AZ900 Core Azure Services

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

You need t analyze large volumes of streaming data being collected from Internet of Things (IoT) devices

HDInsight HDInsight is an open-source enterprise-level analytics service that provides for fast-cost effective processing of massive amount of data. Can be used to analyze streaming or historic data

Develop new cloud native or hybrid solution

Innovate

Which factors affect the cost

Instance type Number of Instances OS Region Tier

allow vehicles to send on-board diagnostic sensory and vehicle telemetry data to the cloud for analysis

IoT Central The solution supports device-to-cloud messaging and per-device identity. You can also use it to analyze telemetry data

Prepare the cloud environment for the planned changes

Ready

Regions

Regions are always paired with other regions. The paired regions is always in the same geography but at least 300 miles away. Regions contain one or more datacenters Regions specify the location of resources. Cannot choose datacenter but yes region Regions cannot span countries. Tied to a single country or geographical area Regions do not represent physical datacenter. They represent an area within a geographical area

Azure monitoring options You want to view the number of VM that are currently down

Resource Health

Your company has a new policy to be able to limit access to resources at the resource group and resource scope in detailed, granular way. Access will be granted to various groups and individual users

Role-based access control Supports granular control required

Resources

A resource group can contain resources from any region, not just the region in which the resource group is located You can add a resource to or remove a resource from a resource group, except when the resource group is locked. You can also move resources between resource groups. A resource can reside in only one resource group at a time. Deleting a resource group will delete all resources contained in that group Resources can interact with other resources in a different resource group. The resource group creates a logical resource grouping primarily for management purposes and does not impact access between resources

Replace VM with a VM scale set

A scale set can provide high availability to your application, automatically increasing and decreasing the number of VMs in response to demand or as per a defined schedule. It cannot captures the desired state of your Development VM and reuse of for deployment of the Test and production instances.

EventGrid

A solution for building event-driven architectures that subscribe to Azure resources and route events to different endpoints

Azure monitoring options You want to receive an e-mail whenever the number of requests to a web app exceeds 10000 within an hour

Alerts receive an email whenever the number of requests to a web apps exceeds

Which feaute of Azure Monitor allows you to visualize telemetry data

Application Insight

Azure monitoring options You want to allow developers to send telemetry data to Azure

Application Insights Allow developers to send telemetry data to Azure.

Application Insights

Application insight is a feature of Azure Monitor that allows you to visually analyze telemetry data. It is an Application Performance Management (APM) SERVICE THAT DETECTS PERFORMANCE IN REAL TIME. Developers can install a small instrumention package in their web app to send telemetry data to Azure

Your company plans to make use of a free SaaS solution that lets your company monitor, allocate and optimize cloud spend in a multi-cloud enviroment

Azure Cost Management This the role of Azure Cost Manager, which is provided at no cost to Azure customers and partners. It supports a multi-cloud environment to include Azure and more

Your company is planning a deployment using Azure Database for PostgreSQL. The deployment should meet the reqs Up to 10TB storage Azure Premium Storage Point-in-time-restore for up to 35 days

Azure Database for PostgreSQL Single Server General Purpose tier This is the most cost-effective option. Supports data storage of up to 16 TB and uses Azure Premium storage

Development requires them to deploy and periodically remove and redeploy 100 vms What devops solution?

Azure DevTest Labs DevTest Labs lets developers directly manage VMs and PaaS resources and lets them quickly provision a development and test environment

Your company is considering using Linux based Azure Container Instance to deploy a single app. The app runs as a statefl app You need to provide storage to retrieve and persist state

Azure Files. This is the only storage option that supports persistent storage for ACI. You would need to create the share and then create a container

You want to create a rule that restricts network traffic across subscriptions

Azure Firewall

Which Azure service can use autoscale to add or remove resources as appropriate to minimize costs and ensure optimum performance levels

Azure Monitor Azure Monitor can use autoscale to add or remove resources as appropriate to minimize costs and ensure performance. You can create rules based on metrics collected by Azure Monitor to match resources to an application load

Your company plans to a three-year plan for virtual machines and storage resources to receive a reduction in pay-as-you-go prices

Azure Reservations

Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure region

Azure Resource Manager This lets you increase default limits nut does not let you exceed hard limits

lift-and-shift of on-premises SQL Server with minimal changes to an Azure Platform-as-a-Service (PaaS)

Azure SQL Managed Instances

You need to make sure your database can scale horizontally and support query parallelization for faster response on a large dataset, without your team's involvement in database or operating system management

Azure database PostgreSQL Hyperscale(Citus). It is deployment option offered as a PaaS that can scale horizontally by breaking up large data tables into smaller chunks. query parallelization across multiple servers and performance on dataset of 100gb and above

Your company uses Azure Blueprint to assist with its migration to Azure. User1 should be able to assign published blueprints You need to add User1 to the role-based access control role necessary to provide this permission

Blueprint Operator They can assign existing published blueprints, but they can not create the blueprint definitions

Compare using Azure Powershell and Azure CLI for Azure management Command execution supported in Azure Cloud Shell

Both

You can to give all users in a group the ability to create and manage al type of resource to a minimum

Contributor You have access to all resources but cannot grant permissions

You want to prevent a malicious flood of HTTP traffic to a VM that hosts Internet Information Services

DDoS protector

Azure Traffic Manager

DNS based traffic load balancer that allows optimal distribution of traffic to Azure services spread across global Azure regions

Data Lake Analytics

Data Lake Analytics is used to rapidly process big data jobs from large data stored referred to as Data Lakes.

You deploy a new VM and then manually adjust its configuration in Azure portal to meet the requirements of your Development environment You need to capture changes made to the development VMs configuration after the original deployment, so you can reuse it as a template in the deployment of Test and Production VMs.

Export Azure Resource Manager (ARM) template from a resource Export the Azure Resource Manager (ARM) template from a resource group You should either export the ARM template from a resource or from a resource group. ARM templates can be used to represent the desired state of your Azure resources. They can be repeatedly and consistently deployed throughout the development lifecycle, so you can create the Test and Production instances

Least expensive

Linux

Which Azure services provides for serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprise or organizations

Logic Apps you can use Logic Apps to avoid needing to write complex code for coordination between disparate systems

Machine Learning service

ML service is a data science technique that enables computers to predict customer outcomes and trends without being explicitly programmed. It is a cloud service to train, deploy, automate and manage ml models It is designated to let you star training on a local computer and then scale out to the cloud

Metrics

Metrics simply tell you how a resource is performing and what it is consuming

Cn you restrict user account to a VM with NSG?

NO An NSG cannot ensure that only your account can use RDP to access the VMs. You cannot use an NSG restrict user account access to a VM. You must use role-based access control (RBAC) to accomplish this

Virtual machines deployed on its hybrid cloud Azure Security Center support is limited to Windows operating systems

No

NSG protects from several subscriptions?

No An NSG does not allow you to create a policy that restricts network traffic across subscriptions. An NSG can only protect resources in a single subscription

Authorization can use a password to identify a person

No Authorization cannot use password to identify a person. This is called authentication

DevTest Labs includes tools to support monitoring, managing actionable alerts, and gaining insights from logs and telemetry

No Does not include tools to support monitoring, managing actionable alerts, and gaining insights from logs and telemetry. This is provided through Azure Monitor

Traffic between peered virtual networks is routed over public internet

No It is routed through Microsoft backcone infrastructure without involvement of the pubic internet

Spot VMs use the standard service level agreement for Azure VMs

No Spot VMs do not use the standard SLA for Azure VMs.

You are charged for the use of Windows Virtual Desktop on a monthly basis accordingly by active users

No WVD is a service that does not require any additional licenses. You can use it with your existing Microsoft 365

Azure PowerShell VM management is limited to Windows VM only

No can be used to manage Linux and Mac OS VIM

Azure Resources Manager templates use Azure PowerShell syntax

No use basic Json syntax

Azure AD

Self-service password change for cloud users user and group management

Define the business justification and the expected outcomes of adoption

Strategy

You deploy 3 VMs to Azure as a three-tieded architecture. One VM hosts a front-end web app, on WM hosts an API, and the other hosts Microsoft SQL Server database Only the fron end web application should be publicly accessible, and it should be accessible over HTTP on port 80. All three VMs must be accessible over Remote Desktop Protocol(RDP) on port 222. Only you can use RDP to access VMs You need to determine how Network Security Groups (NSGs) can be used in this scenario.

To ensure that all three VMs are accessible over port 222 To ensure that only the front-end VM id publicly accessible over port 80 A Network Security Groups can ensure that all three VMs are accessible over port 222. An NSG acts like a firewall. A nsg can ensure that only the front-edn VM is publicly accessible over port 80.

You want to compare the cost savings to moving into the cloud

Total Cost of Ownership TCO calculator

Which two options can you use to connect Azure VNets to each other

VPN gateaways Vnet peering

Authentication can use certificates to identify a person or a service

YES A certification has an embedded key that identifies a person or service

Transfer Billing ownership of a subscription from an Azure AD to another Moving subscription that owns a Azure Kubernetes Service cluster causes that cluster to lose functionality

YES Moving a subscription that owns an Azure Kuberneters Service cluster causes the cluster to lose functionality. This is due to lost service principal rights and role assignments

Quotas for resources in Azure Resource Groups are per region rather than per subscription

YES Quotas are per regions

ExpressRoute traffic is routed through a private connection

YES Routed over a private connection. lets you link on-premise networks to MS cloud services

When a blueprint is unassigned, all resources assigned by the blueprint remain in place, but blueprint resource locking is removed

YES This also results in the deletion of the blueprint assignment object

Windows Virtual Desktop should exist in the same Windows Server Active Directory that is linked to Azure AD

YES WVD users should exist in the same Windows Server AD that is linked to Azure AD. WVD does not support the use of Ms accounts or Azure AD when users are from a separate Azure AD tenant

You can transfer an existing subscription to a new Azure AD tenant

YES When you transfer a subscription, all role based access control role assignment are deleted from the source tenant. RBAC role assignment are not migrated to the destination tenant

Spot pricing provides access to discounted Azure compute resources

YES spot pricing provides access to Azure compute resources at deep discounts when unused Azure capacity is available

DevTest Labs can be used to quickly provision Windows, Linux virtual machines

Yes

You deploy a web app and a Cosmos DB instance to Azure web app SLA 99.95 Cosmos DB SLA 99.99 The combined SLA is lower than each individual SLA

Yes 99.95 * 99.99 = 99.94

A VNet is created within the scope of a region

Yes A Vnet is created within the scope of a region. VNet is a regional reserve

You need to use Azure Cloud Shell to manage Linux VMs. Select yes if you can use Azure Command-line interface

Yes Azure Cloud Shell supports the use of Azure CLI, PowerShell and Bsh to manage Linus, windows, mac os

Machine Learning Studio provides a collaborative drag-and-drop visual workspace to work with machine learning solutions

Yes It allows you to create solutions without the need for coding

Machine Learning Studio publishes machine learning models as web services

Yes Machine Learning Studio publishes machine learning models as web services. This makes the model you create accessible to others

PaaS allows you to manage applications without controlling underlying OS

Yes You only control the application. OS is taken care of

You can set the maximum price that you agree to pay on spot VMs

Yes spot vms prices vary based on available capacity

Can you connect different regions?

Yes you can use Global VNet peering using internal MS connectivity in Azure or via VPN gateways using public internet

Traffic manager

allows users to access Azure resources from a datacenter that is nearest to them by using DNS

Logic Apps

building scalable solutions for app integration, data integration, system integration, enterprise application integration, business-to-business communication

Company B wants to development department to manage its own VMs and storage accounts. It wants the sales team to manage its own Machine Learning models

create a resource group for each department

Company C wants the IT department to manage SQL server VMs that are in the production environment. It also wants to allow the development department to manage SQL Servers VMS that host app in the development environment

create a resource group for each environment

Company A wants the development and QA departments to manage App Services, the IT and development department to manage virtual machines and the IT department to manage SQL Database instances. These departments should manage the corresponding resources in both production and development environments

create a resource group for each resource type

An Azure MFA server is required when

for authentication when supporting users located on on-premises AD only Azure MFA cloud does not support this configuration

Azure Front Door

global endpoint that works at Layer 7 HTTP/HTTPS to enable fast, secure, and widely scalable web apps

Application Security groups

let you group VMs and define network security policies based on those groups. ASG let you organize similar servers so you can easily define and implement security policies based on those groups

Application Gateway

load balancing solution that uses routing to send HTTP traffic to a pool of backend instances

Microsoft Marketplace

provides purchase and subscription links to certified cloud app and solutions from Microsoft and tech partners

Azure Functions

serverless apps that support programming languages

Azure ExpressRoute

service that enables private connectivity between on-premises network and MS Azure or MS 365

Compare using Azure Powershell and Azure CLI for Azure management Commands work the same on Mac, Linux, and Windows

Both

Compare using Azure Powershell and Azure CLI for Azure management Executes commands in an interactive environment

Both

Application Insights

It is used to monitor serverless applications, detect performance anomalies and diagnose issues.

A user can be given access to only one subscription, and resources can belong to only one subscription, and resources can belong to only one subscription

NO A user can be given access to multiple subscriptions and access resources in those subscription. A resource can belong to only one subscription

When running Azure PowerShell with cloud shell, both Linux-specific and windows-specific functionality is available

NO Azure Cloud Shell is an interactive, browser-accessible shell env. When launching Cloud Shell, you need to select PowerShell to execute Azure PowerShell commands or Bash to execute Azure CLI commands. When running Azure PowerShell with Cloud Shell, Linux-specific functionality is available but Windows-specific is not.

Transfer Billing ownership of a subscription from an Azure AD to another System-assigned Managed Identities are re-enabled automatically

NO RABC lose their access. RBAC aaignments do not carry over when you associate the subscription with a new tenant

Azure Dedicated Hosts You can share a provided physical server across your multiple Azure subscription

NO You cannot share provided physical servers across your multiple Azure subscriptions. The underlying physical hosts are single-tenant, so they are dedicated to one Azure subscription only

Can a NSG restrict applications on a VM?

NO You cannot use an NSG to restrict apps on a VM

You need to use Azure Cloud Shell to manage Linux VMs. Select yes if you can use Azure portal

NO you cannot access Azure portal inside the cloud shell

Compare using Azure Powershell and Azure CLI for Azure management Supports an optional GUI interface

Neither

You want to allow inbound traffic to an Azure VM from only one specific IP address

Network Security Group

Machine learning models created in Machine Learning Studio can be deployed and managed by Azure Machine Learning service

No cannot be deployed or managed by Azure Machine Learning service. Machine Learning Studio solutions are managed in Machine Learning Studio and are only deployed as web services

Align actionable adoption plans with business outcomes

Plan

You deploy a web app and a Cosmos DB instance to Azure web app SLA 99.95 Cosmos DB SLA 99.99 You can increase the composite SLA by having the web app access a fallback queue

YES You can increase a composite SLA BY having the web app access a fallback queue. We have the OR instance. If the Cosmos DB is not available for storing data. the wen app can add messages to a queue.

Transfer Billing ownership of a subscription from an Azure AD to another All users and groups with role based access to manage the subscription lose their access

YES when you transfer billing ownership from an account in Azure AD to an account in another Azure AD tenant, you are not required to associate the sub with the new directory

DevTest Labs can provision environment based on Azure Resource Manager templates and pre-configured based

Yes

Virtual machines deployed on its hybrid cloud Azure Security Center provides native integration with Windows Defender

Yes

Windows Virtual Desktop supports Remote Desktop clients on MacOS nad iOs

Yes

Export ARM templates before deployment

You should not export ARM templates before deployment or export the ARM template from the deployment history. These two options only capture the state of the resource at the time of deployment. DO not include any manuel changes made after the original deployment

User Access Administrator

this role grants permissions to assign access and assign policies only


Kaugnay na mga set ng pag-aaral

Translating algebraic expressions 1

View Set

Chapter 23: Adrenergic Drugs prepu

View Set

Personal Financial Literacy: Exploring Career Options

View Set

Course 1 - W3: Traditional Software Development Models

View Set