Azure 900 Study Cards - Describe Azure Architecture and Services
How many subscriptions? Your company has three departments and two azure admins. Both admins manage all departments. Each department must receive an Azure bill.
Three
Y/N: Locking a resource group as read-only locks all resources contained in the group.
Yes
Y/N: Resources can interact with other resources in a different resource group.
Yes
Y/N: You can add a resource to or remove a resource from a resource group as long as the resource group is not locked.
Yes
T/F: A container requires you to configure the host virtual machine.
FALSE
T/F: A container requires you to manually install dependencies.
FALSE
T/F: A shared access signature (SAS) is required to access Azure Files.
FALSE
T/F: A subscription can have only one license.
FALSE
T/F: A user can only be given access to one subscription.
FALSE
T/F: Authorization can use passwords to identify a person.
FALSE
T/F: Azure AD authentication and authorization support requires integration with an on-premises AD.
FALSE
T/F: Azure DDoS Protection Standard is enabled automatically.
FALSE
T/F: Configuring peering requires a short downtime for the peered virtual networks.
FALSE
T/F: Microsoft Defender for Cloud support is limited to Windows Operating Systems only.
FALSE
T/F: Regions can span countries.
FALSE
T/F: Regions represent physical datacenters.
FALSE
T/F: Traffic between peered virtual networks (Vnets) is routed over the public internet.
FALSE
T/F: You are charged for the use of AVD on a monthly basis accordingly by active users.
FALSE
Subscription Type: You want to evaluate Azure app services for six months.
Free
You want to use on-premises directory synchronization. Which license?
Free
It stores three data copies in each of two regions. Redundancy option?
Geo-redundant storage (GRS)
You want on-premises users to be able to reset their own passwords. Which license?
Premium
You want to publish on-premises web apps using the Azure AD. Which license?
Premium
It allows replicated data to be accessed in two zones. Redundancy option?
Read-access GRS (RA-GRS)
What is the purpose of a resource group?
It serves as a container for Azure resources like VMs and web apps.
Incurs penalties for data deleted within 30 days. Blob access tier?
Cool
What three authentication types are supported by both SSPR (Self-service password reset) and MFA (multi-factor authentication)?
"SMS, Password, and Voice Call"
"Your azure cloud implementation has been initially seeded with 100TB of data. As the migration continues, you need to periodically migrate data to Azure using Server Message Block (SMB). Which two solutions should you use to meet this requirement?
" Azure Data Box Gateway or Azure Files
"Your company is planning a deployment using Azure Database for PostgreSQL. The deployment should meet the following requirements: up to 10 TB storage, Azure Premium Storage, Point-in-time-restore for up to 35 days. Select appropriate deployment and pricing tier to meet requirements and minimize cost.
" Azure Database for PostgreSQL Single Server General Purpose tier
"Includes the abstraction of servers, infrastructure, and operating systems.
" Azure Functions
"Cost-effective, serverless database with an intermittent usage pattern and a low compute utilization over time. Resource?
" Azure SQL Database
"Includes a virtual processor, memory, storage, and networking resources.
" Azure Virtual Machine (VM)
"Migrate a workload from an on-premises Hyper-V host to Azure, still retaining full control over the OS. Resource?
" Azure Virtual Machine (VM)
"You need to ensure that your database can scale horizontally and support query parallelization for faster responses on a large dataset, without your team's involvement in database or operating system management. Which deployment option of PostgreSQL in Azure should you use?
" Azure database for PostgreSQL Hyperscale (Citus)
"Is a lightweight, virtualized application environment.
" Container Instances
"A company wants to hosts data disks in the Azure cloud. The data disks must be available to other on-premises machines running windows, Linux, and macOS using network sharing via server message block (SMB) protocol. Data must be secure both at rest and in-transit. What storage product should you use?
" File storage
"You need a security solution that helps provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. What should you use?
" Key Vault
"You deploy a business critical solution in Azure. You need to ensure that your resources are replicated and hosted at least 200 miles away within the same geographic area, to minimize impact on your solution's availability in case of disaster. Which configuration option should you use?
" Region pairs
"A company is deploying a critical business application on two virtual machines. The development needs to support: highly available access, separate fault and update zones, and minimal latency between instances. Most users who need to access the application are in the Azure East US 2 region. Which configuration should the company use to deploy the solution?
" Separate availability zones
"T/F: Azure DDoS Protection Standard provides protection against volumetric, protocol, and application layer attacks.
" TRUE
"T/F: Microsoft Defender for Cloud supports monitoring, security recommendations, and advanced threat protection for cloud and on-premises virtual machine (VM) resources.
" TRUE
"Creating highly portable, scalable app instances that include binaries and libraries required to run can be done using _____________.
" containers
"You need to ensure consistent performance for users who access your application, which runs on customized Linux virtual machines. What should you use to provision virtual machines automatically?
" scale sets
"A __________ storage account supports Blob, Queue, and Table storage services.
" standard general-purpose v2
What is the maximum length of time you can use the credits from an Azure free subscription before it expires?
30 days
How do you meet the requirement to configure virtual machines to scale vertically?
Add compute and memory resources to each virtual machine
Incurs the highest rehydration cost. Blob access tier?
Archive
Is not available at the account level. Blob access tier?
Archive
Deploy a web application using Platform-as-a-Service (PaaS) for scalability and security. Resource?
Azure App Service
____________ enables you to perform automated deployments from Azure DevOps.
Azure App Service
Which Azure database product supports key-value and document data a models and provides native support for noSQL?
Azure Cosmos DB
Azure Virtual Network (VNet) with internet facing servers. You need to implement a solution that: detects and automatically tries to mitigate attacks. And generates alerts when an active attack is underway. What is the best option to implement your solution?
Azure DDoS Protection Standard
Your company is considering using Linux-based Azure Container Instances (ACIs) to deploy a simple application. The application runs as a stateful application. You need to provide storage to retrieve and persist state. What type storage should you use?
Azure Files
You want to create a rule that restricts network traffic across subscriptions. What resource to deploy?
Azure Firewall
Build an event-driven solution and pay only for the time spent running your code. Resource?
Azure Functions
A company wants to expand its cloud presences by deploying additional resources to Azure. The company plans to use templates based on existing resources to automate the deployment process. Ensuring consistent deployment is critical. What should the company use?
Azure Resource Manager
Life-and-shift of on-premises SQL Server with minimal changes to an Azure Platform-as-a-Service (PaaS) solution
Azure SQL Managed Instance
Which two solutions should you use to transfer an on-premises virtual hard disk (VHD) to Azure?
Azure Storage Explorer or AZCopy
What features are supported by Azure AD Premium P1 edition?
Conditional Access and Role-based access control (RBAC)
You need to bring Azure Storage into your virtual network with a dedicated IP address. Which solution should you use?
Create a private endpoint with Azure Private Link.
You manage a development team that needs to focus all its efforts on creating and maintaining application code. Your team does not have the resources to provision and sale the infrastructure your applications require to run. What should you do?
Create an Azure Functions subscription and upload your code.
You want to prevent a malicious flood of HTTP traffic to a VM that hosts Internet Information Services (IIS). What resource to deploy?
Distributed Denial-of-Service (DDoS) Protection
Subscription Type: You want to purchase Azure VMs and software licenses under one agreement.
Enterprise
It stores all replicas in one data center. Redundancy option?
Locally redundant storage (LRS)
You want to allow inbound traffic to an Azure VM from only specific IP addresses. What resource to deploy?
Network Security Group (NSG)
Azure Virtual Network (VNet) with internet facing servers. You need to implement detailed controls over the types of connections supported between the web servers and database servers. You want to minimize the efforts and costs necessary to implement and maintain your solution. Which two technologies should you include in your solution?
Network Security Group (NSG) or Application Security Groups (ASGs)
Y/N: A resource group can contain resources from the same region as the resource group only.
No
How many subscriptions? Your company has two divisions and two azure admins. Each admin is responsible for a division. The company must receive one Azure bill.
One
Subscription Type: You want to evaluate Azure virtual machines for 18 months.
Pay as you go
Fast migration of SQL Server from on-premises to Azure with retention of operating system access. Resource?
SQL Server on Azure VMs
T/F: A VNet is created within the scope of a region.
TRUE
T/F: A container can be accessed over the internet by IP address or domain name.
TRUE
T/F: A container can run on Windows or Linux.
TRUE
T/F: A container can scale out as needed.
TRUE
T/F: A container represents a single app and its dependencies.
TRUE
T/F: A subscription can contain one or more resource groups.
TRUE
T/F: AVD supports Remote Desktop clients on MacOS and iOS.
TRUE
T/F: AVD users should exist in the same Windows Server Active Directory (AD) that is linked to Azure AD.
TRUE
T/F: Authentication can use certificates to identify a person or service.
TRUE
T/F: Authentication ensures that the user name and password combination is correct.
TRUE
T/F: Authorization ensures that an account has sufficient permissions to access a resource.
TRUE
T/F: Azure AD supports authorization through the use of role-based access control (RBAC).
TRUE
T/F: Azure Files can be accessed using the Network File System (NFS) protocol.
TRUE
T/F: Azure Files can be accessed using the Server Message Block (SMB) protocol.
TRUE
T/F: ExpressRoute traffic is routed through a private connection.
TRUE
T/F: Microsoft Defender for Cloud can automatically discover and assess security for new Azure resources as they are deployed.
TRUE
T/F: Microsoft Defender for Cloud provides native integration with Microsoft Defender Antivirus in Windows.
TRUE
T/F: Multiple subscriptions can be owned by a single organization.
TRUE
T/F: Quotas for resources in Azure Resource Groups are per region rather than per subscription.
TRUE
T/F: Regions are always paired with other regions.
TRUE
T/F: Regions contain one or more datacenters.
TRUE
T/F: Regions specify the location of resources.
TRUE
T/F: Virtual network peering can be used to connect virtual networks across Azure regions.
TRUE
T/F: Virtual network peering can be used to transfer data between Azure Active Directory (Azure AD) tenants.
TRUE
T/F: Virtual networks from multiple subscriptions in your organization can link to the same Azure DDoS Protection plan.
TRUE
T/F: Web apps must be registered with Azure AD to support Authentication and authorization services.
TRUE
T/F: You can transfer an existing subscription to a new Azure Active Directory (AD) tenant.
TRUE
How many subscriptions? Your company has two physical locations and one Azure admin. The admin manages both locations. Each location must receive a bill.
Two
What two options can you use to connect Azure Virtual Networks (Vnets) to each other?
VNet Peering or VPN Gateways
Management groups let you organize multiple _________.
subscriptions as a single management entity to facilitate easier management.