D) It makes it cheaper to use Azure, as you don't have to pay for the Azure Portal.

C) It rarely changes, and the commands stay the same for the most part. The Azure CLI is all text based, thus there is no user interface to change. This means that the commands and procedures stay very static in the tool. You can use all products and services with the CLI. The Azure CLI only works with Azure, and there is also no cost to use the Azure Portal. Further information: https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest

ACG - You are about to embark on your migration to Azure but before you begin your manager has requested your companies support contract with Microsoft contains the ability to request Architectural guidance. What is the lowest level of support contract that will achieve this? A) Developer B) Premier C) Professional Direct D) Standard

C) Professional Direct The Professional Direct support contract is the lowest level of contract that contains Architectural guidance based on best practice which is delivered by a ProDirect Delivery Manager Further information: https://azure.microsoft.com/en-gb/support/plans/

ACG - What does Azure Information Protection do? A) Provides a managed service for hardware security modules in the cloud. B) Safeguards and allows control over keys and secrets. C) Provides the ability to securely share sensitive data with others. D) Allows you to centrally create and log application and network connectivity policies.

C) Provides the ability to securely share sensitive data with others. Azure Information Protection helps control and secure information (including emails and documents) that is shared outside of your organization. Azure Firewall allows you to centrally create, enforce, and log application and network connectivity policies. Azure Key Vault safeguards and allows control over keys and secrets. And, Azure Dedicated HSM provides a managed service for hardware security modules in the cloud. Further information: https://azure.microsoft.com/en-au/services/information-protection/

ACG - How do resources on Azure use a Virtual Network? A) Resources on a free account don't have to be on a Virtual Network to use Azure. B) All resources must be connected to a Virtual Network to use the Azure platform. C) Resources that need to communicate with other Azure resources or resources on the Internet do so through a Virtual Network. D) Any resource that communicates with the public Internet has to be on a Virtual Network.

C) Resources that need to communicate with other Azure resources or resources on the Internet do so through a Virtual Network. A Virtual Network connects Azure services to allow them to communicate with each other and with the outside world. Some resources, such as Virtual Machines, must have a Virtual network connection, where others, such as App Services, are not required to. The type of Azure subscription has no influence on how a Virtual Network is used. Further information: https://docs.microsoft.com/en-us/azure/V-network/V-networks-overview

ACG - What is a fully managed platform on Azure? A) You can pay a monthly fee to have Microsoft look after the maintenance of your applications and services on Azure. B) Every part of your Azure services are looked after by Microsoft. This means you only have to worry about your application development. C) Servers, network, storage and more is all managed by Azure. You focus on your business value and logic. D) The fully managed platform on Azure is a specific subscription that provides extra support for your Azure services.

C) Servers, network, storage and more is all managed by Azure. You focus on your business value and logic. A managed platform means the provider manages the infrastructure layer, such as VMs, disks, networks and more. You only have to focus on the core functionality of your application. Managed services on Azure are available on all subscription types and comes at no extra cost. Further information: https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/managed-services

ACG - Your security team is hesitant to permit access to the Azure Public Cloud - to help reassure them of the compliance certifications awarded to Azure what service can you direct them to? A) Azure Active Directory Audit Logs B) Gartner magic quadrant reports C) Service Trust Portal D) Azure Monitor

C) Service Trust Portal The Service Trust Portal is the central location for all published audit reports of the Azure platform as well as risk assessments and security best practices. Further information: https://servicetrust.microsoft.com/

ACG - Which Azure Support Plan offers 24x7 access to technical support engineers, at the lowest cost? A) Professional Direct B) Developer C) Standard D) Premier

C) Standard The Standard support plan includes 24x7 access to Support Engineers via email and phone. The Standard support plan is recommended for customers running Production workloads (meaning, things that are in use by the business as part of their daily processes). Since businesses need to ensure that their business processes can keep running, that's why having 24x7 support makes the most sense here. Developer is a cheaper support plan, but only offers Business Hours access to Support Engineers via email, and may not be suitable if an outage is impacting our business. Professional Direct and Premier both offer 24x7 phone and email support, but at substantially higher prices. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - What of the following apply to Azure Service Health? A) Available only for paid Azure support plans. B) Provides the same information as Resource Health. C) Supports both planned and unplanned outages. D) Does not support real-time tracking of incidents. E) Must be activated for each service.

C) Supports both planned and unplanned outages. Azure Service Health is a free service available to all Azure users which provides a personalized dashboard highlighting both planned and unplanned service issues affecting your resources. Real-time tracking is provided as part of this service. Azure Service Health does not need to be activated for each service. Resource Health only provides information about the health status of your Azure resources. Further information: https://azure.microsoft.com/en-au/features/service-health/

ACG - Why would you use the Azure Cloud Shell instead of the Azure CLI or PowerShell? A) You can update the Cloud Shell independently of Azure CLI and Azure PowerShell. B) The Cloud Shell is free for 12 months. C) The Cloud Shell can be used entirely in a web browser and can be used across multiple devices. D) The Cloud Shell gets new features first.

C) The Cloud Shell can be used entirely in a web browser and can be used across multiple devices. The Cloud Shell is 100% browser based and provides a complete environment for either the Azure CLI or PowerShell. It is always free and gets features the same time as the Azure CLI and PowerShell. Further information: https://azure.microsoft.com/en-au/features/cloud-shell/

ACG - Which cloud ability does elasticity describe? A) The ability to turn resources on and off quickly across regions. B) Elasticity is the same as scalability and describes an increase in resources. C) The ability to quickly expand or decrease computer processing, memory and storage resources. D) The ability to create identical resources in multiple locations globally.

C) The ability to quickly expand or decrease computer processing, memory and storage resources. Elasticity is a core benefit of cloud computing and lets even small businesses take advantage of the cloud. Elasticity is not the same as scalability, resources do not have to be identical to be elastic, and turning resources off and on quickly is just how Azure rolls. Further information: https://azure.microsoft.com/en-au/overview/what-is-elastic-computing/

MSFT - Core Cloud Services - Azure architecture and service guarantees: Application availability refers to what? A) The service level agreement of the associated resource. B) Application support for an availability zone. C) The overall time that a system is functional and working.

C) The overall time that a system is functional and working. The time that a system is working is referred to as the application availability.

ACG - What does fault tolerance describe for cloud computing? A) A complete plan to recover critical business systems and normal operations, in case of a disaster. B) The ability for multiple regions within Azure to "cover" each other in case of an outage. C) The resilience of cloud computing to guarantee no downtime. D) A system within Azure that uses cloud computing resources to mitigate faults quickly.

C) The resilience of cloud computing to guarantee no downtime. Some computing systems require no downtime whatsoever. Using the cloud to leverage fault tolerance can guarantee this. Faults aren't just mitigated quickly, but instantly. Regions covering each other is called geo-redundancy, and recovery plans should always be part of a cloud implementation. Further information: https://docs.microsoft.com/en-us/archive/msdn-magazine/2015/september/microsoft-azure-fault-tolerance-pitfalls-and-resolutions-in-the-cloud https://medium.com/microsoftazure/tagged/fault-tolerance

MSFT - Core Cloud Services - Azure networking options What is network latency? A) The amount of data that can fit on the connection. B) The distance data must travel to reach its destination. C) The time it takes for data to travel over the network.

C) The time it takes for data to travel over the network. Latency measures the time it takes for data to reach its destination. Latency is typically measured in milliseconds.

ACG - You are in charge of an Azure database that has valuable and sensitive data stored in it. You need a third party client to access this data. How would you provide access in the most secure way? A) Use Azure Information Protection to secure and track any piece of data accessed. B) Store the data in the secure tier data storage and provide access via a secure token only. C) Use Azure Key Vault to protect and share the password without revealing it. D) Use Azure Key Vault to create a single use password for the database. The client can use this to get an authentication token for further use.

C) Use Azure Key Vault to protect and share the password without revealing it. Azure Key Vault is used to protect secrets and passwords. You can share these secrets and passwords with third parties without revealing them. This allows access to your resources securely to third parties. Further information: https://azure.microsoft.com/en-au/services/key-vault/ https://docs.microsoft.com/en-us/azure/key-vault/basic-concepts

ACG - Your company, A Llama Guru, is becoming increasingly popular (why wouldn't it be?). You have to add more virtual machines to run your web facing application. What is the best way to ensure that traffic is distributed and that all virtual machines are being used optimally? A) Use an Azure Application Gateway to recognize the application requested and guide the traffic to the appropriate machine. B) Create a pool of identical virtual machines that can all take an equal share of the incoming requests. C) Use Azure Load Balancer to distribute the inbound flow of internet traffic to a backend pool of virtual machines. D) Use a VPN Gateway to route secure and insecure requests to the appropriate virtual machine in your backend pool.

C) Use Azure Load Balancer to distribute the inbound flow of internet traffic to a backend pool of virtual machines. An Azure Load Balancer service is used to distribute all incoming requests to a web endpoint, and then guiding it to an instance in a backend pool of servers. Application Gateway is used to route traffic to specific VMs based on traffic properties such as the URL. A VPN Gateway is used to link Azure and your on-premises account securely as if on the same network. Further information: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

ACG - To manage spending on Azure, what is a recommended best practice? A) Use the subscription credit limits, which are built into all Azure subscriptions. B) Monitor frequently used services and keep track of any excess usage using the Azure Spending Manager. C) Use Azure spending limits on resources and services. D) Use Azure Alerts to get notified of when spending exceeds the subscription limits.

C) Use Azure spending limits on resources and services. Azure spending limits are the recommended way to manage the total spend on your Azure subscription. When your usage results in charges that exhaust your spending limit, the services that you deployed are disabled for the rest of that billing period. It is futile to manually monitor the spending of Azure services. Further information: https://docs.microsoft.com/en-us/azure/billing/billing-spending-limit

MSFT - Core Cloud Services - Security, responsibility, and trust in Azure Which of these options helps you most easily disable an account when an employee leaves your company? A) Enforce multi-factor authentication (MFA) B) Monitor sign-on attempts C) Use single sign-on (SSO)

C) Use single sign-on (SSO) SSO centralizes user identity, so you can disable an inactive account in a single step.

MSFT - Core Cloud Services - Azure compute options: Suppose you have an existing application running locally on your own server. You need additional capacity but prefer to move to Azure instead of buying upgraded on-premises hardware. Which compute option would likely give you the quickest route to getting your application running in Azure? A) Serverless computing B) Containers C) Virtual machines

C) Virtual machines You have full control over the VM setup, so you can configure it to match your on-premises server. This control will allow your existing application to run on the Azure VM with little or no change.

MSFT - Core Cloud Services - Azure compute options The compute options give you different levels of control over the configuration of the environment in which your application runs. Which of the following lists the compute options in order of your control from "most control" to "least control"? A) Serverless computing, containers, virtual machines B) Containers, serverless computing, virtual machines C) Virtual machines, containers, serverless computing

C) Virtual machines, containers, serverless computing Virtual machines give you full control over the environment. Containers give you limited control. Serverless computing does not allow you to do any infrastructure configuration.

ACG - Which of the following are tools in Azure DevOps? (Choose 3) A) Azure Operations. B) Azure Deployment. C) Azure Artifacts. D) Azure Automation. E) Azure Pipelines. F) Azure Boards.

C, E, F There are currently 5 services in Azure DevOps. Boards for managing and tracking projects. Azure Pipelines for building, testing and deploying projects. Azure Repos for storing and managing code. Azure Test Plans for conducting manual tests and automating tests. Azure Artifacts for hosting and sharing packages to share functionality across teams. Further information: https://azure.microsoft.com/en-au/services/devops/

ACG - What is the difference between private and public cloud? A) A private cloud is hosted on a network not connected to the Internet. A public cloud is on the public Internet. B) A private cloud only has access to selected Azure resources. A public cloud can access all Azure resources. C) A private cloud requires higher security measures for access than a public cloud. D) A private cloud has restricted access to services. A public cloud is accessible to any user.

D) A private cloud has restricted access to services. A public cloud is accessible to any user. Both private and public cloud solutions are useful in various scenarios. Private clouds have restricted access to services whereas the public cloud is accessible to any user. A private cloud is most often connected to the Internet and works the same way as a public cloud when it comes to security and Azure management. Private clouds can have access to all Azure features too. Further information: https://azure.microsoft.com/en-au/overview/what-are-private-public-hybrid-clouds/

ACG - What is a security policy in Security Center? A) The individual user settings for using the Security Center. B) A security policy outlines the necessary security measures for a compliant service in Azure. C) A more detailed version of the settings for an Azure service. You can also automate them. D) A security policy is a set of rules that Azure can use to evaluate if your configuration of a service is valid.

D) A security policy is a set of rules that Azure can use to evaluate if your configuration of a service is valid. https://docs.microsoft.com/en-us/azure/security-center/tutorial-security-policy

ACG - You realise that there have been several attempts to compromise user credentials for your Azure account using brute force. What is an Azure service than can warn you about this? A) Azure Monitor. B) Azure Information Protection C) Azure Key Vault D) Advanced Threat Protection

D) Advanced Threat Protection Advanced Threat Protection monitors user behavior, and if there is something out of the ordinary you will get an alert. Azure Information Protection protects documents and emails Azure Key Vault protects your passwords and secrets. Azure Monitor is used to monitor the health and performance of your virtual machines and other services. Further information: https://azure.microsoft.com/en-au/features/azure-advanced-threat-protection/

ACG - What can you store in a blob container inside Azure Storage? A) Any kind of binary file that is less than 4096KB in size. B) Only known binary formats such as images, video and text documents. C) Binary files that comply with the Azure data types defined for the storage type. D) Any kind of binary file, such as videos, images, documents and applications.

D) Any kind of binary file, such as videos, images, documents and applications. Blob containers on Azure act similar to directories in a file system. They can contain an unlimited number of blobs. A blob can be any type of text or binary file, up to about 4.7 TB. Further information: https://azure.microsoft.com/en-au/services/storage/blobs/ https://docs.microsoft.com/en-au/azure/storage/blobs/storage-quickstart-blobs-dotnet

ACG - How does scalability on Azure work? A) If an account has more than one Azure region active, resources can be copied between these regions. B) Any Virtual Machine can be scaled up or down to add more CPUs and memory. C) Scaling of resources on Azure is currently not possible. D) As resource demand increases, Azure can split the demand over more resources and scale the application.

D) As resource demand increases, Azure can split the demand over more resources and scale the application. Scalability is a core benefit of cloud computing, and allows any application to add resources almost instantly as demand increases. Scalability is not working across regions, but rather within the same application. Further information: https://azure.microsoft.com/en-au/product-categories/compute/

ACG - You are creating a new application which will be consumed throughout the world and requires near real time responsiveness from the database layer. The web and application layers will also be duplicated across the world however you require a single database platform with a single connection endpoint. Which database should you choose? A) Azure SQL Database B) Azure Database for MySQL C) Azure Database for PostgreSQL D) Azure Cosmos DB

D) Azure Cosmos DB Azure Cosmos DB is a globally distributed database service that is designed to provide low latency, elastic scalability of throughput, data consistency, and high availability. Although there is the possibility to replicate data with the other database types such as Azure SQL Database using the geo-replication function this does not provide a single endpoint for your application. Further information: https://docs.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally

ACG - What is the best definition of Azure DevOps? A) A platform to manage Azure resources meant for development, such as App Services, Azure Functions and Visual Studio Online. B) A specific section of the Azure Portal where you can manage operational parts of your infrastructure. C) A way to write better code and find bugs faster. D) Azure DevOps is a suite of 5 different tools to create more robust software, faster.

D) Azure DevOps is a suite of 5 different tools to create more robust software, faster. Azure DevOps is a set of modern tools to create more robust software, faster. It is used by both operational people and developers to manage the entire life cycle of software products. It has its own separate web portal, but is fully integrated into Azure. It isn't only meant for development services on Azure, but all services that you can deploy code and infrastructure to. Further information: https://azure.microsoft.com/en-au/services/devops/ https://docs.microsoft.com/en-au/azure/devops/?view=azure-devops&viewFallbackFrom=vsts

ACG - What kind of questions and answers can you find in the Azure Knowledge Center? A) Architectural diagrams, white papers and in depth technical articles on how to get the most out of your Azure resources. B) A selection of the Azure documentation and articles found on TechNet. C) Over 100,000 user submitted questions and answers. D) Common questions asked when first starting to use Azure.

D) Common questions asked when first starting to use Azure. The Knowledge Center provides answers to a range of the most common questions asked. The focus is in particular on foundational answers, or answers to popular questions that are seen again and again. Users can't submit questions nor answers, and there are few to no expert level articles. Further information: https://azure.microsoft.com/en-au/resources/knowledge-center/

ACG - Which companies must comply with General Data Protection Regulation (GDPR) requirements? A) Only companies that are headquartered within the European Union. B) Only companies in Europe. C) Any company in the world that has an online presence. D) Companies of any country must adhere to GDPR if their users and customers are located in the European Union.

D) Companies of any country must adhere to GDPR if their users and customers are located in the European Union. Any company that wishes to interact with users located in the European Union must adhere to the many GDPR rules around privacy. The Microsoft Trust Center has more information on how to do this within Azure. Further information: https://www.microsoft.com/en/trust-center/privacy/gdpr-overview

ACG - Which of the following are Platform-as-a-Service (PaaS) database offerings on Azure? (Choose 2) A) SQL Server Private Cloud B) SQL Server in Azure VM C) Azure MySQL Database Platform D) Cosmos DB E) Azure SQL Database

D) Cosmos DB E) Azure SQL Database Azure SQL Database is a fully managed offering which provides the option of either a hosted service (PaaS) or hosted infrastructure (IaaS). Azure Cosmos DB is a fully managed Platform-as-a-Service database offering, providing simplified management and single click global distribution. SQL Server in Azure VM is an Infrastructure-as-a-Service offering utilising Virtual Machines and SQL Server Private Cloud can depend upon both Virtual Machines and physical hardware. Azure MySQL Database Platform is not an Azure database offering. Further information: https://azure.microsoft.com/en-au/services/cosmos-db/ https://docs.microsoft.com/en-us/azure/sql-database/sql-database-paas-vs-sql-server-iaas

ACG - What does Advanced Threat Protection do? A) Protect your privacy when sharing access to Azure resources with third parties. B) Help an organization to classify and optionally, protect its documents and emails by applying labels. C) Find vulnerabilities in the data passed to an Azure service in your subscription. D) Helps you monitor user behaviour in your on-premises and cloud environments.

D) Helps you monitor user behaviour in your on-premises and cloud environments. Azure Advanced Threat Protection helps you detect and investigate security incidents across your Azure accounts both on-premises and in the cloud. It monitors users, devices and resources in terms of their behavior. If any behavior is out of the ordinary an alarm can be raised. Further information: https://azure.microsoft.com/en-au/features/azure-advanced-threat-protection/

ACG - What is a benefit of a hybrid cloud approach? A) Using alternative energy sources for powering some services can create tax benefits in some regions. B) All maintenance is handled by Microsoft Azure so it reduces support costs. C) It requires no changes to existing code or applications, allowing companies to scale their infrastructure into the cloud. D) It enables companies to use a mix of on-premises and public cloud components.

D) It enables companies to use a mix of on-premises and public cloud components. A hybrid cloud solution can offer the best of public cloud and on-premises services for many companies. A hybrid solution enables businesses to use a mix of on-premises infrastructure whilst scaling certain resources in the cloud. A hybrid architecture is not necessarily easy to adopt as applications may require significant changes to work. In a hybrid approach, you are still responsible for maintenance of your on-premises resources so this is not a benefit. In this context, hybrid cloud does not have anything to do with alternative energy, although Azure is working towards being powered by 100% renewable energy. Further information: https://azure.microsoft.com/en-au/overview/what-are-private-public-hybrid-clouds/

ACG - Which of the following is true in relation to Azure Management Groups? A) Management Groups allow you to create custom dashboards to view and analyse your cloud usage. B) Management Groups allow you to implement policy-based management for all Azure services. C) Management Groups allow you to easily create fully compliant environments and manage them. D) Management Groups allow you to apply policies with flexible hierarchies to multiple subscriptions.

D) Management Groups allow you to apply policies with flexible hierarchies to multiple subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called 'management groups' and apply your governance conditions to the management groups. For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation. Further information: https://docs.microsoft.com/en-gb/azure/governance/management-groups/overview

ACG - What is the difference between OPEX and CAPEX? A) OPEX is costs for acquiring assets. CAPEX is an ongoing cost for running a business. B) OPEX is better return on investment in the short term. CAPEX is better return on investment in the long term. C) OPEX is a cost on services you don't own, such as cloud computing. CAPEX is a cost of ownership. D) OPEX is an ongoing cost for running a business. CAPEX is the cost of acquiring assets.

D) OPEX is an ongoing cost for running a business. CAPEX is the cost of acquiring assets. Knowing the difference between OPEX and CAPEX is critical to get the best value out of Azure for your company. Capital Expenditures (CAPEX) are generally not recurring and result in the acquisition of assets, such as server hardware. Operating Expenditures (OPEX) are the ongoing costs of running a business, such as paying for cloud services on a recurring basis. By moving costs to OPEX, businesses can plan for ongoing costs rather than large investments. Further information: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/fiscal-outcomes

ACG - App Services allows you to create web, mobile, API and logic apps. In the shared responsibility model, what model is App Services aligned to? A) Software as a Service (SaaS) B) Infrastructure as a Service (IaaS) C) Hybrid as a Service D) Platform as a Service (PaaS)

D) Platform as a Service App Services aligns to the Platform as a Service Model as App Services provides a development and deployment environment, with Infrastructure components, development tools, business intelligence and database management systems all ready to go without you having to provision the individual components Further information: https://azure.microsoft.com/en-in/overview/what-is-paas/

ACG - You are looking to migrate your website to Azure and wish to make use of a service which provides a platform to build and host your website without the need to manage the underlying infrastructure. Which type of Cloud should you choose? A) Private Cloud B) Software as a Service (SaaS) C) Infrastructure as a Service (IaaS) D) Platform as a Service (PaaS)

D) Platform as a Service (PaaS) Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications, all without you having to manage any of the underlying infrastructure or services Further information: https://azure.microsoft.com/en-gb/overview/what-is-paas/

ACG - You need an Azure support plan with the fastest possible response time. Which support plan meets this requirement? A) Developer B) Free C) Basic D) Premier

D) Premier Of the available options, the Premier support plan provides the quickest response time when cases are raised. The Developer support plan only provides an eight business hour response time guarantee for minimal business impact cases (Sev C), whilst Premier provides a four business hour guarantee for minimal business impact cases (Sev C). Free is not a valid support plan and Basic does not provide response time guarantees. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - How do you sign up for a service level agreement with Azure? A) Fill out the form on the Microsoft Azure main support page. B) Call the regional support number as provided in the Azure Portal to discuss the desired level of the agreement. C) In the Azure Portal, go to the service in question and click on the "Service Level Agreement" section. D) Service level agreements are included with every Azure service automatically.

D) Service level agreements are included with every Azure service automatically. Service Level Agreements are implicit for all Azure services. You get an SLA included with every subscription level and support level. Further information: https://azure.microsoft.com/en-au/support/legal/sla/cloud-services/v1_5/

ACG - Which Azure Support Plan offers a response time for critical business impact events of less than 1 hour, at the lowest cost? A) Developer B) Premier C) Professional Direct D) Standard

D) Standard The Standard support plan includes 24x7 access to Support Engineers via email and phone. The Standard support plan is recommended for customers running Production workloads (meaning, things that are in use by the business as part of their daily processes). When these workloads are critically impacted, it's often important that Azure Support is engaged as soon as possible. This is less important for test workloads, which would be better suited for a Developer support plan. Both the Professional Direct and Premier support plans offer equal or better response times, but at a higher price. Further information: https://azure.microsoft.com/en-au/support/plans/

ACG - How are Azure subscriptions related to pricing? A) The more subscriptions you have the cheaper each service will get. B) If you lock subscriptions in for 1 or 3 years, the services within it go down in price. C) The price of a subscription depends on the location of your company or personal address. D) The billing of each service in your account is within a single subscription.

D) The billing of each service in your account is within a single subscription. Every service in your Azure account belongs to a single subscription, which is how you get billed for the usage of that service. There is no option to lock in a subscription for a discount, nor does a subscription have a location. Further information: https://techcommunity.microsoft.com/t5/Azure/Understanding-Azure-Account-Subscription-and-Directory/td-p/34800

ACG - What is the purpose of a model in AI and Machine Learning? A) A model identifies which data parameters are valid for the AI implementation. B) To make sure the application can work across platforms outside of Azure. C) To identify the limits of the implementation to keep it compliant. D) To define what you want your machine learning implementation to learn.

D) To define what you want your machine learning implementation to learn. A machine learning model defines the parameters for what you want to learn from the data provided. The model will learn from the data based on these parameters. Further information: https://azure.microsoft.com/en-au/services/machine-learning/

ACG - What is the main function of Azure Information Protection? A) Find vulnerabilities in the data passed to an Azure service in your subscription. B) Make sure that attackers can't get to the Azure services in your subscription. C) Protect your privacy when sharing access to Azure resources with third parties. D) To help an organization classify and optionally, protect its documents and emails by applying labels.

D) To help an organization classify and optionally, protect its documents and emails by applying labels. Azure Information Protection helps secure email, documents, and sensitive data inside and outside your company walls. You can classify sensitive data, track activities on shared files and documents, collaborate securely and much more. There is no active security service included, such as scanning the files being protected. Further information: https://docs.microsoft.com/en-in/azure/information-protection/ https://azure.microsoft.com/en-in/services/information-protection/

ACG - What is the purpose of a VPN Gateway? A) To balance data coming into your Azure services from an external private network. B) To manage the IP addresses for an Azure Subscription and to ensure only secure traffic is allowed. C) To make sure the connection from a Virtual Network to the Internet is secure. D) To send encrypted traffic between an Azure Virtual Network and an on-premises location over the public Internet. E) To handle any suspicious activity trying to access your Azure subscription.

D) To send encrypted traffic between an Azure Virtual Network and an on-premises location over the public Internet. A VPN Gateway is an important part of a hybrid Azure infrastructure. It allows encrypted traffic to flow between on-premises services and Azure services. A VPN Gateway does not filter traffic, monitor for malicious content or look after IP addresses. Further information: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

ACG - Your company has a large amount of documents that are both sensitive and important to a large number of people. How would you secure these documents so you can still share them, but track where they are? A) Use Advanced Threat Protection to secure and track any document or email. B) Use Azure Firewall to limit access to documents and secure email access. C) Use Azure Key Vault to provide access to the documents without sharing any credentials. D) Use Azure Information Protection to secure and track any document or email.

D) Use Azure Information Protection to secure and track any document or email. Azure Information Protection (AIP) is a cloud-based solution that helps your organization to classify and protect its documents and emails by applying labels. Azure Firewall only protects the traffic that comes in, not documents themselves. Advanced Threat Protection monitors user behaviour. Azure Key Vault protects secrets and passwords. Further information: https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection

ACG - You have a web application on Azure with a number of virtual machines to run various processes. One of these virtual machines is in charge of processing images. Which Azure service could you use to route all requests for the "/image/" URLs to this specific VM? A) Use a VPN Gateway to route URLs containing the "/image/" path. B) Implement a content delivery network to route URLs containing the "/image/" path. C) Use Azure Load Balancer to route URLs containing the "/image/" path. D) Use an Application Gateway to route URLs containing the "/image/" path.

D) Use an Application Gateway to route URLs containing the "/image/" path. An Application Gateway is used specifically for routing traffic based on parameters in the traffic itself. This could be all requests to the "/images/" path of the URL being sent to a specific VM. A VPN Gateway is used to securely connect an Azure Virtual Network with an on-premises network. A CDN does not route traffic. A Load Balancer routes all traffic without looking at it. Further information: https://docs.microsoft.com/en-us/azure/application-gateway/overview

ACG - You have been asked to migrate a Windows-based legacy on-premise application to Azure with the minimal effort possible, which compute service should you choose? A) Containers B) Blob Storage C) Serverless D) Virtual Machines

D) Virtual Machines The simplest migration approach would be to use Azure Migrate and target Virtual Machines - virtual machines have the closest similarity to the on-premise platform where the application resides. Containers and serverless would require transformations to the application before it could be migrated. Further information:

ACG - To access the Azure Portal in a web browser, what website URL do you need to visit? A) console.azure.com B) www.azureportal.com C) portal.microsoftazure.com D) portal.azure.com

D) portal.azure.com The Azure Portal can be accessed from portal.azure.com in a web browser. The other URLs will not provide access to the Azure Portal. Be careful to only log in to the portal from a legitimate address. Further information: https://portal.azure.com

ACG - What are the valid destination services for Azure Database Migration Service? (Choose 3) A) Microsoft SQL Server. B) Azure Data Lake. C) HDInsight. D) Azure SQL. E) Azure SQL server. F) Cosmos DB.

D, E, F Database Migration Service on Azure has a range of destinations that you can migrate your data to. These include Azure SQL, Azure SQL Server and Cosmos DB. At present there is no support for big data services such as Azure Data Lake or HDInsight. Further information: https://azure.microsoft.com/en-au/services/database-migration/ https://docs.microsoft.com/en-au/azure/dms/dms-tools-matrix