AZ-900 Azure Architecture and Services
T/F: You are charged for the use of Azure Virtual Desktop (AVD) on a monthly basis accordingly by active users
F
Your company is reorganizing after acquiring a new company. both your company and the new company have their own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of subscription form an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. T/F: System-assigned Managed Identities are re-enabled automatically.
F
T/F: Microsoft Defender for Cloud supports monitoring, security recommendations, and advanced threat protection for clouds and on-premises virtual machine (VM resources.
T
T/F: Multiple subscriptions can be owned by a single organization
T
T/F: Quotas for resources in Azure Resource Groups are per region rather than per subscription
T
T/F: Authorization can use password to identify a person
F
An Azure Multi-factor Authentication (MFA) server is required _______________________. A. for authentication when supporting users located on on-premises Active Directory (AD) only. B. for authentication when supporting users located on Azure AD only. C. for authentication when supporting both Azure AD and on-premises AD using Azure AD Connect. D. for authentication when supporting Azure AD and on-premises AD using federation with Active Directory Federation Services (AD FS).
A
Azure Advisor integrates with ____________________ to help to prevent, detect, and respond to threats to Azure resources. A. Microsoft Defender for Cloud B. Azure Information Protection (AIP) C. Azure Advanced Threat Protection (Azure ATP) D. Azure Cloud Shell
A
Build a baseline behavioral profile of organizational entities to identify anomalous activity. What is the appropriate solution to this scenario. A. Microsoft Sentinel B. Azure key Vault C. Azure Firewall D. Azure Monitor
A
Company B wants its development department to manage its own VMs and storage accounts, and its sales team to manage its own Machine Learning (ML) models Which resource group should you choose for Company B? A. Create a resource group for each department B. Create a resource group for each resource type C. Create a resource group for each environment.
A
Includes the abstraction of servers, infrastructure, and operating systems A. Azure Functions B. Azure Virtual Machines C. Container Instances
A
Your company is panning a deployment using Azure Database for PostgreSQL. The deployment should meet the following requirement: - Up to 10 TB storage - Azure Premium Storage - Point-in-time-restore for up to 35 days You need to select the appropriate deployment and pricing tier to meet these requirements and minimize costs What should you select? A. Azure Database for PostgreSQL Single Server General Purpose tier B. Azure Database for PostgreSQL Hyperscale (Citus) C. Azure Database for PostgreSQL Single Server Memory Optimized tier D. Azure Database for PostgreSQL Single Server Basic tier
A
____________________ enables you to perform automated deployments from Azure DevOps A. Azure App Service B. Azure Data Studio C. Azure SQL
A
It stores all replicas in one data center A. Geo-redundant storage (GRS) B. Locally redundant storage (LRS) C. Read-only access GRS (RA-GRS)
B
A company wants to expand its cloud presence by deploying additional resources to Azure. The company plans to use templates based on existing resource to automate the deployment precess. Ensuring consistent deployment is critical What should the company use? A. Azure Resource Groups B. Azure Resource Manager C. Azure Monitor D. Microsoft Defender for Cloud
B
Build an event-driven solution and pay only for the time spent running your code. What is the appropriate Azure resource for this scenario. A. Azure App Service B. Azure Functions C. Azure Virtual Machine (VM) D. Azure Traffic Manager
B
Company A wants its development and QA departments to manage App Services, its IT and development departments to manage virtual machines (VMs) and ITs IT Department to manage SQL Data Base instances. These departments should mange the corresponding resources in both the production and elopement environment. Which resource group should you choose for Company A? A. Create a resource group for each department B. Create a resource group for each resource type C. Create a resource group for each environment.
B
Includes a virtual processor, memory, storage, and networking resources. A. Azure Functions B. Azure Virtual Machines C. Container Instances
B
Incurs penalties for data deleted within 30 days Which Azure Storage Blob access tier is associated with this description? A. Archive B. Cool C. Hot
B
Life = and - shift of on-premises SQL Server with minimal change to an Azure Platform-as-a-Service (PaaS) solution A. Azure SQL Database B. Azure SQL Managed Instance C. SQL Server on Azure VMs D. Azure Database for PostgreSQL
B
Management groups let you organize multiple ______________________. A. resource groups as a single management entity to facilitate easier management B. subscriptions as a single management entity to facilitate easier management C. Azure AD tenants as a single management entity to facilitate easier management D. resources as a single management entity to facilitate easier management
B
What is the maximum length of time you can use the credits from an Azure free subscription before it expires? A. 12 months B. 30 days C. 24 months D. 6 months
B
Your company has three departments and two Azure administrators. Both administrators mange all departments. Each department must receive an Azure Bill. How man subscriptions should you create? A. One B. Two C. Three
C
is lightweight, virtualized application environment A. Azure Functions B. Azure Virtual Machines C. Container Instances
C
A _______________________ storage account supports Blob, Queue, and Table Storage services. A. Premium block blobs B. Premium file shares C. Premium page blobs D. Standard general-purpose v2
D
What is the purpose of a resource group? A. It defines initiatives that allow you to control the type of resources that can be deployed B. It is a collection of user and group accounts C. It specifies the subscriptions that are allowed to create Azure resources D. It serves as a container for Azure resources like virtual machines (VMs) and web apps
D
Which Azure security solution provides general security recommendations and suggests remediations to better secure your resources? A. Azure Information Protection (AIP) B. Key Vault C. Azure DDoS Protection Standard D. Microsoft Defender for Cloud
D
With ____________________ , users can access all needed applications without being required to authenticate a second time A. Conditional Access B. Multi-Factor Authentication (MFA) C. Role-Based Access Control (RBAC) D. Single Sign-On (SSO)
D
You need a security solution that helps provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates. What should you use? A. Microsoft Defender for Identity B. Azure Information Protection (AIP) C. Microsoft Defender for Cloud D. Key Vault
D
Your Azure tenant includes an Azure Virtual Network (VNet) with several internet-facing web servers. The web servers experience attacks that exhaust server resources and make the servers unavailable to legitimate users. You determine that the attacks are being launched from multiple locations. You need to implement an Azure solution that: - Detects and automatically tries to mitigate attacks. - Generates alerts when an active attack is underway. What is the BEST option to implement your solution? A. Azure Application Security Groups (ASG) B. Azure Firewall C. Azure Information Protection (AIP) D. Azure DDoS Protection Standard
D
_____________________ is a strategy to implement multiple layers of security to slow down an attack and provide early alert telemetry to act upon. A. Application Insight B. Azure Cognitive Services C. Customer Lockbox D. Defense in Depth
D
T/F: Microsoft Defender for Cloud support is limited to Windows operating systems only
F
T/F: Traffic between peered virtual networks (VNets) is routed over the public internet
F
For each of the the following statements about Azure Dedicated Hosts. T/F: You can share a provided physical server across you multiple Azure subscriptions
F
For each of the the following statements about Azure Dedicated Hosts. T/F: you are charged per number of virtual machines (VMs) deployed
F
T/F: A resource group can contain resources from the same region as the resource group only
F
T/F: A shared access signature (SAS) is required to access Azure Files
F
T/F: A subscription can have only one license
F
T/F: A user can only be given access to one subscription
F
Azure AD support authorization through the use of role-based access control (RBAC)
T
For each of the the following statements about Azure Dedicated Hosts. T/F: A provided physical server is dedicated to your organizations workload only.
T
T/F: A VNet is created within the scope of a region
T
T/F: A subscription can contain one or more resource group
T
T/F: Authentication can use certificates to identify a person or service
T
T/F: Authentication ensures that the username and password combination is correct.
T
T/F: Authorization ensures that an account has sufficient permissions to access a resource
T
T/F: Azure Files can be accessed using the Network File System (NFS) protocol
T
T/F: Azure Files can be accessed using the Server Message Block (SMB) protocol
T
T/F: Azure Virtual Desktop (AVD) supports Remote Desk clients on MacOS and iOS.
T
T/F: Azure Virtual Desktop (AVD) users should exist in the same Windows Server Active Directory (AD) that is linked to Azure AD
T
T/F: ExpressRoute traffic is routed through a private connection.
T
T/F: Locking a resource group as read-only locks all resources contained in the group.
T
T/F: Microsoft Defender for Cloud cam automatically discover and assess security for new Azure resources as they are deployed
T
T/F: Microsoft Defender for Cloud provides native integration with Microsoft Defender Antivirus in Windows
T
Your company is reorganizing after acquiring a new company. both your company and the new company have their own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of subscription form an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. T/F: All users and groups with role based access to manage the subscriptions lose their access.
T
Cost-effective, serverless database with an intermittent usage pattern and a low compute utilization over time A. Azure SQL Database B. Azure SQL Managed Instance C. SQL Server on Azure VMs D. Azure Database for PostgreSQL
A
Creating highly portable, scalable app instances that include the binaries and libraries required to run can be done using ____________________. A. Containers B. Virtual Desktop Infrastructure (VDI) C. Virtual Machines (VM)
A
Deploy a web application using Platform-as-a-Service (PaaS) for scalability and security. What is the appropriate Azure resource for this scenario. A. Azure App Service B. Azure Functions C. Azure Virtual Machine (VM) D. Azure Traffic Manager
A
Incurs the highest rehydration costs Which Azure Storage Blob access tier is associated with this description? A. Archive B. Cool C. Hot
A
Is not available at the account level Which Azure Storage Blob access tier is associated with this description? A. Archive B. Cool C. Hot
A
It stores three data copies in each of two regions A. Geo-redundant storage (GRS) B. Locally redundant storage (LRS) C. Read-only access GRS (RA-GRS)
A
Which Azure database product supports key-value and document data model and provides native support for NoSQL? A. Azure Cosmos DB B. Azure SQL Database D. SQL Server on VMs
A
Which best describe authorization? A. People who present their birth certificate to prove that they are eligible to receive government age-based benefits B. Students who enter their password to check their grades at university C. Passengers who present their driver's license to prove their identity before boarding a flight D. Banking customers who enter their personal identification number (PIN) number to log into an ATM
A
You deploy a business critical solution in Azure. You need to ensure that your resources are replicated and hosted at least 200 miles away within the same geographic area, to minimize impact on your solution's availability in case of disaster. Which configuration option should you use? A. Region pairs B. Availability zones C. Resource groups D. Availability sets
A
You need to bring Azure Storage into your virtual network with dedicated IP address. What solution should you use? A. Create a private endpoint with Azure Private Link B. Create a private connection with Azure ExpressRoute C. Peer your Azure virtual network (VNet) with an Azure Storage VNet. D. Create a site-to-site VPN with Azure VPN Gateway.
A
You want to allow inbound traffic to an Azure Virtual Machine (VM) from only specific IP addresses. Which resources should you deploy? A. Network Security Group (NSG) B. Traffic Manager
A
You want to publish on-premises directory synchronization. Which license should you use? A. Free B. Premium
A
Your company has two divisions and two Azure administrators. each administrator is responsible for a division. the company must receive one Azure bill. How man subscriptions should you create? A. One B. Two C. Three
A
Securely store a database connection string to avoid its accidental exposure in a website's source code. What is the appropriate solution to this scenario. A. Microsoft Sentinel B. Azure key Vault C. Azure Firewall D. Azure Monitor
B
You are tasked with addressing performance issues on an Azure-based web server cluster. You need to configure virtual machines to scale vertically What should you do to meet this requirement? A. Migrate the server cluster to a Kubernetes cluster B. Add compute and memory resources to each virtual machine C. Configure the cluster to burst Into a hybrid cloud D. Allow additional virtual machine to be auto-deployed as needed
B
You build a new operational analytics solution in Azure using PostgreSQL as a relational database. The estimated monthly growth of your database is 20 Gb You need to ensure that your database can scale horizontally and support query parallelization for faster responses on a large dataset, without your team's involvement in database or operating system management. Which deployment option of PostgreSQL in Azure should you use? A. PostgreSQL on Azure VMs B. Azure database for PostgreSQL Hyperscale (Citus) C. Azure Database for PostgreSQL Single Server D. Azure database for PostgreSQL Flexible Server
B
You want on-premises users to be able to reset their own passwords. Which license should you use? A. Free B. Premium
B
You want to create a rule that restricts network traffic across subscriptions. Which resource should you deploy? A. Application Gateway B. Azure Firewall C. Network Security Group (NSG)
B
You want to publish on-premises web apps using Azure AD. Which license should you use? A. Free B. Premium
B
Your company has two physical locations and one Azure administrator. The administrator manages both locations. Each location must receive an Azure bill How man subscriptions should you create? A. One B. Two C. Three
B
Which two options are examples of Conditional Access policies A. Block access by location B. create dynamic groups C. Enable password writeback to on-premises D. Enable self-service password reset E. Require compliant devices
Both A and E
Which two organization-level insights can you derive from the Regulatory Compliance dashboard of Microsoft Defender for Cloud? A. Overall compliance B. Mitigation steps for reported threats C. Security alerts ranked by security D. Overall secure score E. Number of passing and failing assessment
Both A and E
A company has an Azure AD Premium P1 subscription. The company has a hybrid environment that uses both Azure AD and on-premises federated AD using Active Directory Federation Services (AD FS) The company is upgrading its security and must configure Azure AD self-service password reset (SSPR) and Multi-Factor Authentication (MFA). You need to identify the authentication types that are supported by SSPR and MFA Which three authentication types are supported by both SSPR and MFM? A. Voice Call B. Security Questions C. Password D. SMS E. Email Address F. App Password
Both A, C, and D
Which two solutions should you use to transfer an on-premises virtual hard disk (VHD) to Azure? A. Azure files B. AzCopy C. Azure Storage Explorer D. Azure Data Share
Both B and C
Your Azure tenant includes several internet-facing web servers. The web servers rely on data stored on Azure SQL Database servers. The web servers are located in different virtual network (Net) subnets. The database servers have their endpoint exposed to the subnets. You need to implement detailed controls over the types of connections supported between the web servers and database servers. You want to minimize the effort necessary to implement and maintain your solution. Which two technologies should you include in your solution? A. User Defined Routes (UDRs) B. Application Security Groups (ASGs) C. Network Security Groups (NSGs) D. Azure Firewall E. Azure Traffic Manager
Both B and C
As part of a cloud migration, your Azure cloud implantation has been initially seeded with 100TB of data. As the migration continues, you need to periodically migrate data to Azure using Server Message Block (SMB) Which two solutions should you use to meet this requirement A. Azure Data Box Heavy B. Azure Data Box Gateway C. Azure Data Share D. Azure Files
Both B and D
A company subscribes to Azure as a platform for developing and deploying web apps. The company wants to keep initial expenses to a minimum. The company cannot use the free edition as it does not support many features required, so the company decides to go with Azure AD premium subscription. You need to determine the features available to the company with Azure Active Directory (Azure AD) Premium P1 edition Which two features are supported by Azure AD Premium P1 edition? A. Privileged Identity Management (PIM) , just-in-time access B. Identity Protection C. Conditional Access D. Role-bases access control (RBAC) E. Self-service entitlement management
Both C and D
Which two examples best describe multi-factor authentication (MFA)? A. You specify an email address and password to access online banking B. You draw a pattern on your phone to unlock it so that you can call your manager C. You receive a text message with a code after you enter a username and password on a movie streaming site D. You insert your debit card into an ATM and then enter your PIN to access your account
Both C and D
Which two options can you use to connect Azure Virtual Networks (VNets) to each other? A. Azure ExpressRoute B. Azure Traffic Manager C. VNet Peering D. Azure Front Door E. VPN Gateway
Both C and E
A company wants to host data disks in the Azure cloud. The data disks must be available to other on-premises machines running Windows, linux, and macOS using network sharing via Server Message Block (SMB) protocol. Data must be secure both at rest and in-transit. You need to choose an appropriate storage product solution. Which storage product should you use? A. Blob Storage B. Archive Storage C. File Storage D. Disk Storage
C
Company C wants its IT department to manage SQL Server VMs that are in the production environment. It also wants to allow its development department to manage SQL Server VMs that host applications in the development environment. Which resource group should you choose for Company C? A. Create a resource group for each department B. Create a resource group for each resource type C. Create a resource group for each environment.
C
Deny traffic to your Azure Virtual Network resource from known malicious IP addresses. What is the appropriate solution to this scenario. A. Microsoft Sentinel B. Azure key Vault C. Azure Firewall D. Azure Monitor
C
Fast Migration of SQL Server from on-premises to Azure with retention of operating system access. A. Azure SQL Database B. Azure SQL Managed Instance C. SQL Server on Azure VMs D. Azure Database for PostgreSQL
C
It allows replicated data to be accessed in two different zones A. Geo-redundant storage (GRS) B. Locally redundant storage (LRS) C. Read-only access GRS (RA-GRS)
C
Migrate a workload from an on-premises Hyper-V host to Azure, still retaining full control over the operating system What is the appropriate Azure resource for this scenario. A. Azure App Service B. Azure Functions C. Azure Virtual Machine (VM) D. Azure Traffic Manager
C
You deploy two Azure virtual machines (VMs) running Windows Server 2016 and one VM running Ubuntu Linux. All three VMs are their resources are added to the same resource group. The VMs and the resource group are located in the same Azure region. The test plan directs that you need to delete the resource group once the initial test cycle is completed. What is the result of this action? A. Only resource metadata is deleted and the VMs are shut down B. Only resource metadata is deleted with no impact on the VMs C. All of the VMs contained in the resource group are deleted D. Only resource metadata is deleted and access to the VMs is disabled
C
You manage a development team to needs to focus all its efforts on creating and maintaining application code. Your team does not have the resources to provision and scale the infrastructure your applications require to run. What should you do? A. Configure virtual machines and deploy application updates using Azure command-line interface (CLI) B. Automate virtual machine provisioning with Azure Quickstart Templates C. Create an Azure Functions subscription and upload your code D. Containerize the apps and deploy a container cluster service
C
You need to ensure consistent performance for users who access you application, which runs on customized Linux virtual machine. What should you use to provision virtual machines automatically? A. Availability zones B. Dedicated hosts C. Scale sets D. Functions
C
You want to prevent a malicious flood of HTTP traffic to a VM that hosts Internet Information Services (IIS) Which resources should you deploy? A. Application Gateway B. Traffic Manager C. Distributed Denial-of-Service (DDoS) Protection
C
T/F: Azure Ad authentication and authorization support requires integration with an on-premises AD.
F
T/F: Resources can interact with other resources in a different resource group
T
T/F: Web apps must be registered with Azure AD to support authentication and authorization services
T
T/F: You can add a resource to or remove a resource from a resource group as long as the resource group is not locked
T
T/F: You can transfer an existing subscription to a new Azure Active Directory (AD) tenant.
T
Your company is reorganizing after acquiring a new company. both your company and the new company have their own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of subscription form an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. T/F: Moving subscription that owns an Azure Kurbernetes Service (AKS) cluster causes the cluster to lose functionality
T