Azure study cards

¡Supera tus tareas y exámenes ahora con Quizwiz!

Azure kubernetes

(AKS) makes deploying and managing containerized apps easy. offer server less kubernetes, an integrated continuous integration and continuous delivery(ci/cd) experience, and enterprise grade security and governance. unite development and operations team to single platform to rapidly build, deliver, and scale applications with confidence.

A company wants to try out some services which are being offered by Microsoft Azure in Public Preview. Do the services in Public Preview within Azure come with an SLA?

. No, because previews are provided "as-is," "with all faults," and "as available," and are excluded from the service level agreements and limited warranty. For more information, please visit: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

professional direct plan

24/7 support email and phone

premier plan

24/7 support via email and phone

A company wants to setup resources within Microsoft Azure. They want a way to manage identities within Azure. Which of the following is used as an Identity Management solution in Azure?

Azure AD is correct because Azure Active Directory is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources in: External resources, such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications. Internal resources, such as apps on your corporate network and intranet, along with any cloud apps developed by your own organization.

PaaS

Containers-unstructured data(text/binary), block blobs, page blobs, append blobs Tables- No SQL data store-structured data, dynamic scaling based on load, scales to petabytes of data, fast key/value lookups Queue-storage and retrieve messages, highly scalable, messages can be processed ansynchronously

IoT

Microsoft IOT Central- is Saas to connect monitor, manage assets Azure IoT hub- managed service, central message hub, bidrectional communication

fault tolerance

Microsoft/hardware/giant datacenter

You are trying to understand the different cloud models. Which of the following are advantages of using a hybrid cloud model? Choose 2 answers from the options give below

better control, more flexibility

devOps service(choose all or what is needed) -azure boards

deliver value to users faster using proven agile tools to plan, track, discuss work with teams.

Azure Content Delivery Network (CDN)

is incorrect because it lets you reduce load times, save bandwidth, and speed responsiveness—whether you're developing or managing websites or mobile apps, or encoding and distributing streaming media, gaming software, firmware updates, or IoT endpoints.

alternative support

microsoft developer network azure forums(msdn) stack overflow server fault microsoft azure general feedback @azuresupport

basic plan

no technical support

capex

on Prem hardware, building, upfront costs that devalue over time

consumption based model

pay for what you use with no upfront investment

azure cost mgt.

reporting, data enrichment, budgets, alerting, recommencations

azure multi factor authentication

two or more elements for full authentication: something you know, something you possess, something you are

A company is planning on setting up a solution on the Azure platform. The solution has the following main key requirement - Provide a managed toolset that could be used to manage and scale container-based applications Which of the following would be best suited for this requirement?

with the Azure Kubernetes service

Azure Virtual Machines

would be incorrect because Azure Virtual Machines are one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer.

Microsoft Azure services normally follow the below life-cycle: - 1st they are deployed in private preview - 2nd they are released in public preview - finally they are finally released to general availability Is this an accurate life cycle for an Azure service?

yes

opex

cloud is open monthly bill, pay as you go, billed immediately

advantages of hybrid cloud

-control- your org can maintain a private infrastructure for sensitive assets -flexibility-you can take advantage of additional resources in the public cloud when you need them -cost effective-scale to public cloud, you pay for extra computing power only when needed ease-transitioning to cloud is not overwhelming and can be gradual phasing in workloads overtime

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Allows the hosting of web-based applications Which of the following would be best suited for this requirement?

. Azure App Service is a fully managed "Platform as a Service" (PaaS) that integrates Microsoft Azure Websites (hosting of web-based applications), Mobile Services, and BizTalk Services into a single service, adding new capabilities that enable integration with on-premises or cloud systems.

A company wants to have an Enterprise messaging solution integrated with their existing application hosted within Microsoft Azure.

. Service bus because Microsoft Azure Service Bus is a fully managed enterprise integration message broker. Service Bus can decouple applications and services. Service Bus offers a reliable and secure platform for asynchronous transfer of data and state. Data is transferred between different applications and services using messages. A message is in binary format and can contain JSON, XML, or just text. For more information, see Integration Services. Some common messaging scenarios are: Messaging. Transfer business data, such as sales or purchase orders, journals, or inventory movements. Decouple applications. Improve reliability and scalability of applications and services. Client and service don't have to be online at the same time. Topics and subscriptions. Enable 1:n relationships between publishers and subscribers. Message sessions. Implement workflows that require message ordering or message deferral.

azure benefits

1. availability-shared responsibility guarenteed sla -zone-diferent regions, ensures if outage in certain building region. 99.99% SLA -set-multiple hardware, if only subset of hardware or software has issues only part of it is affected. two or more vm's in one data center.99.5% SLA so if one goes down the other is there. 2. scalibililty- add more memory, solve problem on server. can scale out by adding more servers. run query with more hp or cpu will scale up 3. elasticity-cloud technology and do it automatically, dynamic scalability based on seasonality in business. up, out, up down

An IT Engineer needs to create a Virtual Machine within Microsoft Azure. Currently the IT Engineer has a Windows desktop and has installed the Azure Command Line interface. From which of the following could the IT engineer use the Azure Command Line Interface? Choose 2 answers from the options given below

A & C because the Azure command-line interface (CLI) is Microsoft's cross-platform command-line experience for managing Azure resources. The Azure CLI is designed to be easy to learn and get started with, but powerful enough to be a great tool for building custom automation to use Azure resources. Azure PowerShell is a set of cmdlets that allow for manging Azure resources directly from the PowerShell command line. Azure PowerShell is designed to make it easy to learn and get started with, but provides powerful features for automation. Written in .NET Standard, Azure PowerShell works with PowerShell 5.1 on Windows, and PowerShell 6.x and higher on all platforms.

Whom amongst the following can use the services offered as part of "Azure Germany"?

All customers who intend to do business in Europe because:Microsoft Azure Germany is built on the Microsoft "trusted cloud" principles of security, privacy, compliance, and transparency. It brings data residency, in transit and at rest in Germany, and data replication across German datacenters for business continuity. Azure connects businesses to a global cloud with local services that help accelerate new investments, technology access, and innovation. Our new Frankfurt and Berlin datacenter regions will join 54 Azure datacenter regions with more than 130 edge node locations and 70,000 miles of fiber and undersea cable systems. Microsoft is committed to building security and compliance into our offerings from the ground up. Azure Germany meets relevant privacy certifications, including ISO/IEC 27018 for protection of personal data in the cloud, the EU/US Privacy Shield, and the European Union's General Data Protection Regulation (GDPR). For more information, please visit: https://docs.microsoft.com/en-us/azure/germany/ and https://azure.microsoft.com/en-us/global-infrastructure/germany/

A company has just setup an Azure subscription and an Azure tenant. They want to start deploying resources on the Azure platform. They want to implement a way to logically group the resources. Which of the following could be used for this requirement?

Azure resource groups

A company has just setup an Azure subscription and an Azure tenant. They want to start deploying resources on the Azure platform. They want to use a platform that could be used to create and update the resources within the Azure subscription. Which of the following could be used for this requirement?

Azure resource manager

A company has just setup an Azure subscription and an Azure tenant. They want to implement strict policies when it comes to the security of Azure resources. They want to implement the following requirements: "Ensure that the Virtual Machine Administrator team can only deploy virtual machines and their dependent resources." Which of the following could be used to fulfill the below requirement?

Azure role based access control- you can deploy the admin to one group and just provide the role for virtual machine access Azure identity protection is not correct since it is used to protect AD identities azure policies is not correct is not correct since it is used oto govern resources in azure azure locks is not correct since this is used to protect azure resources from users accidentally updating or deleting azure resources

A company needs to store 2TB of data that will be infrequently used. The data needs to be accessed via PowerBI. Choose 2 of the following options the company should consider as cost-effective data storage solutions to fulfill this need.

B & E are correct because Azure Synapse Analytics is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics. It gives you the freedom to query data on your terms, using either serverless on-demand or provisioned resources—at scale. Azure Synapse brings these two worlds together with a unified experience to ingest, prepare, manage, and serve data for immediate BI and machine learning needs For more information, please reference: https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-what-is Azure Data Lake is a highly scalable public cloud service that allows developers, scientists, business professionals and other Microsoft customers to gain insight from large, complex data sets. As with most data lake offerings, the service is composed of two parts: data storage and data analytics.

An IT Engineer needs to create a Virtual Machine in Microsoft Azure. Currently the IT Engineer has an Android OS based workstation. Which of the following can the IT Engineer use to create the desired Virtual Machine in Azure?

B. Azure Cloud Shell is correct because the Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell. For more information, please visit: https://docs.microsoft.com/en-us/azure/cloud-shell/overview

A company has a set of Virtual Machines (VMs) defined within Microsoft Azure. One of the machines was down due to issues with the underlying Azure Infrastructure. The server was down for an extended period of time and breached the standard SLA defined by Microsoft. How will Microsoft reimburse the downtime cost?

By providing service credits to the customer because Microsoft Azure cloud service provider always refunded by giving "service credits" in case of breaches in their in SLAs. The "Service Credit" is the percentage of the applicable monthly service fees credited to customers following claim approval For more information, please visit: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_8/

A company has just setup an Azure subscription and an Azure tenant. Which of the following can the company use to create an Azure support request?

Correct Answer - B You can create a support request in the Azure portal itself. You just have to go to "Help + support" and then click on "New support request" Since this is clear from the implementation, all other options are incorrect For more information on creating a support request, please visit the below URL https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request

Government Cloud

Government Cloud is a comprehensive cloud platform designed expressly for U.S. Federal, State, and Local Governments to meet the U.S. Government's thorough security and compliance regulations. It has the flexibility to run in government, public, or private clouds with an integrated open platform.

A company is planning on creating several Virtual Machines within Microsoft Azure. They would be using the Azure Virtual Machine service. Which of the following is the right category to which the Azure Virtual Machine service belongs to?

Infrastructure as a service (IaaS) because IaaS gives you a server in the cloud (virtual machine) that you have complete control over. With an Azure VM, you are responsible for managing everything from the Operating System on up to the application you are running. For more information, please visit: https://azure.microsoft.com/en-us/blog/infrastructure-as-a-service-series-virtual-machines-and-windows/

IoT Edge

IoT Edge is incorrect because it moves cloud analytics and custom business logic to devices so that your organization can focus on business insights instead of data management. Scale out your IoT solution by packaging your business logic into standard containers, then you can deploy those containers to any of your devices and monitor it all from the cloud. Analytics drives business value in IoT solutions, but not all analytics needs to be in the cloud. If you want to respond to emergencies as quickly as possible, you can run anomaly detection workloads at the edge. If you want to reduce bandwidth costs and avoid transferring terabytes of raw data, you can clean and aggregate the data locally then only send the insights to the cloud for analysis.

Azure IoT Edge is made up of three components:

IoT Edge modules are containers that run Azure services, third-party services, or your own code. Modules are deployed to IoT Edge devices and execute locally on those devices. The IoT Edge runtime runs on each IoT Edge device and manages the modules deployed to each device. A cloud-based interface enables you to remotely monitor and manage IoT Edge devices. For more information, please see: https://docs.microsoft.com/en-us/azure/iot-edge/about-iot-edge

want to ensure that no one accidentally deletes the Virtual Machine. Which of the following would you modify to effectively implement this requirement?

Locks is the correct answer because With Azure Locks, an administrator may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the Azure portal, the locks are called Delete and Read-only respectively. CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource. ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

A company is currently planning on deploying resources to Microsoft Azure. They want to have the ability to manage the compliance of resources across multiple subscriptions. Which of the following can help you achieve this requirement?

Management Groups is the correct answer because Management Groups are containers that help you manage access, policy, and compliance across multiple subscriptions. You can create these containers to build an effective and efficient hierarchy that can be used with Azure Policy and Azure Role Based Access Controls. subscriptions are managed by mgt. goroups by cost/policy perspective.

Microsoft Power Apps

Microsoft Power Apps is a suite of apps, services, connectors and data platform that provides a rapid application development environment to build custom apps for your business needs. Using PowerApps, you can quickly build custom business apps that connect to your business data stored either in the underlying data platform (Common Data Service) or in various online and on-premises data sources (SharePoint, Excel, Office 365, Dynamics 365, SQL Server, and so on). For more information, please visit: https://docs.microsoft.com/en-us/powerapps/powerapps-overview

A company wants to setup users in within their Microsoft Azure Account. They have segregated their users into groups. They now want to ensure they set the right permissions for users and administrators accordingly. They need to manage the permissions effectively. You recommend using Azure Policies. Does this recommendation meet the requirement?

No because Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.

A company is planning on upgrading their current Microsoft Azure Free plan to the Basic plan. Does the Free and Basic Azure AD plan come with the same standard support from Microsoft?

No because only paid services come with standard support. Basic is a form of paid support tier as shown in the visual below.

A company wants to setup users within their Microsoft Azure Account. They have segregated their users into groups. They now want to ensure they set the right permissions for users and administrators accordingly. They need to manage the permissions effectively. You recommend using Azure Management Groups. Does this recommendation meet the requirement?

No, because Azure Management Groups refers to the tasks and processes required to maintain your business applications and the resources that support them. Azure has many services and tools that work together to provide complete management. These services aren't only for resources in Azure, but also in other clouds and on-premises. Understanding the different tools and how they work together is the first step in designing a complete management environment.

A company is planning on using the Azure Firewall service. Would the Azure firewall service encrypt all network traffic sent from Azure to the Internet?

No-azure firewall service is primarily used to protect your network infrastructure.

A company is planning on using the Microsoft Azure Content Delivery Service. Which of the following is the right cloud concept to which the Azure Content Delivery service belongs to?

Platform as a service (PaaS) that is what Azure Content Delivery Network (CDN) is. It's a global CDN solution for delivering high-bandwidth content. It can be hosted in Azure or any other location. With Azure CDN, you can cache static objects loaded from Azure Blob storage, a web application, or any publicly accessible web server, by using the closest point of presence (POP) server. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network and routing optimizations.

A support engineer plans to perform several Azure management tasks by using the Azure CLI. You install the CLI on a computer. You need to tell the support engineer which tools to use to run the CLI. Which two tools should you instruct the support engineer to use?

Powershell and CommandPrompt The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation. the az command from either Windows Command Prompt or PowerShell. PowerShell offers some tab completion features not available from Windows Command Prompt.

A company is planning on migrating their public web site to Microsoft Azure. Which of the following should the company consider when it comes to hosting their public web site within Microsoft Azure?

They would need to consider paying a monthly cost for their chosen solution. Through Microsoft Azure Web Sites, a PaaS platform, you choose the plan you want with specifics to meet your needs. Visit the following resource to get a better understanding of Azure App Service pricing:

A company needs to connect their on-premise data center to an Azure Virtual Network using a Site-to-Site connection.

Virtual Network Gateway because with a VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

azure advisor

analyses your deployed azure resources and recommends ways to improve availability, security, performance, and costs get proactive, actionable, and personalized best practice and recommendations improve the performance, security, and availibity of resources identify opportunities to reduce azure costs

disaster recovery

backup target, recovery environment can have a region pair

A company is planning on moving some of their on-premise resources to Azure. They have to provide a business justification for moving to Azure. They have to classify expenses as part of the business justification. Which category would the following expense come under? "New On-premise performance cluster to host a Big Data solution"

capital expenditure

Azure Information Protection

classifies and protects documents, and emails by applying labels -automatically using rules and conditions defined by admin -manually, by users -by combining automatic and manual methods guided by recommendations

private cloud

computing resources used exclusively by one business or organization. the private cloud can be physically located at your org's on site datacenter or can be hosted by a third party service provider. but in a private cloud, the service and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your org. in this way, a private cloud can make it easier for an org to customize its resources to meet specific IT requirements. private clouds are often used by gov agencies, financial institutions, any other mid to large size org with business critical operations seeking enhanced control over their environment.

Azure Marketplace

connects users with solutions: Microsoft partners, independent software vendors (ISVs), start-ups....over 10,000 listings

predictive cost consideration

consumption bsed service

application sla

customer determine what sea needed for app know your workload requirement and usage pattern design resiliency establish availbity metrics-mean time to recovery(mttr) and mean time between failures(mtbf) establish recovery metrics-recovery time objective and recovery point objective(pro) implement resiliency strategies build in availbity requirements

economy of scale

efficient/lower cost

Network Security Groups (NSG)

filters network traffic to and fro, azure reousrces on azure virtual network. set inbound and outbound rules to filter by sources and destination IP address, port, and protocol add multiple rules, as needed, within subscription limits. azure applies default, baseline, security rules to new NSG. Overide default rules with new higher priority rules.

Role-Based Access Control (RBAC)

fine grained access mgt. segregate duties within your team and grant only amount of access to users that need to perform their jobs enables allowing or disallowing access to azure portal and controlling access to resources

composite sla

if app is 99.95% sea and the azure sql database has a 99.99% what is composite=99.94% improve sea by creating independent failback paths

Resource Groups

in Microsoft Azure, Resource Groups provide a new approach to grouping a collection of assets in logical groups for easy or even automatic provisioning, monitoring, and access control, and for more effective management of their costs.

pricing details

inbound data transfers are free outbound data transfers depends on GB after 5 GB it is decreases per about of TB/month

pricing details

inbound-free

get Azure government services

meets the security and compliance needs of us federal agencies, state and local gov, and their solution providers. azure gov: separate instance of azure physically isolated from non us gov deployents accessible only to screened personalle

azure event grid

power event driven and server less apps. simplify your event based apps with event grid, a single service for managing routing of all events from any source to any destination. designed for high availability, consistent performance, and dynamic scale. event grid lets you focus on app logic rather than infrastructure.

Azure DDoS protection

protect from distriburted denial of service attacks -always on monitoring and automatic network attack mitigation -adaptive tuning based on platform insights in azure -application layer protection with azure app gateway web app firewall integration with azure monitor for analytics and insights protection against the unforeseen costs of a DDoS attack

Perimieter Layer

protects network boudoirs with Azure DDos protection and azure firewall

Azure App Service

would be incorrect because an Azure App Service is a fully managed "Platform-as-a-Service" (PaaS) that integrates Microsoft Azure Websites, Mobile Services, and BizTalk Services into a single service, adding new capabilities that enable integration with on-premises or cloud systems.

What can you do with RBAC?

1. allow one user to manage virtual machines in a subscription and another user to manager virtuall netowrks 2. allow a dab group to manage sql databases in a subscription 3. allow a user to manage all resources Ain a resource group, such as virtual machines, websites, ands ubnets 4. allow an application to access all resources in a resource group.

Your company is planning on hosting resources within Microsoft Azure. Is it possible for outside users to have access to resources within Azure, or do the users have to be specifically defined in Azure AD only?

. No, users from the outside can also get access to Azure resources because of Azure role-based access control (RBAC) which allows better security management for large organizations and for small and medium-sized businesses working with external collaborators, vendors, or freelancers that need access to specific resources in your environment, but not necessarily to the entire infrastructure or any billing-related scopes. You can use the capabilities in Azure Active Directory B2B to collaborate with external guest users and you can use RBAC to grant just the permissions that guest users need in your environment.

A company is planning on setting up a solution within Microsoft Azure. The solution would have the following key requirement: - A tool used to monitor Web applications hosted in production based environments Which of the following would be best suited for this requirement?

. Azure Application Insights because it is a a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and Java EE, hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center.

A company is planning on setting up a solution within Microsoft Azure. The solution would have the following key requirement: - A simplified tool to build intelligent Artificial Intelligence applications Which of the following would be best suited for this requirement?

. Azure Cognitive Services because they are APIs, SDKs, and services available to help developers build intelligent applications without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily add cognitive features into their applications. The goal of Azure Cognitive Services is to help developers create applications that can see, hear, speak, understand, and even begin to reason. The catalog of services within Azure Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web Search, and Decision. Simplified, it can be used as a tool to build intelligent AI applications. For more information, please visit:

A company wants to make use of Microsoft Azure for deployment of various solutions. They want to ensure that whenever users authenticate to Azure, they have to make use of Multi-Factor Authentication (MFA). Which of the following can help them achieve this?

. Azure Identity Protection is a tool that allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to third-party utilities for further analysis. Azure Active Directory Identity Protection accomplishes this and offers MFA. For more information, please visit: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

A company is planning on hosting an application on a set of Virtual Machines. The Virtual Machines are going to be running for a prolonged duration of time. Which of the following should be considered to reduce the overall cost of Virtual Machine usage?

. Azure Reservation because they help you save money by committing to one-year or three-years plans for virtual machines, Azure Blob storage or Azure Data Lake Storage Gen2, SQL Database compute capacity, Azure Cosmos DB throughput, or other Azure resources. Committing allows you to get a discount on the resources you use. Reservations can significantly reduce your resource costs up to 72% on pay-as-you-go prices. Reservations provide a billing discount and don't affect the runtime state of your resources. If you have virtual machines, Blob storage data, Azure Cosmos DB, or SQL databases that use significant capacity or throughput, or that run for long periods of time, buying a reservation gives you the most cost-effective option. For example, when you continuously run four instances of a service without a reservation, you're charged at pay-as-you-go rates. When you buy a reservation for those resources, you immediately get the reservation discount. The resources are no longer charged at the pay-as-you-go rates.

A company needs to create around 50 customized Virtual Machines. Out of these 20 are Windows based Virtual machines and 30 are Ubuntu Machines. Which of the following would help reduce the administrative effort required to deploy the machines?

. Azure ScaleSets because Azure virtual machine scale sets let you create and manage a group of identical, load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. More for information, please visit: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

A company wants to setup users within their Microsoft Azure Account. They have segregated their users into groups. They now want to ensure they set the right permissions for users and administrators accordingly. They need to manage the permissions effectively. You recommend using Azure Role Based Access. Does this recommendation meet the requirement?

. Yes, because Azure role-based access control (RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.

They want to ensure that resources within the Resource Group (RG) don't get accidentally deleted. Which of the following would you use for this purpose?

. Locks because As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively. CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource. ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

An IT administrator for a company has been given a powershell script. This powershell script will be used to create several Virtual Machines in Azure. You have to provide a machine to the IT administrator for running the powershell script. You decide to provide a Linux machine which has the Azure CLI tools installed. Would this solution fit the requirement?

. No because Azure PowerShell is basically an extension of Windows PowerShell. It lets Windows PowerShell users control Azure's robust functionality. From the command line, Azure PowerShell programmers use preset scripts called cmdlets to perform complex tasks like provisioning virtual machines (VMs) or creating cloud services. For more information, please visit: https://docs.microsoft.com/en-us/powershell/azure/get-started-azureps?view=azps-3.1.0

A company has a set of resources deployed to Microsoft Azure. They want to make use of the Azure Advisor tool. Would the Azure Advisor tool give recommendations on how to configure Virtual Network settings?

. No, because Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. With Advisor, you can: Get proactive, actionable, and personalized best practices recommendations. Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend. Get recommendations with proposed actions inline. For more information, please visit: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

A company plans to setup multiple resources within their Microsoft Azure subscription. They want to implement tagging of resources within Microsoft Azure. But they want to ensure that when resource groups are created, they have to contain a tag with a name of "organization" and value of "montana". You recommend using Azure Key Vault for implementing this requirement. Would this recommendation fulfill the requirement?

. No, because Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is logical group of secrets. Here are other important terms: Tenant: A tenant is the organization that owns and manages a specific instance of Microsoft cloud services. It's most often used to refer to the set of Azure and Office 365 services for an organization. Vault owner: A vault owner can create a key vault and gain full access and control over it. The vault owner can also set up auditing to log who accesses secrets and keys. Administrators can control the key lifecycle. They can roll to a new version of the key, back it up, and do related tasks. Vault consumer: A vault consumer can perform actions on the assets inside the key vault when the vault owner grants the consumer access. The available actions depend on the permissions granted. Resource: A resource is a manageable item that's available through Azure. Common examples are virtual machine, storage account, web app, database, and virtual network. There are many more. Resource group: A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups, based on what makes the most sense for your organization. Service principal: An Azure service principal is a security identity that user-created apps, services, and automation tools use to access specific Azure resources. Think of it as a "user identity" (username and password or certificate) with a specific role, and tightly controlled permissions. A service principal should only need to do specific things, unlike a general user identity. It improves security if you grant it only the minimum permission level that it needs to perform its management tasks. Azure Active Directory (Azure AD): Azure AD is the Active Directory service for a tenant. Each directory has one or more domains. A directory can have many subscriptions associated with it, but only one tenant. Azure tenant ID: A tenant ID is a unique way to identify an Azure AD instance within an Azure subscription. Managed identities: Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them. Using a managed identity makes solving this problem simpler by giving Azure services an automatically managed identity in Azure AD. You can use this identity to authenticate to Key Vault or any service that supports Azure AD authentication, without having any credentials in your code. For more information, see the following image and the overview of managed identities for Azure resources.

A company is planning on setting up a Microsoft Azure Free Account. Does the Standard Support plan come along with the Microsoft Azure Free Account?

. No, because Azure Standard support is intended for customers running production workloads and offers unlimited 24/7 technical and billing support for your entire organization. It isn't a free service, it's one of 5 support tiers.

A company wants to try out some services which are being offered by Microsoft Azure in Public Preview. Does Microsoft provide a separate Azure portal for trying out the services in Public Preview?

. Yes, because Microsoft Azure offers preview features to you for evaluation purposes. A preview may include preview, beta, or other pre-release features, services, software, or regions. Previews are subject to reduced or different service terms, as set forth in your service agreement and the preview supplemental terms -https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/ . Previews are made available to you on the condition that you agree to these terms of use, which supplement your agreement governing the use of Azure. So If you want to test public preview features you would go to for preview.portal.azure.com If you want to implement the public preview solution, you'd use portal.azure.com For more information, please visit: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

A company has setup a Virtual Machine as part of their purchase subscription. They now want to move the Virtual Machine to another subscription. Is this possible?

. Yes, you can move a VM and its associated resources to a different subscription by using the Azure Portal simply by selecting the subscription where you want the VM to be moved, or select an existing resource group, or enter a name to have a new resource group created are all possible methods of accomplishing the same thing.

Your company needs to deploy and manage several Microsoft Azure Web apps using the Azure App service resource. Which of the following URL's would you use to manage the Azure Web Apps?

. https://portal.azure.com is the correct answer. The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments. Create custom dashboards for an organized view of resources. Configure accessibility options for an optimal experience. The Azure portal is designed for resiliency and continuous availability. It has a presence in every Azure datacenter. This configuration makes the Azure portal resilient to individual datacenter failures and avoids network slow-downs by being close to users. The Azure portal updates continuously and requires no downtime for maintenance activities. The proper URL to access the portal would be: https://portal.azure.com For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview

Azure Security Center

A monitoring service that provides threat protection across azure and on Prem service provides security recommendation based on configuration, resources, and networks, monitors security settings across on Prem and cloud workloads automatically applies your security policies to any new services you provision. detect, assess, diagnosis phases

Your company is planning on using Azure AD for authentication to the resources defined in Azure. Does Azure AD have built-in capabilities for securing authentication and authorization to resources?

A. Yes, Azure Active Directory (Azure AD) is Microsoft's cloud-based identity and access management service, which helps your employees sign in and access resources such as Microsoft Office 365, the Azure portal, and thousands of other SaaS applications with built-in capabilities for securing both authentication and authorization. For more information, please visit: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

A company is planning on deploying resources to a Resource Group (RG) within Microsoft Azure. The company is planning on assigning permissions to the Resource Group (RG). Would the resources within the Resource Group (RG) also inherit the same permissions?

A. Yes, the Resource Group (RG) will inherit the same permissions because permissions in the top level scope are automatically inherited to the level below - meaning subscription level users have the same permissions to the resource groups and the resource group level users have the same permission to the individual resources within the resource group. For more information, please visit: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal

Agility

Agility is the measure of IT's contribution and ability to adapt to day to day business situations. For more information, please visit: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/agility-outcomes

Append Blob

An append blob is comprised of blocks and is optimized for append operations. When you modify an append blob, blocks are added to the end of the blob only, via the Append Block operation. Updating or deleting of existing blocks is not supported. Unlike a block blob, an append blob does not expose its block IDs.

You need to manage Microsoft Azure by using Azure Cloud Shell.Which Azure portal icon should you select?

Arrow facing right. 1 because Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

A company has deployed their solutions on to Microsoft Azure. They have users that connect to Azure AD via the Internet. They have the requirement that if users try to login from an anonymous IP address, they are then prompted to change their password. Which of the following should the company consider for this requirement?

Azure AD Identity Protection because Identity this is a tool that allows organizations to accomplish three key tasks: Automate the detection and remediation of identity-based risks. Investigate risks using data in the portal. Export risk detection data to third-party utilities for further analysis. Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. Microsoft analyses 6.5 trillion signals per day to identify and protect customers from threats. The signals generated by and fed to Identity Protection, can be further fed into tools like Conditional Access to make access decisions, or fed back to a security information and event management (SIEM) tool for further investigation based on your organization's enforced policies.

A company is planning on setting up a solution within Microsoft Azure. The solution would have the following key requirement: - Provide a digital online assistant that provides speech support Which of the following would be best suited for this requirement?

Azure AI Bot Service because Azure Bot Service and Bot Framework provide tools to build, test, deploy, and manage intelligent bots, all in one place. Through the use of modular and extensible framework provided by the SDK, tools, templates, and AI services developers can create bots that use speech, understand natural language, handle questions and answers, and more. For more information, please visit: https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0

A company wants to make use of Microsoft Azure to deploy various business solutions. They want to ensure that suspicious attacks and threats to resources within their Microsoft Azure account are prevented. Which of the following helps prevent such attacks by using built-in sensors in Azure?

Azure Advanced Threat Protection because Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Azure ATP enables SecOp analysts and security professionals struggling to detect advanced attacks in hybrid environments to: Monitor users, entity behavior, and activities with learning-based analytics Protect user identities and credentials stored in Active Directory Identify and investigate suspicious user activities and advanced attacks throughout the kill chain Provide clear incident information on a simple timeline for fast triage For more information, please visit: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - A tool that provides guidance and recommendations to improve an Azure environment Which of the following would be best suited for this requirement?

Azure Advisor because this solution is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.

Azure CLI

Azure CLI provides a command line and scripting environment for creating and managing Azure resources. The Azure CLI is available for macOS, Linux, and Windows operating systems. For more information, please visit: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest

A company needs to implement a solution within Microsoft Azure. Below are the key requirements for this solution: - Ability to store JSON documents - Ensure low latency access to data from around the world Which of the following data solution would you consider for this requirement?

Azure Cosmos DB, because this DB is Microsoft's globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide providing low latency. You can elastically scale throughput and storage, and take advantage of fast, single-digit-millisecond data access using your favorite API including SQL, MongoDB, Cassandra, Tables, or Gremlin. Cosmos DB provides comprehensive service level agreements (SLAs) for throughput, latency, availability, and consistency guarantees, something no other database service offers. In addition you have the ability to store JSON docs.

A company is currently planning on setting up resources as part of their Azure subscription. They are looking at different security options that can be used to secure their Azure environment. Which of the following could be used for the following requirement? "Provide Protection against distributed denial of service attacks" · ​

Azure DDoS protection it is not azure key vault- used to store secrets, certificates and keys it is not azure network security groups- used to restrict traffic into and out of azure virtual machines it is not multi factor authentication- incorrect since this is used to provide an extra level of security during user autheniication

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - An Integration solution for the deployment of code Which of the following would be best suited for this requirement?

Azure DevOps because it provides developer services to support teams to plan work, collaborate on code development, and build and deploy applications. Developers can work in the cloud using Azure DevOps Services or on-premises using Azure DevOps Server. Azure DevOps Server was formerly named Visual Studio Team Foundation Server (TFS).

A company is planning on setting up a solution on the Azure platform. The solution has the following key requirement: - Provide a continuous Integration and Delivery toolset that could work with a variety of languages Which of the following would be best suited for this requirement?

Azure DevOps service

A company is planning on setting up a solution on the Azure platform. The solution has the following key requirement: - Provide a service that could be used to quickly provision development and test environments - Minimize waste on resources with the help of quotas and policies Which of the following would be best suited for this requirement?

Azure DevTest Labs service

A company wants to host their applications on Microsoft Azure using serverless components. They don't want to manage the underlying infrastructure for the application. Which of the following could be used to host code that could be run on a serverless infrastructure? · ​

Azure Function App because Azure Functions Apps are a solution for easily running small pieces of code, or "functions," in the cloud. You can write just the code you need for the problem at hand, without worrying about a whole application or the infrastructure to run it. Functions can make development even more productive, and you can use your development language of choice, such as C#, Java, JavaScript, PowerShell, and Python. Pay only for the time your code runs and trust Azure to scale as needed. Azure Functions lets you develop serverless applications on Microsoft Azure.

A company wants to host their applications on Microsoft Azure using serverless components. They don't want to manage the underlying infrastructure for the application. Which of the following could be used to implement a workflow that could be run on a serverless infrastructure?

Azure Logic Apps because Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

A company has just deployed a set of Virtual Machines (VMs) to host a production software for their end users. The company needs to have a solution that will allow them to know the health of their VMs at all times so they can implement alerts and redundancy. Which solution would best fulfil this need for the company?

Azure Monitor because Microsoft Azure includes services for specific roles or tasks in the monitoring space, but it doesn't provide in-depth health perspectives of operating systems (OSs) hosted on Azure virtual machines (VMs). Although you can use Azure Monitor for different conditions, it's not designed to model and represent the health of core components, or the overall health of VMs. By using Azure Monitor for VMs health, you can actively monitor the availability and performance of a Windows or Linux guest OS. The health feature uses a model that represents key components and their relationships, provides criteria that specifies how to measure component health, and sends an alert when it detects an unhealthy condition. Viewing the overall health state of an Azure VM and the underlying OS can be observed from two perspectives: directly from a VM, or across all VMs in a resource group from Azure Monitor. For more information, please reference:https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-health

A company needs to create a set of resources within Microsoft Azure. For IT Administrators, there is a requirement in which they may only create resources in a certain region. Which of the following can help achieve this?

Azure Policies because Azure Policies is really governance validation that your organization can achieve its goals through effective and efficient use of IT. It meets this need by creating clarity between business goals and IT projects. Does your company experience a significant number of IT issues that never seem to get resolved? Good IT governance involves planning your initiatives and setting priorities on a strategic level to help manage and prevent issues. This strategic need is where Azure Policy comes in. Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest. For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance. This would also apply to the IT administrator in the question who can only create resources in a certain region. A policy assignment is a policy definition that has been assigned to take place within a specific scope. This scope could range from a management group to a resource group. The term scope refers to all the resource groups, subscriptions, or management groups that the policy definition is assigned to. Policy assignments are inherited by all child resources. This design means that a policy applied to a resource group is also applied to resources in that resource group. However, you can exclude a subscope from the policy assignment. For example, at the subscription scope, you can assign a policy that prevents the creation of networking resources. You could exclude a resource group in that subscription that is intended for networking infrastructure. You then grant access to this networking resource group to users that you trust with creating networking resources. In another example, you might want to assign a resource type allow list policy at the management group level. And then assign a more permissive policy (allowing more resource types) on a child management group or even directly on subscriptions. However, this example wouldn't work because policy is an explicit deny system. Instead, you need to exclude the child management group or subscription from the management group-level policy assignment. Then, assign the more permissive policy on the child management group or subscription level. If any policy results in a resource getting denied, then the only way to allow the resource is to modify the denying policy.

Azure PowerShell

Azure PowerShell is basically an extension of Windows PowerShell. It lets Windows PowerShell users control Azure's robust functionality. From the command line, Azure PowerShell programmers use preset scripts called cmdlets to perform complex tasks like provisioning virtual machines (VMs) or creating cloud services. For more information, please visit: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-3.1.0

A company is planning on deploying resources to Microsoft Azure. Which of the following in Azure provides a common platform for deploying objects to the Azure Cloud Infrastructure and also allows implementing consistency across the environment?

Azure Resource Manager because Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure subscription. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment. The benefits of using Resource Manager include: Manage your infrastructure through declarative templates rather than scripts. Deploy, manage, and monitor all the resources for your solution as a group, rather than handling these resources individually. Redeploy your solution throughout the development lifecycle and have confidence your resources are deployed in a consistent state. Define the dependencies between resources so they're deployed in the correct order. Apply access control to all services in your resource group because Role-Based Access Control (RBAC) is natively integrated into the management platform. Apply tags to resources to logically organize all the resources in your subscription. Clarify your organization's billing by viewing costs for a group of resources sharing the same tag. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview

A company has a requirement to deploy 10 different types of Azure resources for several departments. All of the resource types and configurations are the same. Which of the following could be used to automate the deployment of the resources?

Azure Resource Manager templates because Teams need to manage infrastructure and application code through a unified process. To meet these challenges, you can automate deployments and use the practice of infrastructure as code. In code, you define the infrastructure that needs to be deployed. The infrastructure code becomes part of your project. Just like application code, you store the infrastructure code in a source repository and version it. Any one on your team can run the code and deploy similar environments. To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

Your company has several business units. Each business unit requires 20 different Microsoft Azure Resources for daily operation. All the business units require the same types of Azure resources. You need to recommend a solution to automate the creation of the Azure resources. What should you include in the recommendation?

Azure Resource Manager templates because since moving to the cloud, many companies have adopted agile development methods. These teams iterate quickly. They need to repeatedly deploy their solutions to the cloud, and know their infrastructure is in a reliable state. As infrastructure has become part of the iterative process, the division between operations and development has disappeared. Teams need to manage infrastructure and application code through a unified process. To meet these challenges, you can automate deployments and use the practice of infrastructure as code. In code, you define the infrastructure that needs to be deployed. The infrastructure code becomes part of your project. Just like application code, you store the infrastructure code in a source repository and version it. Any one on your team can run the code and deploy similar environments. To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

A company is planning on creating resources for different departments within Microsoft Azure. They want to ensure that they get the bills by the departments. Which of the following should you consider implementing for this requirement?

Azure Tags because with Azure Tags, you apply tags to your Azure resources to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name "Environment" and the value "Production" to all the resources in production. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management such as certain departments like HR or Accounting.

A company is planning on setting up a solution on the Azure platform. The solution has the following key requirement: - Be able to collect events from multiple sources and then relay them to an application Which of the following would be best suited for this requirement?

Azure event grid

A company is currently planning on setting up resources as part of their Azure subscription. They are looking at different security options that can be used to secure their Azure environment. Which of the following could be used for the following requirement? "Provide a store that can be used to store secrets."

Azure key vault it is not azure NSG since use to restrict traffic into and out of Azure virtual machines it is not multi factor authentication since used for extra level of security during user authentication it is not azure dos protections protect DDoS attacks

A company wants to make use of an Azure service that can be used to store certificates. Which of the following could be used for storing certificates?

Azure key vault-store certificates in azure key vault service Not azure security center-incorrect since used to increase security posture of your resources defined in azure not azure storage account-used for object, file, table, and queen storage azure identity protection-used to protect azure AD identifies

A company has just setup an Azure subscription and an Azure tenant. They want to implement strict policies when it comes to the security of Azure resources. They want to implement the following requirements: "Ensure that no one can accidentally delete the virtual machines deployed by the Virtual Machine Administrator team" Which of the following could be used to fulfill the below requirement?

Azure locks It is not azure role based access control since used to given authorization to use azure azure resources it is not azure identity protection since used to protect azure ad identities it is not azure policies since this is used to govern resources in azure.

A company is currently planning on setting up resources as part of their Azure subscription. They are looking at different security options that can be used to secure their Azure environment. Which of the following could be used for the following requirement? "Provide an extra level of security when users log into the Azure Portal"

Azure multi factor authentication- extra level of security can be accomplished by providing a facility of multi factor authentication It is not azure key vault since it is used to store secrets, certificates and keys it is not azure network security groups since this is used to restrict traffic into and out of azure virtual machines it is not azure dos protection since this is used to protect against distributed denial of service attack DDoS

A company is currently planning on setting up resources as part of their Azure subscription. They are looking at different security options that can be used to secure their Azure environment. Which of the following could be used for the following requirement? "Provide the ability to restrict traffic into Azure virtual machines"

Azure network security groups azure key vault is not correct since is used to store secrets, certificates, and keys azure multi factor authentication is incorrect since used to provide extra level of security dur azure ddos protection is incorrect

A company has just setup an Azure subscription and an Azure tenant. They want to implement strict policies when it comes to the security of Azure resources. They want to implement the following requirements: "Ensure that the Virtual Machine Administrator team can only deploy virtual machines of a particular size" Which of the following could be used to fulfill the below requirement?

Azure policies You can accomplish this with the help of policies. There is an in-built policy also available for this purpose azure role based access control- Option A is incorrect since this is used to given authorization to use Azure resources azure identity protection- Option B is incorrect since this is used to protect Azure AD identities azure locks- Option D is incorrect since this is used to protect Azure resources from users accidentally updating or deleting Azure resources

A company has just setup an Azure subscription and an Azure tenant. They want to start deploying resources on the Azure platform. They want to implement a way to deploy the resources so that they would be located closest to the users accessing those resources. Which of the following could be used for this requirement?

Azure regions

Big data analytics in Azure

Azure synapse analytics- cloud based enterprise data warehouse, massively parallel processing Azure HDinsight-fully managed, open source analytics service, easier/faster/cost effective azure data lake analytics- on demand analytics job service

Block Blob

Block blobs are optimized for uploading large amounts of data efficiently. Block blobs are comprised of blocks When you upload a block to a blob in your storage account, it is associated with the specified block blob, but it does not become part of the blob until you commit a list of blocks that includes the new block's ID. New blocks remain in an uncommitted state until they are specifically committed or discarded. There can be a maximum of 100,000 uncommitted blocks Blobs in the Azure storage emulator are limited to a maximum size of 2 GiB.Once the blob has been created, its type cannot be changed, and it can be updated only by using operations appropriate for that blob type, i.e., writing a block or list of blocks to a block blob, appending blocks to a append blob, and writing pages to a page blob. ll blobs reflect committed changes immediately. Each version of the blob has a unique tag, called an ETag, that you can use with access conditions to assure you only change a specific instance of the blob.

Azure Chinea 21 Vianet

China's first foreign public cloud service provider in compliance with gov regulations. physically separated instance of azure cloud services, located in china operated by 21vianet(azure china 21vianet)

A company wants to create multiple data stores in Microsoft Azure. They want to have storage layers that can be used to store data that is infrequently used. Which of the following storage tiers for Azure BLOB storage would be suitable for this type of requirement? Choose 2 answers from the options given below.

Cool Storage & D. Archive Storage are correct because Azure storage offers different access tiers, which allow you to store blob object data in the most cost-effective manner. The available access tiers include: Hot - Optimized for storing data that is accessed frequently. Cool - Optimized for storing data that is infrequently accessed and stored for at least 30 days. Archive - Optimized for storing data that is rarely accessed and stored for at least 180 days with flexible latency requirements (on the order of hours). For more information, please visit: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers

A company wants to start using Azure services. They have several departments that would need to make use of Azure services. They want to give the ability for each department to use a different payment option for the amount of Azure services they consume. Which of the following should each department use to fulfill this requirement?

Correct Answer - B The billing for Azure resources is tagged to a subscription. Hence to segregate the billing for each department, each of them can have a different subscription. For more information on subscriptions, please visit the below URL which refers to a blog article on the benefits of a Windows subscription https://blogs.msdn.microsoft.com/arunrakwal/2012/04/09/create-windows-azure-subscription/

A company wants to migrate their current on-premise servers to the cloud utilizing Microsoft Azure. They require that their servers are running even in the event that a single Data Center goes down. Which of the following terms best refers to the concept that needs to be implemented to fulfill this requirement?

Correct Answer: A. Fault tolerance A context clue is given in the question itself that helps identify which term best describes the concept the company wants, "They want to ensure that their servers are running even in the event that a single Data Center goes down". Fault Tolerance is a concept in IT in which a computer system or set of infrastructure is designed in such a way that when one component fails (be it hardware , software, or network) a backup component takes over operations immediately so that there is no loss of service. So if the company hosted servers at two Data Centers, even if one Data Center went down the other Data Center would "turn on" and continue running those servers without any loss in service. It is also good to know why options B,C,D are incorrect and the easiest way is to simply remember their definitions: Elasticity is a term related to scaling. Elastic computing is the ability to quickly expand or decrease computer processing, memory, or storage resources to meet changing demands. Scalability is a term related to the adaptability of the system to the changed amount of workload or traffic to the web application. You can "Scale-up" (Upgrade the capacity of the host where the app is hosted by increasing RAM size for example) and you can "Scale-out" (Upgrade the capacity of the hosted application by increasing the number of host instances such as having a 'Load Balancer' where your application is hosted on multiple instances). Low Latency is a term that describes a computer network that is optimized to process a very high volume of data with minimal delay (latency).

DDoS Protection Premium

DDoS Protection Premium is incorrect because Microsoft Azure only provides Basic and Standard DDoS Protection. For more information, please visit: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

DDoS Protection Isolated

DDoS Protection Isolated is incorrect because Microsoft Azure only provides Basic and Standard DDoS Protection. For more information, please visit: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

A company is planning on hosting an application on a set of Virtual Machines in Microsoft Azure. They want to ensure that the application survives a region wide failure within Azure. Which of the following concept needs to be considered to fulfill this requirement?

Disaster Recovery is correct. Disaster recovery is the process of restoring application functionality in the wake of a catastrophic loss. For more information, please visit: https://docs.microsoft.com/en-us/azure/architecture/framework/resiliency/backup-and-recovery

IaaS

Disks-persident disks, premium storage, SSD baed high IOPS, low latency, lift and shift operations files-SIMB And REST access, access anywehere, secure access

Elasticity

Elasticity or elastic computing is the ability to quickly expand or decrease computer processing, memory, and storage resources to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids paying for unused capacity or idle resources and doesn't have to worry about investing in the purchase or maintenance of additional resources and equipment. For more information, please visit:https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

A company is planning on implementing the architecture below: Larger image on prem--->> site to site vpn---> (VM) outside <Virtual Network>

Hybrid Cloud is correct because a hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them. When computing and processing demand fluctuates, hybrid cloud computing gives businesses the ability to seamlessly scale their on-premises infrastructure up to the public cloud to handle any overflow—without giving third-party data-centers access to the entirety of their data. Organizations gain the flexibility and computing power of the public cloud for basic and non-sensitive computing tasks, while keeping business-critical applications and data on-premises, safely behind a company firewall. For more information, please visit: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/

which of the following categories does azure kubernetes come over?

Infrastructure as a service-compute,network,storage,mobile,database,web, IoT, big data, artificial inteligence, devOps compute service one of primary reasons to move to platform. -azure vm -azuer vm scale sets -azure kubermetes service

You are trying to understand the different cloud models. Which of the following are advantages of using the public cloud? Choose 2 answers from the options give below

Lower cost, high reliablity

A company is planning on hosting resources within Microsoft Azure. They want to ensure that Azure complies with the rules and regulations of the region for hosting resources. Which of the following can assist the company in getting the required compliance reports?

Microsoft Trust Center because within this resource, you can take advantage of more than 90 compliance certifications, including over 50 specific to global regions and countries, such as the US, the European Union, Germany, Japan, the United Kingdom, India, and China. And, get more than 35 compliance offerings specific to the needs of key industries, including health, government, finance, education, manufacturing, and media. Your emerging compliance needs are covered, too: Microsoft engages globally with governments, regulators, standards bodies, and non-governmental organizations. Explore Azure compliance offerings in the Microsoft Trust Center.

A company has just setup an Azure subscription. The company is planning on creating several resource groups. By creating additional resource groups, would the company incur additional costs?

No-resource groups have no costs associated with them

A company is planning on hosting solutions on within Microsoft Azure Cloud. They need to implement MFA for identities hosted within Microsoft Azure. Is it necessary to deploy a federation solution or sync on-premise identities to the cloud?

No because several options are available for managing identity in a cloud environment. These options vary in cost and complexity. A key factor in structuring your cloud-based identity services is the level of integration required with your existing on-premises identity infrastructure. In Azure, Azure Active Directory (Azure AD) provides a base level of access control and identity management for cloud resources. However, if your organization's on-premises Active Directory infrastructure has a complex forest structure or customized organizational units (OUs), your cloud-based workloads might require directory synchronization with Azure AD for a consistent set of identities, groups, and roles between your on-premises and cloud environments. Additionally, support for applications that depend on legacy authentication mechanisms might require the deployment of Active Directory Domain Services (AD DS) in the cloud. Cloud-based identity management is an iterative process. You could start with a cloud-native solution with a small set of users and corresponding roles for an initial deployment. As your migration matures, you might need to integrate your identity solution using directory synchronization or add domains services as part of your cloud deployments. Revisit your identity strategy in every iteration of your migration process.

Your company wants to provision a set of Azure virtual machines. An application will be installed on these virtual machines. The company wants to ensure that the user traffic is distributed across the virtual machines. You decide to use the Azure VPN Gateway service for traffic distribution. Would this fulfil the requirement?

No-This service is used to help connect an on-premise data center to an Azure virtual Network The Microsoft documentation mentions the following

A company wants to start using Microsoft Azure. They want to make use of availability zones within Azure. If they deploy resources across all regions in Azure, can they make use of availability zones in all regions in Azure?

No, because Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Availability Zones allow customers to run mission-critical applications with high availability and low-latency replication although their are not enough availability zones world wide though to implement due to the lack of a availability zone not within a specific region. There are dedicated regions for US Government as per the image below - US Gov Arizona, US Gov Iowa, US Gov Texas, US Gov Virginia, US DoD East and US DoD Central. You cannot deploy resources in these regions as these are dedicated to US Government. The question asks for "...........make use of availability zones in all regions in Azure" The answer is NO because the normal user is not used to deploy resources in these regions, let alone using the availability zones in these regions

A company wants to host an application within Microsoft Azure. The application connects to a database in Azure. The company to store the database password in a secure location. You recommend the usage of the Azure Advisor for storage of the password. Would this fulfill the requirement?

No, because Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. With Advisor, you can: -Get proactive, actionable, and personalized best practices recommendations. -Improve the performance, security, and high availability of your resources, as you identify opportunities to reduce your overall Azure spend. -Get recommendations with proposed actions inline

A company is planning on moving to Microsoft Azure. Senior management wants to get an idea on the cost that will be incurred if decided to host resources within Azure. You recommend using the Azure Cost Management to get the required costing of the resources. Would this recommendation fit the requirement?

No, because Azure Cost Management is a native Azure cost management solution. It helps you analyze costs, create and manage budgets, export data, and review and act on optimization recommendations to save money while already in production. For more information, please visit: https://docs.microsoft.com/en-us/azure/cost-management/overview

A company plans to setup multiple resources within their Microsoft Azure subscription. They want to implement tagging of resources in Microsoft Azure. But they want to ensure that when resource groups are created, they have to contain a tag with a name of "organization" and value of "montana". You recommend using Azure locks for implementing this requirement. Would this recommendation fulfill the requirement?

No, because Azure Locks, from an administrator perspective means you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource. ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role. For more information on locking resources, please visit https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources

A company is planning on moving to Microsoft Azure. Senior management wants to get an idea on the cost that would be incurred when hosting resources within Azure. You recommend using the Cloudyn service to get the required costing of the resources. Would this recommendation fit the requirement?

No, because Cloudyn, a Microsoft subsidiary, allows you to track cloud usage and expenditures for your Azure resources and other cloud providers including AWS and Google. Easy-to-understand dashboard reports help with cost allocation and showbacks/chargebacks as well. Cloudyn helps optimize your cloud spending by identifying underutilized resources that you can then manage and adjust. For more information, please visit: https://docs.microsoft.com/en-us/azure/cost-management/overview

A company is planning on hosting 2 Virtual Machines within Microsoft Azure as shown below: Virtual Machine Name Virtual Machine Size---------------------------------- ------------------------------- demovm B1S demovm1 B1S Would both the Virtual Machines always generate the same monthly costs?

No, because VMs usually use some form of storage, such as Azure Managed Disks, which are the new and recommended disk storage offering for use with Azure virtual machines for persistent storage of data. You can use multiple Managed Disks with each virtual machine. Microsoft offers four types of Managed Disks — Ultra Disk, Premium SSD Managed Disks, Standard SSD Managed Disks, Standard HDD Managed Disks. One disk could be used for storage of data and another for an os system or a temporary disk to store data temporarily. If one VM stops and the other runs, the cost will not be the same. Also, if one fails in one disk it won't affect the other disks. If one VM has storage and the other does not, the cost will not be the same. If you scale in or out one VM, the cost will not be the same. For more information, please visit: https://azure.microsoft.com/en-us/pricing/details/managed-disks/

A company wants to host an application within Microsoft Azure. The application connects to a database in Azure. The company to store the database password in a secure location. You recommend the usage of the Azure Security Center for storage of the password. Would this fulfill the requirement?

No, because the Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Keeping your resources safe is a joint effort between your cloud provider, Azure, and you, the customer. You have to make sure your workloads are secure as you move to the cloud, and at the same time, when you move to IaaS (infrastructure as a service) there is more customer responsibility than there was in PaaS (platform as a service), and SaaS (software as a service). Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you're on top of your security posture. Azure Security Center addresses the three most urgent security challenges: Rapidly changing workloads - It's both a strength and a challenge of the cloud. On the one hand, end users are empowered to do more. On the other, how do you make sure that the ever-changing services people are using and creating are up to your security standards and follow security best practices? Increasingly sophisticated attacks - Wherever you run your workloads, the attacks keep getting more sophisticated. You have to secure your public cloud workloads, which are, in effect, an Internet facing workload that can leave you even more vulnerable if you don't follow security best practices. Security skills are in short supply - The number of security alerts and alerting systems far outnumbers the number of administrators with the necessary background and experience to make sure your environments are protected. Staying up-to-date with the latest attacks is a constant challenge, making it impossible to stay in place while the world of security is an ever-changing front. For more information, please visit: https://docs.microsoft.com/en-us/azure/security-center/security-center-intro

A customer is planning on creating several Free Microsoft Azure Accounts. Is a customer allowed a maximum of 10 Free Microsoft Azure account?

No, because there is a limit of one account with 12 months free access to products and $200 credit per new customer. You can, however, use as many products as you like beyond the free amounts by upgrading your account to pay-as-you-go pricing.

A company has just started using Azure. They have setup resources as part of their subscription. They want to get the current costs being incurred. They decide to use the Pricing Calculator to get this information. Would this fulfill the requirement?

No-("current costs being incurred" any current cots can be from cost mgt in the azure portal pricing calculator only used to get the estimated costs.

Your company has just set up an Azure subscription and an Azure tenant. They want to use recommendations given by the Azure Advisor tool. If your company starts implementing the recommendations given by the Azure Advisor tool, would the company's security score decrease?

No-If you improve the security stance of your resources, your security score will increase. The security score is maintained in Azure Security Center. For more information on the Azure Security Center score, please visit the below URL https://docs.microsoft.com/en-us/azure/security-center/security-center-secure-score

A company wants to deploy a set of Azure Windows virtual machines. They want to ensure that the services on the virtual machines are still accessible even if a single data center goes down. They decide to deploy the set of virtual machines using scale sets. Would this fulfill the requireme

No-Scale Sets are used for scaling purposes

Your company wants to provision a set of Azure virtual machines. An application will be installed on these virtual machines. The company wants to ensure that the user traffic is distributed across the virtual machines. You decide to use the Azure HDInsight service for traffic distribution. Would this fulfil the requirement?

No-The Azure HDInsight service is used for implementing Big Data related open source frameworks. The Microsoft documentation mentions the following

A company wants to try out some services which are being offered by Microsoft Azure in Public Preview. Should the company deploy resources which are part of Public Preview in their production environment?

No. Azure may include preview, beta, or other pre-release features, services, software, or regions offered by Microsoft to obtain customer feedback ("Previews"). Previews are made available to you on the condition that you agree to these terms of use, which supplement your agreement governing use of Azure. PREVIEWS ARE PROVIDED "AS-IS," "WITH ALL FAULTS," AND "AS AVAILABLE," AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED WARRANTY which is the main reason not to release in your production enviorment as you have no binding SLA. Previews may not be covered by customer support. Previews may be subject to reduced or different security, compliance and privacy commitments, as further explained in the Microsoft Online Services Privacy Statement, Microsoft Azure Trust Center, the Online Services Terms, and any additional notices provided with the Preview. Customers should not use Previews to process Personal Data or other data that is subject to heightened compliance requirements. Certain named Previews may also be subject to additional terms set forth below, if any. We may change or discontinue Previews at any time without notice. We also may choose not to release a Preview into "General Availability."

Page Blob

Page blobs are a collection of 512-byte pages optimized for random read and write operations. To create a page blob, you initialize the page blob and specify the maximum size the page blob will grow. To add or update the contents of a page blob, you write a page or pages by specifying an offset and a range that align to 512-byte page boundaries.

A company is planning on creating several SQL Databases within Microsoft Azure. They would be using the Azure SQL Database service. Which of the following is the right category to which the Azure SQL Database service belongs?

Platform as a service (PaaS) because Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. Azure SQL Database is always running on the latest stable version of SQL Server Database Engine and patched OS with 99.99% availability. PaaS capabilities that are built-in into Azure SQL database enable you to focus on the domain specific database administration and optimization activities that are critical for your business.

A company wants to purchase a Microsoft Azure support plan. Below is a key requirement from the support plan: - Regular architecture reviews from Microsoft for the company's Azure environment Which of the following plan would the company need to purchase to fulfill this requirement?

Premier because regular architecture reviews from Microsoft for a company's Azure environment are included in this tier

Public Cloud

Public Cloud are the most common way of deploying cloud computing. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. In a public cloud, you share the same hardware, storage, and network devices with other organizations or cloud "tenants." You access services and manage your account using a web browser. Public cloud deployments are frequently used to provide web-based email, online office applications, storage, and testing and development environments. For more information, please visit: https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds

A company has launched a set of Virtual Machines in their Pay-as-you-go Microsoft Azure subscription. After launching a set of VM's they seem to be hitting a constraint of 20 vCPU's and are not able to provision additional Virtual Machines. Which of the following can be done to allow the company to provision more Virtual Machines?

Raise a support ticket with Microsoft because you get easy access to Azure Support by going online to the Azure Portal and submitting a support request. This is the fastest way to hear back from a Support Engineer that will be ready to start helping you. Access to Subscription Management and billing support is included with your Microsoft Azure subscription, and Technical Support is provided through one of the Azure Support Plans. For more information, please visit:

A company is planning on using Azure SQL Data Warehouse for hosting their sales historical data. Which of the following is a feature of the Azure SQL Data Warehouse architecture?

Scalability because the architecture of SQL Data Warehouse separates storage and compute, allowing each to scale independently. As a result, you can scale compute to meet performance demands independent of data storage. You can also pause and resume compute resources. A natural consequence of this architecture is that billing for compute and storage is separate. If you don't need to use your data warehouse for a while, you can save compute costs by pausing compute.

Scalibility

Scalability is the ability of a system to handle increased load, and is one of the pillars of software quality. Use this checklist to review your application architecture from a scalability standpoint. For more information, please visit: https://docs.microsoft.com/en-us/azure/architecture/checklist/scalability

Azure Key Vault

Secrets Mgt.-tightly control access to tokens, passwords, certificates, api keys, and other secrets Key Mgt.-easy to create and control encryption keys used to encrypt your data Certificate Mgt.-azure key vault is also a serve that lets you easily provision, manage, and deploy public and private secure sockets layer/trasnport layer security certificates for use with azure and your internal connected resources. Store secrets backed by Hardware Security Modules. the secrets and keys can be protected either by software or tips 140-2 level 2 validates hsms

Your company plans to purchase Azure. The company's support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement.

Solution: Recommend a Professional Direct support plan.

A company is planning on setting up a private cloud network. Which of the following is an advantage of setting up a private cloud network?

The Private Cloud environment can be rolled out to select users is correct because a private cloud consists of computing resources used exclusively by one business or organization. The private cloud can be physically located at your organization's on-site datacenter, or it can be hosted by a third-party service provider. But in a private cloud, the services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your organization. In this way, a private cloud can make it easier for an organization to customize its resources to meet specific IT requirements. Private clouds are often used by government agencies, financial institutions, any other mid- to large-size organizations with business-critical operations seeking enhanced control over their environment. Advantages of a private clouds: More flexibility—your organization can customize its cloud environment to meet specific business needs. Improved security—resources are not shared with others, so higher levels of control and security are possible. High scalability—private clouds still afford the scalability and efficiency of a public cloud. For more information, please visit: https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/

A company wants to ensure that users in their company are authenticated when they access resources defined in their Microsoft Azure account. Which of the following is the correct definition of authentication?

This is the act of providing legitimate credentials because authentication is the process of proving you are who you say you are (i.e inputting your creds). Authentication is sometimes shortened to AuthN.

An IT administrator for a company has been given a powershell script. This powershell script will be used to create several Virtual Machines in Azure. You have to provide a machine to the IT administrator for running the powershell script. You decide to provide a ChromeOS based machine and use Azure Cloud Shell. Would this solution fit the requirement?

Yes because Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell, accessible via Chrome. For more information, please visit: https://docs.microsoft.com/en-us/azure/cloud-shell/overview

A company is planning on setting up an Enterprise Microsoft Azure Subscription. Do they need to have a valid Microsoft account for associating the Azure Subscription?

Yes because an Enterprise Azure account is a global unique entity that gets you access to Azure services and your Azure subscriptions. You can create multiple subscriptions in your Azure account to create separation e.g. for billing or management purposes. In your subscription(s) you can manage resources in resources groups. Azure subscription can have a trust relationship with an Azure Active Directory (Azure AD) instance. But a valid Microsoft account is required to associate with the Azure Subscription.

A company is planning on purchasing Microsoft Azure AD Basic for their Azure account. Does the Azure AD Basic tier come with a SLA of 99.9%?

Yes, Microsoft Azure guarantees at least 99.9% availability of the Azure Active Directory Basic and Premium services. The services are considered available in the following scenarios: Users are able to login to the service, login to the Access Panel, access applications on the Access Panel and reset passwords. IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision users to applications in the directory. No SLA is provided for the Free tier of Azure Active Directory. For more information, please visit: https://azure.microsoft.com/en-us/support/legal/sla/active-directory/v1_0/

A company wants to host an application within Microsoft Azure. The application connects to a database in Azure. The company would like to store the database password in a secure location. You recommend the usage of the Azure Key Vault for storage of the password. Would this fulfill the requirement?

Yes, because Azure Key Vault is a tool for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, or certificates. A vault is logical group of secrets. Here are other important terms: Tenant: A tenant is the organization that owns and manages a specific instance of Microsoft cloud services. It's most often used to refer to the set of Azure and Office 365 services for an organization. Vault owner: A vault owner can create a key vault and gain full access and control over it. The vault owner can also set up auditing to log who accesses secrets and keys. Administrators can control the key lifecycle. They can roll to a new version of the key, back it up, and do related tasks. Vault consumer: A vault consumer can perform actions on the assets inside the key vault when the vault owner grants the consumer access. The available actions depend on the permissions granted. Resource: A resource is a manageable item that's available through Azure. Common examples are virtual machine, storage account, web app, database, and virtual network. There are many more. Resource group: A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups, based on what makes the most sense for your organization. Service principal: An Azure service principal is a security identity that user-created apps, services, and automation tools use to access specific Azure resources. Think of it as a "user identity" (username and password or certificate) with a specific role, and tightly controlled permissions. A service principal should only need to do specific things, unlike a general user identity. It improves security if you grant it only the minimum permission level that it needs to perform its management tasks. Azure Active Directory (Azure AD): Azure AD is the Active Directory service for a tenant. Each directory has one or more domains. A directory can have many subscriptions associated with it, but only one tenant. Azure tenant ID: A tenant ID is a unique way to identify an Azure AD instance within an Azure subscription. Managed identities: Azure Key Vault provides a way to securely store credentials and other keys and secrets, but your code needs to authenticate to Key Vault to retrieve them. Using a managed identity makes solving this problem simpler by giving Azure services an automatically managed identity in Azure AD. You can use this identity to authenticate to Key Vault or any service that supports Azure AD authentication, without having any credentials in your code. For more information, see the following image and the overview of managed identities for Azure resources.

A company is planning on hosting 2 Virtual Machines in Azure as shown below: Virtual Machine Name Virtual Machine Size----------------------------------- ------------------------------- demovm B1S demovm1 B1S When the virtual machine demovm is stopped, you will still incur costs for the storage attached to the Virtual Machine?

Yes, because Azure continues to charge for the VM core hours while it is Stopped (but not Stopped (Deallocated), based on the size of the VM and the image you selected to create it. You continue to accrue charges for the VM's cloud service and the storage needed for the VM's OS disk and any attached data disks. Temporary (scratch) disk storage on the VM is free. More for information, please visit: https://blogs.technet.microsoft.com/uspartner_ts2team/2014/10/10/azure-virtual-machines-stopping-versus-stopping-deallocating/

A company is planning on purchasing Azure AD Premium for their Microsoft Azure account. Does the Azure AD Premium tier come with an SLA of 99.9%?

Yes, because Microsoft guarantees at least 99.9% availability of the Azure Active Directory Basic and Premium services. The services are considered available in the following scenarios: Users are able to login to the service, login to the Access Panel, access applications on the Access Panel and reset passwords. IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision users to applications in the directory. No SLA is provided for the Free tier of Azure Active Directory.

A company is planning on using Azure Storage Accounts. They have the following requirement: - Storage of 2 TB of data - Storage of a million files Would using an Azure Storage Account fulfill these requirements?

Yes, because an Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world over HTTP or HTTPS. Data in your Azure storage account is durable and highly available, secure, and massively scalable.

A company is planning on setting up an Azure Free Account. Does the Basic Support plan come along with the Azure Free Account?

Yes, because the Azure Basic support plan is available to all Microsoft Azure accounts. For more information, please visit: https://azure.microsoft.com/en-us/support/plans/

A company has multiple subscriptions. They want to create resources in the different subscriptions. Is it possible to create resources in multiple subscriptions?

Yes, because typically, you deploy all the resources in your template to a single resource group. However, there are scenarios where you want to deploy a set of resources together but place them in different resource groups or subscriptions. For example, you may want to deploy the backup virtual machine for Azure Site Recovery to a separate resource group and location. Resource Manager enables you to use nested templates to target different subscriptions and resource groups than the subscription and resource group used for the parent template. can have 1 tenant with multiple subscriptions in the tenant. You can deploy to only five resource groups in a single deployment. Typically, this limitation means you can deploy to one resource group specified for the parent template, and up to four resource groups in nested or linked deployments. However, if your parent template contains only nested or linked templates and does not itself deploy any resources, then you can include up to five resource groups in nested or linked deployments. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-cross-resource-group-deployment

A company is planning on deploying Microsoft Azure resources to a Resource Group (RG). But the resources would belong to different locations. Can you have resources that belong to the same resource group but be in multiple locations?

Yes, because when creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location? And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region. If the resource group's region is temporarily unavailable, you can't update resources in the resource group because the metadata is unavailable.The resources in other regions will still function as expected, but you can't update them.

An IT administrator for a company has been given a powershell script. This powershell script will be used to create several Virtual Machines in Azure. You have to provide a machine to the IT administrator for running the powershell script. You decide to provide a computer that has MacOS and Powershell Core 6.0 installed. Would this solution fit the requirement?

Yes, because you can run PowerShell on Mac OS X. PowerShell is a command-prompt in your terminal window, so to start it: Start the Terminal application, Now you can simply type powershell as a command and this will start the PowerShell engine and move you from the bash prompt ($) to the PowerShell prompt (PS). For more information, please reference: https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.1.0

Your company is planning on hosting resources in Azure. Is it possible for outside users to have access to resources in Azure?

Yes, since Azure has other capabilities in place that can allow other users to access Azure-based resources. For example, Azure has the feature of Azure AD Business to Business collaboration where the users don't have to be defined in Azure. The Microsoft documentation mentions the following on Azure B2B Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization, while maintaining control over your own corporate data. can assign a guest user a user name and give them one time passcode. home>users>all users>new user and then email them invite.

A company is planning on using their Microsoft Azure Free Account for hosting production-based resources. Does the Azure Free Account allow you to host production-based resources?

Yes, the Azure Free Account allows the hosting of up to 10 production resources for free. For more information, please visit: https://azure.microsoft.com/en-us/free/free-account-faq/

A company is planning on moving to Microsoft Azure. The senior management wants to get an idea on the cost that would be incurred when hosting resources in Azure. You recommend using the pricing calculator to get the required costing of the resources. Would this recommendation fit the requirement?

Yes, the pricing calculator allows you to view the price for different sizes and configurations of your Azure Virtual Machines in terms of the machine's CPU, memory, storage, location and hours in use. Microsoft Azure has monthly releases of new updates and new features as well. enterprise, csp-usage used in subscription with partners for pay as you go web direct-pay as you go For more information, please visit: https://azure.microsoft.com/en-us/pricing/calculator/

A company is planning on setting up an Azure account and spinning up resources within their purchased subscription. When it comes to the Service Level Agreement (SLA), does Microsoft ensure a SLA of 99.9% up-time for paid Azure services?

Yes, when it comes to paid Azure services, Microsoft Azure ensures a SLA of 99.9% up-time for paid Azure services.

Your company wants to provision a set of Azure virtual machines. An application will be installed on these virtual machines. The company wants to ensure that the user traffic is distributed across the virtual machines. You decide to use the Azure Load Balancer service for traffic distribution. Would this fulfil the requirement?

Yes-The Azure Load Balancer is the ideal service to use for this scenario. It can be used to distribute traffic to the backend virtual machines.

You are planning on setting up an Azure Free Account. Would the Azure Free Account expire after a specific period of time?

Yes-after duration of 30 days or till 200 usb credit is over, than convert to free subscription to pay as you go subscription

A company has just started using Azure. They have setup resources as part of their subscription. They want to get the current costs being incurred. They decide to use Azure Cost Management to get this information. Would this fulfil the requirement?

Yes-give a cost breakdown for resources in azure. can go to cost analyzsis section

You are planning on setting up an Azure Free Account. Is there a spending limit when it comes to the spending limit for the free account?

Yes-there is a credit of 200 USD which is assigned to the Free account is limited to the first 30 days the account is active. This acts as a spending limit. The Microsoft documentation mentions the following. pay after 30 days-you can continue free products after 30 days using your free products after ou upgrade your account to a pay as you go pricing and remove spending limit. if you stay within the service quantities included for free, you won't have to pay anything. the $200 free credit acts as a spending limit.

A company is planning on using Azure Storage Accounts. They have the following requirement: - Replication of data to another region Do Azure Storage Accounts automatically replicate data to another region?

Yes. When you create a storage account in Azure, the default replication that is chosen is RA-GRS and therefore storage accounts automatically replicate data to another region. Locally redundant storage (LRS): A simple, low-cost redundancy strategy. Data is copied synchronously three times within the primary region. Zone-redundant storage (ZRS): Redundancy for scenarios requiring high availability. Data is copied synchronously across three Azure availability zones in the primary region. Geo-redundant storage (GRS): Cross-regional redundancy to protect against regional outages. Data is copied synchronously three times in the primary region, then copied asynchronously to the secondary region. For read access to data in the secondary region, enable read-access geo-redundant storage (RA-GRS). Geo-zone-redundant storage (GZRS) (preview): Redundancy for scenarios requiring both high availability and maximum durability. Data is copied synchronously across three Azure availability zones in the primary region, then copied asynchronously to the secondary region. For read access to data in the secondary region, enable read-access geo-zone-redundant storage (RA-GZRS).

Which of the following is true when it comes to SaaS (Software as a service)?

You are responsible for configuring the solution because SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization, and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software, and app data are located in the service provider's data center. The service provider manages the hardware and software, and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well. SaaS allows your organization to get quickly up and running with an app at minimal upfront cost.

Security groups

a network security group contains security rules that allow or deny inbound traffic to or outbound traffic from several types of azure resources. for each rule, can specify source, and destination, port, and protocol

accusing azure portal preview

access azure portal provide feedback on new features, performance, navigation, notification, accessibility,improvements

Role based access control

access mgt for cloud resources I critical function in cloud to manage who has access to azure resources, what they can do with those resources and what areas they have access to. built on azure resource manager that provides fine grained access mgt. of azure resources

App service overview

azure app service is an http based service for hosting web apps, rest api's, and mobile back ends. can develop fav language .net, .net core, java, ruby, node.js, php, or python. applications run and scale with ease on both windows and linux based environments. app service not only adds power of azure on app, such as security, load balancing, and autoscaling and automated mgt. you can also use the devop capability like continuous development in azure, devops, GitHub, docker hub, and other sources, package mgt, staging environments, custom domain and ssl certificates

serverless computing

azure functions- infrastructure based on an event azure logic apps-cloud service creativting workflows to integrate apps and systoms azure event grid-fully managed, intelligent event routing service

azure regions

azure offers the scale needed to bring applications closer to users around the world, preserving data residency, and offering comprehensive compliance and reliance options for customers. 54 regions worldwide 140 available in 140 countries

azure sql database

azure sql database is general purpose relational database, provided as a mgt service. with it, you can create a highly available and high performance and data storage layer for the applications and solutions in azure. sql database can be the right choice for a variety of modern cloud apps because it enables you to process both relational data and non relational structures such as graphs, son, spatial and xml.

windows virtual machines in azure

azure vm is one of several types of on demand scalable computing resources that azure offers. typically, you choose a vm when you need more control over the computing environment that the other choices offer. azure vm gives flexibility of virtualization without having to buy and maintain the physical hardware that runs it. however, you still need to maintain vm by performing tasks like configuring, patching, and installing software that runs on it

scale sets

azure vm scale sets let you create and manage group of identical, load balanced vms. the number of vm instances can automatically increase or decrease in response to demand or a defined schedule. scale sets provide high availability to apps, and allow you to centrally manage, configure, and update a large number of vms. with virtual machine scale sets, you can build large scale services for areas such as compute, big data, and container workloads.

Azure load balancer

balance incoming traffic to your vms. public load balancer load balance traffic in a virtual network. can also reach a load balancer front end from an on Prem network in a hybrid synario. internal load balancer. port forward traffic to a specific port on specific VMS with inbound network address translation (nat) rules provide outbound connectivity for vms inside virtual network by using public load balancer.

zones for billing purpose

bandwidth refers to moving in and out azure datacenter. door inbound are free, such as data going into azure datacenter, for output data transfers pricing is based in zones. zone1-westus, east us, west Europe and others zone2-australia central, Japan west, central India, and others zone3-brazil south only de zone 1-includes Germany central and Germany northeast

support plan

basic-all azure accounts)no technical support/operations)

You are trying to understand the different cloud models. Which of the following are advantages of using the private cloud? Choose 2 answers from the options give below

better security, high scalability

You are planning on deploying an Azure virtual machine. Of the following storage services, which is used to store the data disks for the virtual machine?

blob- data disks are stored in blob service of azure storage accounts

storage for general purpose

block blob storage is used for streaming and storing documents, videos, pics, backups and unstructured text or binary data total cost of block blob storage: -volume of data stored per month -quantity and types of operations performed, along with any data transfer costs -data redundancy option selected For more information on Azure BLOB pricing, please visit the below URL https://azure.microsoft.com/en-us/pricing/details/storage/blobs/

blobs

block blobs-store text and binary data up to 4.7 TB. block blobs are made up of block of data that can be managed individually. append blobs-are made up of blocks like block blobs but are optimized for append operations ideal for scenarios like logging data from virtual machines. page blobs- store random access files up to 8 TB in size. page blobs store virtual hard drive files and serve as disks for virtual machines.

devOps service- azure pipelines

build, test and deploy with ci/cd that works with any language, platform , and cloud. connect with GitHub or other git provider to deploy contiously

developer plan

business hour access to support engineers via email

azure active directory

cloud based identify and access mgt service which helps employees sign in and access resources in: external resources like Microsoft office 365, azure portal and other saas applications internal resources-such as apps on your corporate network and intranet along with any cloud apps developed my your own org.

A company has just setup an Azure virtual private connection between their on-premise network and an Azure virtual network. Would the company need to pay additional costs if they transfer several gigabits of data from their on-premise network to Azure?

data transfers to the azure data center are free

pricing

depends -enterpise -csp -web direct factors -resource type -service -region

azure resource manager

deployment and mgt service for azure. it provides a mgt layer that enables you to create, update, and delete resources in your azure subscription. you use mgt. features like access control, locks and tags to secure and organize you're resources after deployment

SLAs

document specific terms that define azure performance standards SLAs define microsfots commitment to an azure service or product individual SLAs are available for each azure product and service SLA also define what happens if a service or product fails to meet the designated avaiabltiy commitments

capital expense reduction and avoidance

driven by refresh cycles or datacenter expansion like new high performance cluster to host a big data solution or data warehouse. there are more common basic refresh cycles. some companies have rigid hardware refresh cycles, meaning assets are retired and replaced on a regular cycle(3,5,8years). these cycles often coincide with asset lease cycles or the forecasted life span of equipment. when a refresh cycles hits, IT draws cap expense to acquire new equipment. if a refresh cycles is approved and budgeted, the cloud transformation could help eliminate cost. if a refresh cycle is planned but not approved, the cloud transformation could avoid a capital expense. both reductions would be added to cost delta.

Azure resource groups

each resource in azure must be in a resource group,. it is a construct that groups multiple resources together so they can be managed by single entity. resources that share a similar lifecycle such as resources for n-tier app may be created/deleted as a group

subscription offers

free pay as you go enterprise agreement student an account can have on subscription or multiple

4 services

free-200 credit, 25 free services, 12 month popular services pay as you go enterprise bizstark-commit ahead of time the amount(cheaper) visual studio pro

Azure HDInsight

full spectrum open source analytics in cloud. can use Hadoop, apache spark, apache hive, clap, apache Kafka, apache storm, r and more.

devOps service- azure repos

get unlimited cloud hosted private git repos and collaborate to build better code with pull requests advanced file mgt.

monitoring applications and serivces

integrate azure monitor and other services to improve capabilities through analyze-use variants of azure monitor for resources(containers, virtual machines, etc.) with azure application insights for applications.) respond-azure alerts can respond proactively to critical conditions identified in your monitor data and use auto scale with azure monitor metrics visualize - use azure monitor data to create interactive visualizations, charts, and tables with power bi integrate- integrate azure monitor with other systems to build customized solutions to suit your needs and requirements

Azure lock

lock resources to prevent unexpected changes lock a subscription, resource group, or resource to prevent anyone in org from accidentaly deleting or modifying critical resources. can set lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively. CanNotDelete- means authorized users can still read and modify a resource, but they can't delete the resource ReadOnly- means authorized users can read a resource, but they can't delete or update the resource. applying the lock is similar to restricting all authorized users the permissions granted by the reader role.

public cloud advantage

low costs-pay only for service used no maintenance-service provider provides maintence -near unlimited scalability- on demand resources are available to meet your business needs high reliability-vast network of servers ensures against failure.

A company is planning on using an Azure storage account. They are planning on provisioning an Azure storage account of the kind "General Purpose v2". Would the company be charged only for the amount of data stored and not for the amount of read and write operations?

no-The cost of Azure storage depends on several factors, and one of them includes the number of read and write operations. The Microsoft documentation mentions the following when it comes to an example of pricing for Block Blob storage.

azure firewall

managed, cloud based network security service that protects azure virtual network resources. it is a fully stateful firewall as a service with built in high availability and unrestricted cloud scalability you can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. azure firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from virtual network. this service is fully integrated with azure monitor for logging and analytics.

mgt. groups

mgt groups can include multiple azure subscriptions subscriptions inherit conditions applied to the mgt. group 10k mgt groups can be supported in single directory. a mgt. group tree can support up to six levels of depth

Advantage of private cloud

more flexibility-your org can customize cloud environment to meet specific business needs improved security-resources are not shared with others, so higher levels of control ad security are possible high scalability-private clouds still afford the scalability and efficiency of public cloud

public cloud

most common way for cloud computing owned and operated by third party cloud service provider and delivered over the internet. azure is an examlple of public cloud public cloud provides all hardware, software, and other supporting infrastructure is owned and managed by cloud provider. in a public cloud, you share the same hardware, software, and network devices with other organization or cloud tenants. you access services and mange account using web browser public cloud deployments are frequently used to provide web based email, online office applications, storage and testing and deployment environment

Your company has just setup an Azure subscription and an Azure tenant. Is it mandatory for the company to implement all Azure security recommendations within a period of 30 days in order to maintain Microsoft support?

no- Microsoft provides the required controls for the customer to implement secure practices for their Azure account. There is no constraint which mentions that you need to implement all security recommendations to maintain Microsoft support The Microsoft documentation gives a briefing on the Shared responsibility model that needs to be understood by the customer

A company currently has the following unused resources as part of their subscription - 10 user accounts in Azure AD - 5 user groups in Azure AD - 10 public IP address - 10 network Interfaces They want to reduce the costs for resources hosted in Azure They decide to remove the user groups from Azure AD Would this fulfil the requirement?

no- When you look at the pricing for Azure Active Directory, you can create 5,00,000 objects as part of the free version. These objects include both users and groups. The Microsoft documentation mentions the following

A company currently has the following unused resources as part of their subscription - 10 user accounts in Azure AD - 5 user groups in Azure AD - 10 public IP address - 10 network Interfaces They want to reduce the costs for resources hosted in Azure They decide to remove the user accounts from Azure AD Would this fulfil the requirement?

no- you can create 5,00,000 objects emit as part of the free version. these objects include both users and groups no object limit for office 365, premium 1, premium 2

Your company is planning on setting up an Azure subscription and an Azure tenant using Azure Active Directory. Would the company need to implement domain controllers on Azure virtual machines to use the Azure AD service?

no-Azure Active Directory is a completely managed service. You don't need to provision any infrastructure to implement Azure Active Directory For more information on Azure Active Directory, please visit the below URL https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

You are planning on setting up an Azure Free Account. By setting up an Azure Free Account, would you only get access to a subset of services?

no-Azure free act provides access to ALL azure products and does not block customers from building ideas into production. azure free act includes certain products and specific quanitities of these products for free. to enable prod scenarios, you may need to use resources beyond the free amount. You are billed for additional resources for the pay as you go rates.

A company is planning on setting up an Azure SQL database. Would the company administrative team have full control over the underlying server hosting the Azure SQL database?

no-The Azure SQL database service is a Platform as a service. Here the underlying infrastructure is completely managed by Azure.

A company is planning on deploying a web application to the Azure Web App service. Would the company administrative team have full control over the underlying machine hosting the web application?

no-The Azure Web App service is Platform as a service. Here the underlying infrastructure is completely managed by Azure.

A company is planning on setting up a string of Azure Storage Accounts. Is the transfer of data between Azure storage accounts in different Azure regions free of cost?

no-all cross regional data transfers are subjected to costs

A company is planning on storing 1 TB of data in Azure BLOB storage. Would the cost of data storage be the same regardless of the region the data is stored in?

no-for azure blob storage, there is a selector for the region, and the cost depends on the region the blob is located in

A company is planning on using Network Security Groups. Could network security groups be used to encrypt all network traffic sent from Azure to the Internet?

no-network security groups are used to restrict inbound and outbound traffic. it can't be used to encrypt traffic

A company has just started using Azure. They have setup resources as part of their subscription. They want to get the current costs being incurred. They decide to use the TCO calculator to get this information. Would this fulfill the requirement?

no-tco calculator is used to realize the costs when you move your current infrastructure to azure. workloads.

A company currently has the following unused resources as part of their subscription - 10 user accounts in Azure AD - 5 user groups in Azure AD - 10 public IP address - 10 network Interfaces They want to reduce the costs for resources hosted in Azure They decide to remove the network interfaces from Azure AD Would this fulfil the requirement?

no-there is no price for network interfaces, so this would not help reduce the cost

Your company is planning on setting up an Azure subscription and an Azure tenant using Azure Active Directory. Is it true that multiple licenses cannot be assigned to a single user in Azure Active Directory ?

no-you can assign multiple licenses for a user in azure active directory. can assign a license depending on what licenses have been purchased.

hybrid cloud

on Prem or private clouds mixed with public clouds so orgs can reap the advantages of both. in hybrid, the data and apps can move between private and public clouds for greater flexibility and more deployment options. for instance, you can use the public cloud for high volume, lower security needs such as web based email and the private cloud for sensitive business critical operation like financial reporting. cloud bursting is also an option when an application or resource runs in the private cloud until there is a spike in demand(seasonal online shopping or tax filing) which org can burst through to the public cloud to tap into additional computing resources.

Shared responsibility model

on Prem you own whole stack but moving to cloud, some responsibilities transfer. -always retained by customer is data gov rights and client endpoints and account access mgt. -varies by service-identity directly infrastructure, application, network controls, operating systems -transfers to cloud provider- physical hosts, physical network, physical datacenter

networking layer

only permits traffic to pass between networked resources with network security groups inbound and outbound rules

A company is planning on moving some of their on-premise resources to Azure. They have to provide a business justification for moving to Azure. They have to classify expenses as part of the business justification. Which category would the following expense come under? "Cooling expenses

operating expenditure

A company is planning on moving some of their on-premise resources to Azure. They have to provide a business justification for moving to Azure. They have to classify expenses as part of the business justification. Which category would the following expense come under? "Software Licensing"

operating expenditure

minimize costs

perform-azure pricing and tco calculators/price analysis monitor- monitor usage with azure advisor. implement recommendations use-use spending lints. use via free trial customers and some credit based subscriptions use-use azure reservaitions and azure hybrid benefit(hub) choose-choose low cost locations and regions keep-keep uo to date with azure customer and subscriptions offers apply-apply tags to identify cost owners. identify usage owners with tags

azure devops service

pipeline, git repositories, kanban board, load testing

3 types of cloud

public-google,azure, etc. private-on prem, your data center, fun responsibility hybrid-combo of two, certain compliance may not move to cloud

Azure DevTest lab

quick provision development and test environments minimize waste with quota and policies set automated shutdowns to minimize costs build windows and linuzx environments.

azure app service

quickly build apps on device in multiple language, devops optimization, glob scale and high availability, connections to sas platform and on Prem, security and compliance, application templates, visual studio integration api mobile features, and server less code

azure detest labs

quickly create environment, control costs

operational cost reductions

recurring expenses required to operate business are often called operating expenses. software licensing hosting expenses electric bills real estate rentals cooling expenses temporary staff required for operations equipment rentals replacement parts maintenence contracts repair services business continuity and disaster recovery(BCDR) other expenses that don't require capital expense approvals.

geography

regions(collection of data centers and there are 16 data centers) -some regions have different hardware that is newer so make sure the region chosen has features cost- what is closest for users latency-location region pair-300 miles apart so if one goes down there is a back up. updates on a different pair at different times

VPN gateway

special virtual network gateway used to send encrypted traffic between azure virtual network and on pet over public internet. can also use it to send encrypted traffic within azure virtual networks over the Microsoft network. each virtual network can only have one vpn gateway. can create multiple connections to the same vpn gateway. when you create multiple connections to shame vpn gateway, all vpn tunnels share the available gateway bandwidth.

azure firewall

stateful, managed, firewall as a service(FaaS) that grants/denies server access based on originating IP address, to protect network resources. applies inbound and output traffic filter rules built in high availbilty unrestricted cloud scalability uses azure monitor logging azure application gateway also applies firewall, web application firewall(WAF). WAF provides centralized inbound protection for web applications.

azure key vault

stores application secrets in a centralized cloud location to securely control access permissions and access logging secrets management key management certificate mangement stroring secrets backed by hardware security modules (Hsm)

multi factor authentication

two step verification lies in its layer approach. compromising multiple authentication factorssents a significant challenge for attackers. even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. it works by requiring two or more of the following authentication methods. something you know(a password) something you have(device not easily duplicated like a phone) something you are(biometrics)

blob service

unstructured files-containers focus on one app

monitoring service and feature updates

view updates and search for updates, subscripts to azure update notifications by RSS

Your company plans to purchase Azure. The company's support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement. Solution: Recommend a Standard support plan. Does this meet the goal?

yes- 24/7 access to email and phone

A company is planning on deploying an Azure Windows Server 2016 virtual machine. Could the virtual machine be used to encrypt all traffic from the virtual machine itself to a host on the Internet?

yes- Correct Answer - A You can install roles such as the Remote Access Server for VPN to ensure traffic is encrypted when it flows out of the server. An example in the Microsoft documentation is given via the below URL https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-ras

A company is planning on setting up an Azure Virtual machine. Would the company administrative team have full control over the underlying virtual machine to install an application

yes- The Azure virtual machine service is an Infrastructure as a service. Here you can install applications on the underlying virtual machine.

Your company is planning on setting up an Azure subscription and an Azure tenant using Azure Active Directory. Does Azure Active Directory provide authentication services for services hosted in Azure and Microsoft Office 365?

yes-You can use Azure Active Directory to authenticate to both Azure based resources and also to Microsoft office 365

network security groups

you can filter network traffic to and from azure resources in an azure virtual network with a network security group. a network security group contains security rules that allow or deny inbound network traffic to or output network traffic from, several types of azure resources. for each rule, you can specify source and destination, port and protocol. For more information on the Azure network security, please visit the below URL https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

A company is planning on setting up a solution within Microsoft Azure. The solution would have the following key requirement: - Give the ability to detect and diagnose anomalies in web apps Which of the following would be best suited for this requirement?

. Azure Application Insights a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and Java EE, hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center. For more information, please visit:

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Provide a cloud service that helps to transform data and provide valuable insights on the data itself Which of the following would be best suited for this requirement? · ​

. Azure Data Lake Analytics is correct because Azure Data Lake Analytics is a distributed, cloud-based data processing architecture offered by Microsoft in the Azure cloud. It is based on YARN, the same as the open-source Hadoop platform. It pairs with Azure Data Lake Store, a cloud-based storage platform designed for Big Data analytics.

A company is planning on hosting a set of resources in Microsoft Azure. They want to protect their resources against DDoS attacks and also get real time attack metrics. Which of the following should the company select to meet this requirement?

. DDoS Protection Standard is correct because DDoS Standard Protection provides additional mitigation capabilities over the Basic service tier that are tuned specifically to Azure Virtual Network resources. DDoS Protection Standard is simple to enable, and requires no application changes. Protection policies are tuned through dedicated traffic monitoring and machine learning algorithms. Policies are applied to public IP addresses associated to resources deployed in virtual networks, such as Azure Load Balancer, Azure Application Gateway, and Azure Service Fabric instances, but this protection does not apply to App Service Environments. Real-time telemetry is available through Azure Monitor views during an attack, and for history. Rich attack mitigation analytics are available via diagnostic settings. Application layer protection can be added through the Azure Application Gateway Web Application Firewall or by installing a 3rd party firewall from Azure Marketplace. Protection is provided for IPv4 and IPv6 Azure public IP addresses.

A company is planning on hosting solutions within Microsoft Azure Cloud. They need to implement MFA for identities hosted in Microsoft Azure. There are only two valid ways of authentications for MFA as listed below: - Picture Identification - Passport Number Is the above true or false?

. False because the security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods: Something you know (typically a password) Something you have (a trusted device that is not easily duplicated, like a phone) Something you are (biometrics)

You are working on understanding all the key terms when it comes to International standards, data privacy and data protection policies. Which of the following pertains to the following? "A European policy that regulates data privacy and data protection"

. GDPR is correct because GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy. For more information, please visit: https://azure.microsoft.com/en-us/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/

A company is planning on using an entire suite of Microsoft products within Microsoft Azure. Which of the following belongs to the category of Software-as-a-Service (SaaS)? · ​

. Microsoft Office 365, is the correct answer because Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet. SaaS is one of three main categories of cloud computing, alongside infrastructure as a service (IaaS) and platform as a service (PaaS). Office 365 is SaaS, which provides an online version of MS Office Suite (Office Web Apps) along with SharePoint Server, Exchange Server and Lync Server. Windows Azure is both IaaS and PaaS, which makes the Windows Server operating system and other features available as services.

A (fill in the blank) cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

A. Hybrid, A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them. When computing and processing demand fluctuates, hybrid cloud computing gives businesses the ability to seamlessly scale their on-premises infrastructure up to the public cloud to handle any overflow—without giving third-party datacenters access to the entirety of their data. Organizations gain the flexibility and computing power of the public cloud for basic and non-sensitive computing tasks, while keeping business-critical applications and data on-premises, safely behind a company firewall.

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Provide a service for hosting a web application Which of the following would be best suited for this requirement?

Azure App Service is the correct answer because an Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.

Azure Application Gateway

Azure Application Gateway is incorrect because an Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port. With Azure Application Gateway, you can make routing decisions based on additional attributes of an HTTP request, such as URI path or host headers.

Azure App Service

Azure App Service is a fully managed "Platform as a Service" (PaaS) that integrates Microsoft Azure Websites (hosting of web-based applications), Mobile Services, and BizTalk Services into a single service, adding new capabilities that enable integration with on-premises or cloud systems. More for information, please visit:

Azure App Service

Azure App Service is a fully managed "Platform as a Service" (PaaS) that integrates Microsoft Azure Websites (hosting of web-based applications), Mobile Services, and BizTalk Services into a single service, adding new capabilities that enable integration with on-premises or cloud systems. More for information, please visit: https://docs.microsoft.com/en-us/azure/app-service/

Azure App Service

Azure App Service is incorrect because an Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.

Azure Application Insights

Azure Application Insights is a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for web developers on multiple platforms. Use it to monitor your live web application. It will automatically detect performance anomalies. It includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app. It's designed to help you continuously improve performance and usability. It works for apps on a wide variety of platforms including .NET, Node.js and Java EE, hosted on-premises, hybrid, or any public cloud. It integrates with your DevOps process, and has connection points to a variety of development tools. It can monitor and analyze telemetry from mobile apps by integrating with Visual Studio App Center. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-monitor/app/cloudservices

Azure Data Lake Analytics

Azure Data Lake Analytics is incorrect because Azure Data Lake Analytics is a distributed, cloud-based data processing architecture offered by Microsoft in the Azure cloud. It is based on YARN, the same as the open-source Hadoop platform. It pairs with Azure Data Lake Store, a cloud-based storage platform designed for Big Data analytics.

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Gives the ability to host a big data analysis service for machine learning Which of the following would be best suited for this requirement?

Azure Databricks are an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Designed with the founders of Apache Spark, Databricks is integrated with Microsoft Azure to provide one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data scientists,

Azure Databricks

Azure Databricks are an Apache Spark-based analytics platform optimized for the Microsoft Azure cloud services platform. Designed with the founders of Apache Spark, Databricks is integrated with Microsoft Azure to provide one-click setup, streamlined workflows, and an interactive workspace that enables collaboration between data scientists, data engineers, and business analysts as well as giving the ability to host and analyze services for machine learning. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-databricks/

You are working on understanding all the key terms when it comes to International standards, data privacy and data protection policies. Which of the following pertains to the following? "A dedicated public cloud for federal and state agencies in the United States"

Azure Government is correct because Azure Government delivers a dedicated cloud enabling only US government agencies and their partners to transform mission-critical workloads to the cloud. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated data-centers and networks.

Azure Logic Apps

Azure Logic Apps are a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. For more information, please visit: https://docs.microsoft.com/en-us/azure/logic-apps/

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Provides a platform for creating workflows Which of the following would be best suited for this requirement?

Azure Logic Apps is correct because Azure Logic Apps are a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. For more information, please visit: https://docs.microsoft.com/en-us/azure/logic-apps/

A company wants to deploy an Artificial Intelligence solution in Microsoft Azure. The development team wants to have a solution in place that can be used to build, test, and deploy predictive analytics solutions. Which of the following solutions would satisfy this purpose?

Azure Machine Learning Studio There are 2 context clues in this question that should be noted, the first being, "deploy an Artificial Intelligence solution..." and the second clue being "...wants to have a tool in place that can be used to build, test, and deploy predictive analytics solutions." Azure Machine Learning Studio is a collaborative, drag-and-drop tool you can use to build, test, and deploy predictive analytics solutions on your data. Machine Learning Studio publishes models as web services that can easily be consumed by custom applications or BI tools.

A company wants to provision a solution within Microsoft Azure with the following requirements: - Provision a WordPress solution - Host the solution on a Virtual Machine Which of the following could be used to quickly deploy the above solutions? · ​

Azure Marketplace is the correct answer because the Azure Marketplace is an online store that offers applications and services either built on or designed to integrate with Microsoft's Azure public cloud. Such solutions include Virtual Machines, developer services, API apps, Azure AD applications, web applications (such as WordPress), data services,and Microsoft Dynamics solutions.

A company has several on-premise computers that run Windows 10. They want to map a network drive from these machines onto Microsoft Azure Storage. Which of the following solutions would best fulfill this requirement?

Azure Storage account - File service is the correct answer as Microsoft's Azure Storage accounts are a cloud storage solution for modern data storage scenarios. Azure Storage offers a massively scalable object store for data objects, a file system service for the cloud, a messaging store for reliable messaging, and a NoSQL store. Azure Storage is durable and highly available, secure, scalable, managed, and accessible. Azure SQL Database is incorrect because it is a general-purpose relational database, provided as a managed service. With it, you can create a highly available and high-performance data storage layer for the applications and solutions within Azure. SQL Database can be the right choice for a variety of modern cloud applications because it enables you to process both relational data and non-relational structures, such as graphs, JSON, spatial, and XML. Azure SQL Data Warehouse (now known as Azure Synapse) is incorrect because it is a limitless analytics service that brings together enterprise data warehousing and Big Data analytics. It gives you the freedom to query data on your terms, using either server-less on-demand or provisioned resources—at scale. Azure Storage account - BLOB service is incorrect because Blob storage is Microsoft's object storage solution for the cloud. Blob storage is optimized for storing massive amounts of unstructured data, such as text or binary data. This solution is ideal for serving images or documents directly to a browser, storing files for distributed access, streaming video and audio, storing data for backup and restore, disaster recovery, archiving, and lastly storing data for analysis by an on-premises or Azure-hosted service.

A company wants to implement an IoT solution service available in Microsoft Azure. Which of the following would meet the below requirement? "Helps provide powerful data exploration and telemetry tools to help refine operational analysis

Azure Time Series Insights is correct because Azure Time Series Insights is a fully managed analytics, storage, and visualization service that makes it simple to explore and analyze billions of IoT events simultaneously. It gives you a global view of your data, which lets you quickly validate your IoT solution and avoid costly downtime to mission-critical devices. For more information, For more information, please visit: https://docs.microsoft.com/en-us/azure/time-series-insights/time-series-insights-explorer

Azure Time Series Insights

Azure Time Series Insights is incorrect because Azure Time Series Insights is a fully managed analytics, storage, and visualization service that makes it simple to explore and analyze billions of IoT events simultaneously. It gives you a global view of your data, which lets you quickly validate your IoT solution and avoid costly downtime to mission-critical devices. For more information, please see:

Azure Time Series Insights

Azure Time Series Insightsis incorrect because Azure Time Series Insights is a fully managed analytics, storage, and visualization service that makes it simple to explore and analyze billions of IoT events simultaneously. It gives you a global view of your data, which lets you quickly validate your IoT solution and avoid costly downtime to mission-critical devices. For more information, please see

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Provide a solution to host and manage a group of identical Virtual Machines Which of the following would be best suited for this requirement? · ​

Azure Virtual Machine Scale Sets are identical pools of virtual machines running some application you control. Azure provides tools for you to build and configure the VM's the way you want it, then create or remove instances of it until you have as many, or as few, as you need at any point in time.

Azure Virtual Machine Scale Set

Azure Virtual Machine Scale Sets is incorrect because Azure Virtual Machine Scale Sets are identical pools of virtual machines running some application you control. Azure provides tools for you to build and configure the VM the way you want it, then create or remove instances of it until you have as many, or as few, as you need at any point in time.

Azure Virtual Machine Scale Sets

Azure Virtual Machine Scale Sets is incorrect because Azure Virtual Machine Scale Sets are identical pools of virtual machines running some application you control. Azure provides tools for you to build and configure the VM the way you want it, then create or remove instances of it until you have as many, or as few, as you need at any point in time.

Azure virtual network gateway

Azure Virtual Network Gateway is incorrect because an Azure Virtual Network Gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

Azure Virtual Network

Azure Virtual Network is incorrect because Azure Virtual Networks are a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. Each VNet you create has its own CIDR block and can be linked to other VNets and on-premises networks as long as the CIDR blocks do not overlap.

A company is planning on setting up a solution in Microsoft Azure. The solution would have the following key requirement: - Provide an isolated environment for hosting of Virtual Machines Which of the following would be best suited for this requirement

Azure Virtual Network is the correct answer because Azure Virtual Networks are a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription where hosting of isolated Virtual Machines is possible. Each VNet you create has its own CIDR block and can be linked to other VNets and on-premises networks as long as the CIDR blocks do not overlap.

DDoS Protection Basic

DDoS Protection Basic is incorrect because Basic DDos protection is automatically enabled as part of the Azure platform. Always-on traffic monitoring, and real-time mitigation of common network-level attacks, provide the same defenses utilized by Microsoft's online services. The entire scale of Azure's global network can be used to distribute and mitigate attack traffic across regions. Protection is provided for IPv4 and IPv6 Azure public IP addresses. For more information, please visit: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

DNS zone

DNS Zone is incorrect because a DNS zone is a data resource that contains the DNS records for a domain name. You can use Microsoft Azure DNS to host a DNS zone and manage the DNS records for a domain within Microsoft Azure.

A company wants to host a mission critical application on a set of Virtual Machines within Microsoft Azure. They want to ensure they can setup the infrastructure in Azure to guarantee the maximum possible up time for the application. Which of the following can you make use of in Azure to fulfill this requirement? Choose 2 answers from the options given below

Explanation B & C are correct, Availability Zones and Availability Sets. An Availability Zone is a high-availability offering that protects your applications and data from data-center failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more data-centers equipped with independent power, cooling, and networking For more information, please visit: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview An Availability Set is a logical grouping capability for isolating VM resources from each other when they're deployed. Azure makes sure that the VMs you place within an Availability Set run across multiple physical servers, compute racks, storage units, and network switches. For more information, please visit: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/tutorial-availability-sets

A company wants to host an application on a set of Virtual Machines. The application must be made available 99.99% of the time. In order to comply with the SLA requirement, what is the minimum number of Virtual Machines required to ensure 99.99% up time to host the application?

Explanation B. 2 Virtual Machines is the correct answer because Microsoft Azure's SLA for all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, Microsoft guarantees you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time. For more information, please visit:

A company has 100 machines in their on-premise environment. They want to extend their infrastructure without using too much extra capital or increasing their operational expenditures. Which of the following could they opt to carry out for this requirement?

Explanation C. Have a hybrid architecture is the correct answer because a hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them. When computing and processing demand fluctuates, hybrid cloud computing gives businesses the ability to seamlessly scale their on-premises infrastructure up to the public cloud to handle any overflow—without giving third-party datacenters access to the entirety of their data. Organizations gain the flexibility and computing power of the public cloud for basic and non-sensitive computing tasks, while keeping business-critical applications and data on-premises, safely behind a company firewall. This architecture can also be utilized by companies interested in expanding to the cloud gradually if their heavily invested with on-premise infrastructure.

You are working on understanding all the key terms when it comes to International standards, data privacy and data protection policies. Which of the following pertains to the following? "An organization that defines standards used by the United States government"

Explanation C. NIST is correct because NIST, National Institute of Standards and Technology (is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement. For more information, please visit:

A company needs a list of planned maintenance events that could possibly affect the availability of their Microsoft Azure subscription. Which of the following would help them achieve this requirement?

Help + Support is the correct answer as it will showcase maintenance events that can affect the availability of a Microsoft Azure subscription.

You are working on understanding all the key terms when it comes to International Standards, data privacy and data protection policies. Which of the following choices pertains to the following? "An organization that defines international standards across all industries"

ISO is the correct answer because ISO, International Organization for Standardization, is an organization defines international standards across all industries. For more information, please visit: https://docs.microsoft.com/en-us/microsoft-365/compliance/offering-iso-27001

IoT Central

IoT Central is incorrect because IoT Central is an app platform that reduces the burden and cost associated with developing, managing, and maintaining enterprise-grade IoT solutions. Choosing to build with Azure IoT Central gives you the opportunity to focus your time, money, and energy on transforming your business with IoT data, rather than just maintaining and updating a complex and continually evolving IoT infrastructure. The easy-to-use interface makes it simple to monitor device conditions, create rules, and manage millions of devices and their data throughout their life cycle. Furthermore, it enables you to act on device insights by extending IoT intelligence into line-of-business applications. For more information, please visit: https://docs.microsoft.com/en-us/azure/iot-central/core/overview-iot-central

IoT Central

IoT Central is incorrect because IoT Central is an app platform that reduces the burden and cost associated with developing, managing, and maintaining enterprise-grade IoT solutions. Choosing to build with Azure IoT Central gives you the opportunity to focus your time, money, and energy on transforming your business with IoT data, rather than just maintaining and updating a complex and continually evolving IoT infrastructure.The easy-to-use interface makes it simple to monitor device conditions, create rules, and manage millions of devices and their data throughout their life cycle. Furthermore, it enables you to act on device insights by extending IoT intelligence into line-of-business applications.

A company wants to implement an IoT solution service available in Microsoft Azure. Which of the following would meet the below requirement? "Used to analyze data on end user devices".

IoT Edge is correct because it moves cloud analytics and custom business logic to devices so that your organization can focus on business insights instead of data management. Scale out your IoT solution by packaging your business logic into standard containers, then you can deploy those containers to any of your devices and monitor it all from the cloud. Analytics drives business value in IoT solutions, but not all analytics needs to be in the cloud. If you want to respond to emergencies as quickly as possible, you can run anomaly detection workloads at the edge. If you want to reduce bandwidth costs and avoid transferring terabytes of raw data, you can clean and aggregate the data locally then only send the insights to the cloud for analysis. Azure IoT Edge is made up of three components: IoT Edge modules are containers that run Azure services, third-party services, or your own code. Modules are deployed to IoT Edge devices and execute locally on those devices. The IoT Edge runtime runs on each IoT Edge device and manages the modules deployed to each device. A cloud-based interface enables you to remotely monitor and manage IoT Edge devices. For more information, please see: https://docs.microsoft.com/en-us/azure/iot-edge/about-iot-edge

A company wants to implement an IoT solution service available in Microsoft Azure. Which of the following would meet the below requirement? "Monitor and control billions of Internet of Things (IoT) assets".

IoT Hub is correct because an IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution back end. You can connect virtually any device to IoT Hub. For more information, please visit: https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub

IoT Hub

IoT Hub is incorrect because an IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution back end. You can connect virtually any device to IoT Hub.

A company wants to implement an IoT solution service available in Microsoft Azure. Which of the following would meet the below requirement? "Provides a fully managed SaaS (software-as-a-service) solution that makes it easy to connect, monitor and manage IoT assets at scale".

Iot Central

A company has a VPN device that will be used as Site-to-Site connection from Microsoft Azure to their on-premise location. Which of the following would be used to represent the VPN device?

Local Network Gateway is the correct answer because a Local Network Gateway represents the hardware or software VPN device in your local network. Use this with a connection to set up a Site-to-Site VPN connection between an Azure virtual network and your local network. There are no additional charges for creating local network gateways in Microsoft Azure.

NIST

NIST is incorrect because NIST, National Institute of Standards and Technology (is a physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include nanoscale science and technology, engineering, information technology, neutron research, material measurement, and physical measurement.

A company wants to host a set of tables within Microsoft Azure. They want absolutely zero administration of the underlying infrastructure and low latency access to data. You recommend using the Azure App service. Would this fulfill this requirement?

No is the correct answer because an Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo. For more information, please visit: https://docs.microsoft.com/en-us/azure/app-service/

A company wants to migrate some scripts to Microsoft Azure. They want to make use of the serverless features available in Azure. They decide to use the Azure Virtual Machine service. Would this service meet the requirement?

No this service does not meet the requirement, Azure Virtual Machine service is incorrect because an Azure Virtual Machine service is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. An Azure VM gives the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it.

A company has a set of resources deployed to Microsoft Azure. They want to make use of the Azure Advisor tool. Would the Azure Advisor tool give recommendations on how to improve the security of the Azure AD environment?

No, because Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost-effectiveness, performance, high availability, and security of your Azure resources. Advisor does not provide "security" recommendation to Azure AD alone. It integrates with "Security Center" for recommendations. For more information, please visit: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations

A company wants to migrate some scripts to Microsoft Azure. They want to make use of the serverless features available in Azure. They decide to use the Azure Content Delivery Network service. Would this service meet the requirement?

No, is the correct answer because Azure Content Delivery Network (CDN) lets you reduce load times, save bandwidth, and speed responsiveness—whether you're developing or managing websites or mobile apps, or encoding and distributing streaming media, gaming software, firmware updates, or IoT endpoints.

A company is planning on deploying resources to a Resource Group (RG) within Microsoft Azure. The company is planning on assigning tags to the Resource Groups. Would the resources in the Resource Group (RG) also inherit the same tags?

No, resources in the Resource Group (RG) will not inherit the same tags because you apply tags to your Azure resources giving metadata to logically organize them into a taxonomy. Each tag consists of a name and a value pair. For example, you can apply the name "Environment" and the value "Production" to all the resources in production. After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management. It is important to note that Tags applied to the resource group are not inherited by the resources in that resource group. For more information, please visit: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags

A company wants to try out a couple of Microsoft Azure services which are available in public preview. Is it true that services in public preview can only be used via the Azure CLI interface?

No, this is incorrect, all public preview services can be used via all user interfaces, not only the Azure CLI. A service in Public Preview means that the service is in public beta and can be tried out by anyone with an Azure subscription. You can often use these services at a discount as long as they are in preview.

Private Cloud

Private clouds consists of computing resources used exclusively by one business or organization. The private cloud can be physically located at your organization's on-site datacenter, or it can be hosted by a third-party service provider. But in a private cloud, the services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to your organization. In this way, a private cloud can make it easier for an organization to customize its resources to meet specific IT requirements. Private clouds are often used by government agencies, financial institutions, any other mid- to large-size organizations with business-critical operations seeking enhanced control over their environment.

Public Cloud

Public clouds are the most common way of deploying cloud computing. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. Microsoft Azure is an example of a public cloud. With a public cloud, all hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. In a public cloud, you share the same hardware, storage, and network devices with other organizations or cloud "tenants." You access services and manage your account using a web browser. Public cloud deployments are frequently used to provide web-based email, online office applications, storage, and testing and development environments.

Security vs. Configuration

Security is incorrect because the Security tab is designed to implement means to protect data, apps, and infrastructure quickly with built-in security services in Microsoft Azure that include unparalleled security intelligence to help identify rapidly evolving threats early—so you can respond quickly. One could implement a layered, defense in-depth strategy across identity, data, hosts, and networks or unify security management and enable advanced threat protection across hybrid cloud environments. Configuration is incorrect because configuration is an Azure service that allows users to manage configuration within the cloud. Users can create App Configuration stores to store key-value settings and consume stored settings from within applications, deployment pipelines, release processes, microservices, and other Azure resources.

A company has a set of IT engineers that are responsible for implementing and managing the resources within their Microsoft Azure account. The IT engineers have a set of on-premise workstations that have the following different types of operating systems: - Windows 10 - MacOS - Ubuntu Which of the following tools can you use on the Ubuntu machines?

The Azure CLI, Azure Powershell and Azure Portal are all correct because all three interfaces can be used on Ubuntu. It is important to know Ubuntu is a flavor of the Linux operating system. The Azure Command Line Interface (CLI) provides a command line and scripting environment for creating and managing Azure resources. The Azure CLI is available for macOS, Linux, and Windows operating systems. Azure Powershell can be installed on any Linux distro through modules using PowerShellGet. Azure Portal can be accessed from Ubuntu's web browser of choice (Chromium, Chrome, Firefox, Midori, Opera, Vivaldi, Qupzilla, and Brave are just a few examples of such browsers).

A company has a set of IT engineers that are responsible for implementing and managing the resources in their Microsoft Azure account. The IT engineers have a set of on-premise workstations that have the following different types of operating systems: - Windows 10 - MacOS - Ubuntu Which of the following user interfaces can you use on the Windows 10 machines?

The Azure CLI, Azure Powershell and Azure Portal are all correct because all three user interfaces work on Windows 10. The Azure Command Line Interface (CLI) provides a command line and scripting environment for creating and managing Azure resources. The Azure CLI is available for macOS, Linux, and Windows operating systems. Azure PowerShell is basically an extension of Windows PowerShell. It lets Windows PowerShell users control Azure's robust functionality. From the command line, Azure PowerShell programmers use preset scripts called cmdlets to perform complex tasks like provisioning virtual machines (VMs) or creating cloud services. Azure Portal is a platform provided by Microsoft for its Azure clients where they can see, manage and buy the services offered by Azure. To access this user interface, visit https://portal.azure.com/. Powershell itself is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language. For more information on Azure CLI please visit: https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli?view=azure-cli-latest For more information on Azure Cloud Shell please visit: https://docs.microsoft.com/en-us/azure/cloud-shell/overview?view=azure-cli-latest For more information on Azure Portal please visit: https://azure.microsoft.com/en-us/features/azure-portal/

A company has a set of IT engineers that are responsible for implementing and managing the resources in their Microsoft Azure account. The IT engineers have a set of on-premise workstations that have the following different types of operating systems: - Windows 10 - macOS - Ubuntu

The Azure CLI, Azure Powershell and Azure Portal is the correct answer. The Azure CLI for the macOS platform, can be installed via the Homebrew package manager. Homebrew makes it easy to keep your installation of the CLI update to date. Azure Powershell can be installed on a macOS machine using PowerShell Core. Azure Portal can installed on any macOS machcine by installing the proper SDKs. For more information on Azure CLI please visit: https://docs.microsoft.com/en-us/cli/azure/get-started-with-azure-cli?view=azure-cli-latest For more information on Azure Cloud Shell please visit: https://docs.microsoft.com/en-us/azure/cloud-shell/overview?view=azure-cli-latest For more information on Azure Portal please visit: https://azure.microsoft.com/en-us/features/azure-portal/

A company wants to host a set of tables in Microsoft Azure. They want absolutely zero administration of the underlying infrastructure and low latency access to data. You recommend using the SQL Database service. Would this meet the requirement?

YES, It is fully managed by Azure and therefore it does not entail any administration activities from user end move data from on Prem directly into service with remade sql service. depending how the app uses the data you may need to change endpoint https://docs.microsoft.com/en-us/azure/sql-database/sql-database-paas-index

A company wants to host a set of tables within Microsoft Azure. They want absolutely zero administration of the underlying infrastructure and low latency access to data. You recommend using the CosmosDB service. Would this meet the requirement?

Yes is correct because Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide. You can elastically scale throughput and storage, and take advantage of fast, single-digit-millisecond data access using your favorite API including SQL, MongoDB, Cassandra, Tables, or Gremlin. Cosmos DB provides comprehensive service level agreements (SLAs) for throughput, latency, availability, and consistency guarantees, something no other database service offers.

A company has a set of resources deployed to Microsoft Azure. They want to make use of Microsoft Azure Advisor solution. Would the Microsoft Azure Advisor solution give recommendations on how to reduce the cost of running Microsoft Azure Virtual Machines?

Yes, Microsoft Azure Advisor would give recommendations on how to reduce the cost of running Microsoft Azure Virtual Machines. Azure Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration usage, telemetry, and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources. Azure Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, SQL Data Warehouse, SQL servers, storage accounts, Traffic Manager profiles, and virtual machines Under advisor in search bar can create operational excellence alert. you can create an action group, set action type to email and email to certain indivdiauls. .

A company is planning on setting up a Pay-as-You-Go subscription within Microsoft Azure. Would the company have access to the MSDN support forums?

Yes, because Microsoft Windows MSDN forums is a free online community support outlet for Windows Azure. You can find specific forum topics and questions other Azure users have or post your own for guidance on a subject to get answers from Microsoft engineers and members within the Azure community. You get access to MSDN forums with all 5 support plans (Basic, Developer, Standard, Professional Direct, & Premier as show in the visual below:

A company wants to migrate some scripts to Microsoft Azure. They want to make use of the serverless features available in Azure. They decide to use the Azure Functions service. Would this service meet the requirement?

Yes, is the correct answer. Azure Functions is a server-less compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure. You can write just the code you need for the problem at hand, without worrying about a whole application or the infrastructure to run it. Functions can make development even more productive, and you can use your development language of choice, such as C#, Java, JavaScript, PowerShell, and Python. Pay only for the time your code runs and trust Azure to scale as needed. Azure Functions lets you develop server-less applications on Microsoft Azure.

Resource Groups

are incorrect because Resources Groups are logical collections of virtual machines, storage accounts, virtual networks, web apps, databases, and/or database servers. Typically, users will group related resources for an application, divided into groups for production and non-production — but you can subdivide further as needed.

A company is planning on using an Azure App Service to host their set of web applications utilizing the Platform-as-a-Service (PaaS) cloud computing model. In the PaaS model, does Microsoft Azure provide full control over the operating system that hosts the web applications?

because in a Platform-as-a-Service (PaaS) cloud computing model, Microsoft Azure has full control over the physical data center, networking, firewalls/security, servers, storage, operating systems, development tools, database management tools and business analytics. don't worry about operations, and only worry about developing app. In an Infrastructure -as-a-Service (IaaS) cloud computing model, Microsoft Azure only has full control over the physical data center, networking, firewalls/security, servers, and storage, but not the operating systems, development tools, databases, or applications. The below visual illustrates this concept, as you can see with SaaS (Software-as-a-Service), Microsoft Azure has full control over everything, you would need to simply choose or provide the application solution.

Azure App Service

enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repository, so this option is not correct.

Capital Expenditures (CapEx)

generate benefits over a long period. These expenditures are generally nonrecurring and result in the acquisition of permanent assets. Some examples include physical buildings, office equipment, computers, servers, software, essentially any asset that is expected to provide utility to a business.

Azure Batch

is a cloud based job scheduling and compute management platform that enables running large-scale parallel high performance computing applications efficiently in the cloud. Azure Batch Service provides job scheduling, automatically scaling, and managing virtual machines running those jobs.

Azure Logic Apps

is a cloud service that helps you schedule, automate, orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. a point comes in and makes a decision.

Access Control (IAM)

is incorrect because Access Control (IAM) is the blade that you use to manage access to Azure resources. It's also known as identity and access management and appears in several locations in the Azure portal.

Azure Web Apps

is incorrect because Azure App Service supports applications defined by Azure as "Web Apps", "Mobile Apps", "API Apps", and "Logic Apps". Azure Cloud Services is a platform that allows developers access to the underlying virtual machines and still manages the application container and deployment automatically.

Azure Policy

is incorrect because Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies.

GDPR

is incorrect because GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

Microsoft Azure Active Directory

is incorrect because Microsoft Azure Active Directory is a comprehensive identity and access management cloud solution that combines core directory services, application access management, and advanced identity protection.

Resource Groups

is incorrect because Resource groups (RG) in Azure is a new approach to group a collection of assets in logical groups for easy or even automatic provisioning, monitoring, and access control, and for more effective management of their costs.

Azure Virtual Machine Service

is incorrect because an Azure Virtual Machine service is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. An Azure VM gives you the flexibility of virtualization without having to buy and maintain the physical hardware that runs it. However, you still need to maintain the VM by performing tasks, such as configuring, patching, and installing the software that runs on it. This service is ideal for development and testing, running applications in the cloud, or used as an extension to a data-center.

Azure App Service

is incorrect because this service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.

ISO

is the incorrect answer because ISO, International Organization for Standardization, is an organization defines international standards across all industries.

Operational Expenditures (OpEx)

is your operating costs, the expenses to run day-to-day business operations, like services and consumable items that get used up and are paid for according to use. This includes rent/utilities, wages/salaries, legal fees, website hosting fees, software licensing fees, essentially any costs a company incurs for running their day-to-day operations.


Conjuntos de estudio relacionados

Chapter 11 - Section 1 The Byzantine Empire Midterm Review

View Set

PreAP English 10 A study set without OMAM content

View Set

Final Chapter 13, Chapter 11, Chapter 13: Groups & Teams, Chapter 13 Admin Mgmt, Chapter 12, CHAPTER 12: 3370 MGT EXAM 3

View Set

RN Maternal Newborn Online Practice 2019 B with NGN

View Set