AZ900 - Final Pluralsight Review Set
How many update domains can you configure with each availability set using ARM. 2 3 4 5 10 20 30 40
20
How many fault domains can you configure with each availability set using ARM. 2 3 4 5 10 20 30 40
3
Which one best describes an Azure Region? A geographical area containing more than one datacenter in close proximity networed otgether with a low-latency network. A geographical area containing one or more datacenters networked together with a low-latency network and are in close proximity.
A geographical area containing one or more datacenters networked together with a low-latency network and are in close proximity.
What is an Azure Blob? A hug scalable object store for binary text data. Supports big data analytics through Data Lake Storage Gen 2. Block-level storage volumes for Azure VMs
A hug scalable object store for binary text data. Supports big data analytics through Data Lake Storage Gen 2.
What is a page blob attribute?
A type of Blob that stores VHD files and serve as disks for Azure VMs
What is a Blobfuse?
A virtual file system driver that accesses the block blob data in the Storage account through the Linux file system.
A company is using containers for deploying all of its web applications. During a security audit, you notice the Microsoft Defender for Cloud is not being used properly to provide misconfigurations related to containers. For which resouce can you not use Microsoft Defender for Cloud to secure containers? Azure Container Registry Container Hosts (Docker) AKS ACI
ACI
Locally they have installed Docker on Windows 10 machines. What is the best solution to enabled an environment for testing? ACI Azure Functions VM AKS
ACI
What are three advantages of running ACI as a sandbox. ACI offers RBAC ACI allows fast creation of VMs ACI automatically scales to meet high demand ACI can access Linux containers You can access containers directly from a URL.
ACI offers RBAC ACI can access Linux containers You can access containers directly from a URL.
You're being asked to configure the authentication and authorization for the company's sales app that being deployed as a web appl. Only AD authenticated reps should be using the app and the sales team would like a SSO experience. What technologies will be required to accomplish the request configuration (3) AD Domain Services Microsoft Acct Auth Azure AD Oath 2.0 Active Directory Federated Services
AD Domain Services Azure AD Active Directory Federated Services
Is Coordinated applicaiton upgrades an ACI or AKS feature?
AKS
What 4 items from an Azure Blueprint are avaialble? ARM Templates Role Assignment Azure containers Resource groups Policy assignment on Azure resources
ARM Templates Role Assignment Resource groups Policy assignment on Azure resources
What steps would you complete in the Portal to harden your subsription?
Advisor/All Services/ Advisor (Monitoring + Mgmt.)/ Security / Threat Protection / Performance
What are two things true about Azure locks? A user with appropriate permissions to modify or delete a resource can override an Azure lock. Applying an Azure lock to a parent scope enforces the lock on the resources within the scope. Only owner and User Access Admin. roles are granted permissions to create or delete Azure locks. A CanNotModify lock prevents a user from modifying a resources, but the user is able to delete the resource.
Applying an Azure lock to a parent scope enforces the lock on the resources within the scope. Only owner and User Access Admin. roles are granted permissions to create or delete Azure locks.
You want a users attempts to sign into AD to be monitored by Microsoft? SSO Conditional Access AD MFA Azure AD Connect
Azure AD Connect
You would like to address security issues surrounding the use of admin. permissions. What tool would you use? Azure AD Privileged Identity Management Credential Manager Azure AD Identity protection
Azure AD Privileged Identity Management
What service would you use that can be used to Automatically detect performance anomalies and help diagnose issues by using powerful analytics tools? Azure Databricks Azure Log Analytics Azure Service Health Azure Application Insights
Azure Application Insights
Which service executes code in almost all modern languages? Serverless Computing Azure Functions Azure Logic Apps
Azure Functions
What service would you use to review the logs and show details for the network security group blocked flows in the last hour? Azure Application Insights Azure Service Health Azure Security Center Azure Log Analytics
Azure Log Analytics
What application is designed in a web-based designer and can execute logic triggered by Azure services without writing any code? Serverless Computing Azure Functions Azure Logic Apps
Azure Logic Apps
What administrative tools are best to perform repeatable testing, management and administration tasks? ARM templates Azure PowerShell Azure Portal Azure Arc Azure CLI
Azure PowerShell Azure CLI
Which two items are true statements regarding Azure Trust Center? Azure is K-ISMS certified Customers who are not GDPR-compliant can be fined up to 4% of their annual global turnover not exceeding 20 million euros. Azure Trust Center is built on 3 foundational principles of trust. Azure Sentinel is a compliance management tool available within Trust Center.
Azure is K-ISMS certified Customers who are not GDPR-compliant can be fined up to 4% of their annual global turnover not exceeding 20 million euros.
Your org has Azure AD environment and recently outsourced their application development work. The vendor they are using has an Azure AD setup. You want to collaborate with the vendor's users using Teams Connect shared channels feature. Which capabilites of exteneral identities should you use? B2B direct connect Microsoft Teams Azure AD B2C B2B Collaboration
B2B direct connect
What best practice is used to track the health and performance of individual components for any investigations or debugging? Setup actionable alerts to notify and remediate Bucket related resources in resource groups
Bucket related resources in resource groups
What is dynamicThrottlesEnabled setting perform?
Check system performance counters like connections, threads, processes, memory and CU
Microsoft's physical infrastructure spans 60 regions across 140 countries and consists of hardware and systems located across multiple datacenters. Which approach does Microsoft use in its datacenters to be carbon negative, create a resilient supply change and anticipate growth?
Circular Centers
What is the correct order for creating an Azure File Synch Service? Create synch group Create Storage Synch Service Install and configure Azure File sync on server Register server and create endpoint Synch to the specified Azure file share
Create Storage Synch Service Create synch group Install and configure Azure File sync on server Register server and create endpoint Synch to the specified Azure file share
The N Corporation has a partnership with the V Corp. Both N and V have MFA capabilities. A user at V needs access to an application in N named the AT application. Which of the following should you configure to ensure that this person can access the AT application. Create a policy name MFA on the AT application under Conditional Access. Under Controls choose require MFA auth. and allow access. Create a policy named MFA policy on the At application under Conditional Access. Under Conditions, choose require MFA auth. under Allow access. Configure MFA access for the At application in V. Ensure that N has sufficient Premium Azure AD licenses that support MFA. Ensure that V has sufficient Premium Azure AD licenses that support MFA. Configure MFA access for the At application in N.
Create a policy name MFA on the AT application under Conditional Access. Under Controls choose require MFA auth. and allow access. Ensure that N has sufficient Premium Azure AD licenses that support MFA. Configure MFA access for the At application in N.
What is the correct policy process for enabling MFA for a fictious company? Create a policy named MFA and under Conditional Access / Controls, choose Require MFA under Allow access Create a policy named MFA and under Conditional Access. Under conditions, chose require MFA and Allow access
Create a policy named MFA and under Conditional Access. Under conditions, chose require MFA and Allow access
What type of device should you use for a Microsoft Auth App? Dedicated non windows devices Dedicated windows 10 computers Shared devices, tablets and mobile devices. Kiosks and shared computers
Dedicated non windows devices Shared devices, tablets and mobile devices.
What type of device should you use for a Windows Hello for Business passwordless authentication device? Dedicated non windows devices Dedicated windows 10 computers Shared devices, tablets and mobile devices. Kiosks and shared computers
Dedicated windows 10 computers
What does a matchCondition setting do?
Define a single API service for multiple function apps.
What are 3 statements about ingress and egress data in Azure that are True? Different ingress and egress data charges apply to VNet peering between the same Azure region and different Azure regions. Both ingress and egress data charges apply to VNet peering. Both ingress and egress data charges apply for metered Azure ExpressRoute plan Ingress to Azure datacenters form on-premises environments is not charged. For site-to-site and point-to-site VPN connections, the first 5 GB of data transfer are exempt from monthly charges for egress data.
Different ingress and egress data charges apply to VNet peering between the same Azure region and different Azure regions. Both ingress and egress data charges apply to VNet peering. Ingress to Azure datacenters form on-premises environments is not charged. For site-to-site and point-to-site VPN connections, the first 5 GB of data transfer are exempt from monthly charges for egress data.
Your company has to react quickly when cloud services have to rapidly allocate and deallocate resources. These resources need to be provided on demand via self-service so that vast amounts of computing resources can be provisioned in minutes. There will be no manual intervention in provisioning and deprovisioning services. Scalability Elasticity Agility
Elasticity
Are application level controls the customer responsibility in a SaaS offering? True/False
False
Azure Container Services is an IaaS in which you can upload containers that run on the platform? (True|False)
False
Azure Migrate provides a decentralized hub to assess and migrate on-premises servers, applications and data to Azure (True/False)
False
Can you create multiple private endpoints on the same or different subnets within the same virtual network? (True|False)
False
Can you see all alert instances in your Azure resources generated in the last 7 days on the Alerts page? (True/False)
False
Do you need a Data Disk to create a VM? (True|False)
False
Do you pay for extra computing power when needed on a public cloud offering? (True/False)
False
Ephemeral OS disks support the Azure Disk Encrypytion and Azure Backup features (True/False)
False
Is the Azure portal menu is always visible in flyout mode? (True/False)
False
Is the service provider responsible for Network controls in an IaaS environment? (True/False)
False
Over a private endpoint connection, a private link owner cannot delete a private endpoint connection in any state. (True/False)
False
When the portal menu is in docked mode, it's hidden until you need it? (True/False)
False
Within a public cloud environment, do you have to pay for extra computing power when needed? (True|False)
False
You can manage both Docker and Microsoft-based containers using only ACI? (True/False)
False
Is the maximum number of allowed initiative definitions for a tenant 100? (True|False)
False Initiative definitions for a tenant can be up to 1,000.
Do you pay for extra computing power when needed in a public or private cloud? (True/False)
False Only hybrid
Which of the following statements about Azure Policy are True? A new Policy Definition can be added from PowerShell by using the New-PolicyDefinition cmdlet. Guest configuration users Desired State Configuration v2 to audit the settings of a Windows virtual machine. A virtual machine that does not log into a specific Log Analytics workspace is deemed non-compliant. Remediation tasks created to remediate non-compliant resources use the Audit Policy effect. A Policy Definition is a collection of Initiative Definitions that achieve a common goal.
Guest configuration users Desired State Configuration v2 to audit the settings of a Windows virtual machine. A virtual machine that does not log into a specific Log Analytics workspace is deemed non-compliant.
Which best practice improves the use of role-based dashboards and workbooks for reporting? Improve the response time and quality of the incident management process. Improve the response time and quality of the support functions.
Improve the response time and quality of the support functions.
What type of device should you use for a FIDO-2 compliant Security Keys? Dedicated non windows devices Dedicated windows 10 computers Shared devices, tablets and mobile devices. Kiosks and shared computers
Kiosks and shared computers
What is the top-down hierarchy of the organization in Azure? Resources Resource Groups Subscriptions Management Groups
Management Groups Subscriptions Resource Groups Resources
What is a premium File Shares
Microsoft recommends this type of storage account for enterprise or high-performance scale applications. This account type also supports SMB and NFS shares.
What is a premium block blobs?
Microsoft recommends this type of storage account for scenarios with high transaction rates or smaller objects, or that require consistently low storage latency.
Does AKS contain persistent storage?
No -ACI does.
What type of device should you use for a one-time password sign-in? Dedicated windows 10 computers Shared devices, tablets and mobile devices. Kiosks and shared computers
None of the these should be used.
Which of the following statements about Azure virtual machines are true? OS disks on VMs can be resized Existing VMs can be added to availability sets Virtual machines use virtual hard disks to store their OS and data VMs in a stopped state do not incur compute charges VMs in a Deallocates state do not incur compute costs.
OS disks on VMs can be resized Virtual machines use virtual hard disks to store their OS and data VMs in a Deallocates state do not incur compute costs.
You want to import 50 TB of data from an on-premises file server and plan to use Azure Data Box. In which of the following scenarios can you use Azure Data Box to import data to Azure? DR Security Requirements Migrate back to on-premises Periodic Uploads Onetime Migration Initial Bulk Transfer
Periodic Uploads Onetime Migration Initial Bulk Transfer
Which of the following are features available from Azure Service Health? Personalized dashboard to report service health and issues Get RCA and downloadable explanations for ongoing service health issues. Custom alerts to notify about service incidents, planned maintenance and health advisories. Integration with ServiceNow using a webhook. Archive service health event history.
Personalized dashboard to report service health and issues
Which of the following statements best describes availability zone? A geographical area containing at least one, but potentialy multiple, datacenters that are in close proximity and networked together with a low-latency network. A discreate market typically containing two or more regions that preservces data residency and compliance boundaries. Physically separate locations within an Azure region.
Physically separate locations within an Azure region.
When would you use a premium File Shares?
Recommended this type of storage account for enterprise or high-performance scale applications. This account type also supports SMB and NFS shares.
Which of the following items are true regarding Remote Desktop Services and Windows Server desktops? Remote Clients cannot run the IOS operating system Remote clients cannot run the RemoteApp and Desktop Connections (RADC) client Remote clients cannot run the Remote Desktop Connection (MSTSC) client Remote clients cannot run the Android operating system.
Remote clients cannot run the RemoteApp and Desktop Connections (RADC) client Remote clients cannot run the Remote Desktop Connection (MSTSC) client
What is the difference between Azure RBAC and Azure AD administrator roles? Scope can be specified at multiple levels (subscription, resource group, resource) Manage access to Azure AD resources Manage access to Azure resources Role information can be access in Azure CLI Role information can be access in Microsoft Graph
Role information can be access in Azure CLI Scope can be specified at multiple levels (subscription, resource group, resource) Manage access to Azure AD resources Manage access to Azure resources
Your company needs to increase or decrease resources for a workload. You need to provide additional resources to service a workload or add additional capabilities to manage an increase in demand to the existing resources. The provision of additional resources does not have to be done automatically. Scalability Elasticity Agility
Scalability
Which of the following do you not need to define a local network gateway (2)? Express Route Site-to-site VPN point to site Vnet to Vnet
Site-to-site VPN Vnet to Vnet
Which of the following are turn regarding Azure App Service? If an Apps Memory quota is exceeded, the app is stopped. The per-app scaling setting is available for Shared, Premium, Premium V2 and Isolated pricing tiers. The dedicated compute premium pricing tier of App Service can host up to 100 hybrid connections. Only apps hosted on Dedicated Computer Premium pricing tier or higher can be restroed from snapshots.
The dedicated compute premium pricing tier of App Service can host up to 100 hybrid connections. Only apps hosted on Dedicated Computer Premium pricing tier or higher can be restroed from snapshots.
What are 3 benefits/features to move to Azure DevTest labs that will be useful for developers? Track Costs on VM Resources Base Azure VM Images ARM Templates Collect Security logs from operating systems Automatically build and test code projects
Track Costs on VM Resources Base Azure VM Images ARM Templates
Which of the following statements about Azure RBAC is not true? Up to 5,000 custom roles can be created per Azure AD The owner role has full access to all resources Deny assignments block users from performing specific Azure resource actions. Transferring a subscription to a different Azure AD tenant permanently deletes all role assignments from the source Azure AD tenant and migrates the role assignments to the target Azure tenant.
Transferring a subscription to a different Azure AD tenant permanently deletes all role assignments from the source Azure AD tenant and migrates the role assignments to the target Azure tenant.
Are Service principals used to securely log in to the Azure CLI? (True/False)
True
Azure Arc clarifies governance and management by delivering multi-cloud services and an on-premises management platform. (True/False)
True
Azure Container Services is an PaaS in which you can upload containers that run on the platform? (True|False)
True
Azure Migrate provides a range of tools for assessment and migration including Azure Migrate: Discovery and assessment and Azure Migrate: Server migration (True/False)
True
Can ACI be run on Linux and Windows? (True|False)
True
Can Alerts from Azure Monitor proactively notify you of critical conditions and can take corrective action? (True/False)
True
Can Invoice Manager role that's available for Cost Management for customers with a MCA be used to review Azure costs? (True/False)
True
Can the Azure home page be customized? (True/False)
True
Can you customize the Azure Dashboard and share these changes with others in your organization? (True/False)
True
Can you set the user response of an alert to specify where it is in the resolution process? (True/False)
True
Customers interested in migrating from on-premises deployments to Azure must focus their calculations on the Compute, Storage, and Network requirements on Azure in order to evaluate the costs accurately? (True|False)
True
Do you need a storage account to create a VM? (True/False)
True
Do you need an Operating Disk to create a VM? (True/False)
True
Ephemeral OS disks cannot be resized after they are provisioned (True/False)
True
Is Client and end-point protection the customers responsibility within SaaS, PaaS and IaaS solutions? (True|False)
True
Is Scalability an advantage across Public, Private and Hybrid cloud solutions? (True|False)
True
Is having eligible licenses for SQL Server, Exchange, Windows Server and active Software Assurance a Hybrid Benefit? (True/False)
True
You can manage both Docker and Microsoft-based containers using ACI and AKS? (True/False)
True
You cannot customize the Home page in Azure portal, but you can choose whether to see Home or Dashboard as your default view. (True|False)
True
When would you reccmend using Premium page blobs?
Use only for page blobs.
Which of the following statements (4) about Azure VPN Gateway are true? User-defined routes must be configured in the virtual network to ensure that traffic is routed properly between the on-premises networks and virtual network subnets. A VPN Gateway can be assigned a static IP address provided by Microsoft Azure Support. BGP can be used Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers. Azure generates different IP/sec/IKI pre-shared keys for different VPN connections created for the same virtual network. Azure VPN Gateways support 16-bit ASNs.
User-defined routes must be configured in the virtual network to ensure that traffic is routed properly between the on-premises networks and virtual network subnets. Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers. Azure generates different IP/sec/IKI pre-shared keys for different VPN connections created for the same virtual network. Azure VPN Gateways support 16-bit ASNs.
Your company is planning on developing new software applications, deploying new virtual machines and implementing Microsoft 365. Your company plans on using the PaaS model. Which of the following are advantages of using PaaS (Choose 3) Users can customize vendors dev tools. Users have no CapEx or Expenses. This is the most flexible cloud model Users do not need to configure servers for running applications.
Users have no CapEx or Expenses. Users can customize vendors dev tools. Users do not need to configure servers for running applications.
You need to delete a resource group, which two statements are true? Resources are always deleted in chronological order, from newest to oldest. When the managedBy property is set on a resource, the managing resource is deleted before the resource it manages. When a delete operation returns an error, Resource Manager retries the DELETE call. When the managedBy property is set on a resource, the resource being managed is deleted before the managing resource.
When the managedBy property is set on a resource, the managing resource is deleted before the resource it manages. When a delete operation returns an error, Resource Manager retries the DELETE call.
What is a durable function?
Write stateful functions in a serverless compute environment.
Which of the following actions can you configure when CPU usages rises above a designiated threshold? Run a batch file call a webhook start execution of an Azure runbook call a performance monitor counter send email notifications execute a PowerShell script
call a webhook start execution of an Azure runbook send email notifications