AZ900 Core Azure Services
You need t analyze large volumes of streaming data being collected from Internet of Things (IoT) devices
HDInsight HDInsight is an open-source enterprise-level analytics service that provides for fast-cost effective processing of massive amount of data. Can be used to analyze streaming or historic data
Develop new cloud native or hybrid solution
Innovate
Which factors affect the cost
Instance type Number of Instances OS Region Tier
allow vehicles to send on-board diagnostic sensory and vehicle telemetry data to the cloud for analysis
IoT Central The solution supports device-to-cloud messaging and per-device identity. You can also use it to analyze telemetry data
Prepare the cloud environment for the planned changes
Ready
Regions
Regions are always paired with other regions. The paired regions is always in the same geography but at least 300 miles away. Regions contain one or more datacenters Regions specify the location of resources. Cannot choose datacenter but yes region Regions cannot span countries. Tied to a single country or geographical area Regions do not represent physical datacenter. They represent an area within a geographical area
Azure monitoring options You want to view the number of VM that are currently down
Resource Health
Your company has a new policy to be able to limit access to resources at the resource group and resource scope in detailed, granular way. Access will be granted to various groups and individual users
Role-based access control Supports granular control required
Resources
A resource group can contain resources from any region, not just the region in which the resource group is located You can add a resource to or remove a resource from a resource group, except when the resource group is locked. You can also move resources between resource groups. A resource can reside in only one resource group at a time. Deleting a resource group will delete all resources contained in that group Resources can interact with other resources in a different resource group. The resource group creates a logical resource grouping primarily for management purposes and does not impact access between resources
Replace VM with a VM scale set
A scale set can provide high availability to your application, automatically increasing and decreasing the number of VMs in response to demand or as per a defined schedule. It cannot captures the desired state of your Development VM and reuse of for deployment of the Test and production instances.
EventGrid
A solution for building event-driven architectures that subscribe to Azure resources and route events to different endpoints
Azure monitoring options You want to receive an e-mail whenever the number of requests to a web app exceeds 10000 within an hour
Alerts receive an email whenever the number of requests to a web apps exceeds
Which feaute of Azure Monitor allows you to visualize telemetry data
Application Insight
Azure monitoring options You want to allow developers to send telemetry data to Azure
Application Insights Allow developers to send telemetry data to Azure.
Application Insights
Application insight is a feature of Azure Monitor that allows you to visually analyze telemetry data. It is an Application Performance Management (APM) SERVICE THAT DETECTS PERFORMANCE IN REAL TIME. Developers can install a small instrumention package in their web app to send telemetry data to Azure
Your company plans to make use of a free SaaS solution that lets your company monitor, allocate and optimize cloud spend in a multi-cloud enviroment
Azure Cost Management This the role of Azure Cost Manager, which is provided at no cost to Azure customers and partners. It supports a multi-cloud environment to include Azure and more
Your company is planning a deployment using Azure Database for PostgreSQL. The deployment should meet the reqs Up to 10TB storage Azure Premium Storage Point-in-time-restore for up to 35 days
Azure Database for PostgreSQL Single Server General Purpose tier This is the most cost-effective option. Supports data storage of up to 16 TB and uses Azure Premium storage
Development requires them to deploy and periodically remove and redeploy 100 vms What devops solution?
Azure DevTest Labs DevTest Labs lets developers directly manage VMs and PaaS resources and lets them quickly provision a development and test environment
Your company is considering using Linux based Azure Container Instance to deploy a single app. The app runs as a statefl app You need to provide storage to retrieve and persist state
Azure Files. This is the only storage option that supports persistent storage for ACI. You would need to create the share and then create a container
You want to create a rule that restricts network traffic across subscriptions
Azure Firewall
Which Azure service can use autoscale to add or remove resources as appropriate to minimize costs and ensure optimum performance levels
Azure Monitor Azure Monitor can use autoscale to add or remove resources as appropriate to minimize costs and ensure performance. You can create rules based on metrics collected by Azure Monitor to match resources to an application load
Your company plans to a three-year plan for virtual machines and storage resources to receive a reduction in pay-as-you-go prices
Azure Reservations
Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure region
Azure Resource Manager This lets you increase default limits nut does not let you exceed hard limits
lift-and-shift of on-premises SQL Server with minimal changes to an Azure Platform-as-a-Service (PaaS)
Azure SQL Managed Instances
You need to make sure your database can scale horizontally and support query parallelization for faster response on a large dataset, without your team's involvement in database or operating system management
Azure database PostgreSQL Hyperscale(Citus). It is deployment option offered as a PaaS that can scale horizontally by breaking up large data tables into smaller chunks. query parallelization across multiple servers and performance on dataset of 100gb and above
Your company uses Azure Blueprint to assist with its migration to Azure. User1 should be able to assign published blueprints You need to add User1 to the role-based access control role necessary to provide this permission
Blueprint Operator They can assign existing published blueprints, but they can not create the blueprint definitions
Compare using Azure Powershell and Azure CLI for Azure management Command execution supported in Azure Cloud Shell
Both
You can to give all users in a group the ability to create and manage al type of resource to a minimum
Contributor You have access to all resources but cannot grant permissions
You want to prevent a malicious flood of HTTP traffic to a VM that hosts Internet Information Services
DDoS protector
Azure Traffic Manager
DNS based traffic load balancer that allows optimal distribution of traffic to Azure services spread across global Azure regions
Data Lake Analytics
Data Lake Analytics is used to rapidly process big data jobs from large data stored referred to as Data Lakes.
You deploy a new VM and then manually adjust its configuration in Azure portal to meet the requirements of your Development environment You need to capture changes made to the development VMs configuration after the original deployment, so you can reuse it as a template in the deployment of Test and Production VMs.
Export Azure Resource Manager (ARM) template from a resource Export the Azure Resource Manager (ARM) template from a resource group You should either export the ARM template from a resource or from a resource group. ARM templates can be used to represent the desired state of your Azure resources. They can be repeatedly and consistently deployed throughout the development lifecycle, so you can create the Test and Production instances
Least expensive
Linux
Which Azure services provides for serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprise or organizations
Logic Apps you can use Logic Apps to avoid needing to write complex code for coordination between disparate systems
Machine Learning service
ML service is a data science technique that enables computers to predict customer outcomes and trends without being explicitly programmed. It is a cloud service to train, deploy, automate and manage ml models It is designated to let you star training on a local computer and then scale out to the cloud
Metrics
Metrics simply tell you how a resource is performing and what it is consuming
Cn you restrict user account to a VM with NSG?
NO An NSG cannot ensure that only your account can use RDP to access the VMs. You cannot use an NSG restrict user account access to a VM. You must use role-based access control (RBAC) to accomplish this
Virtual machines deployed on its hybrid cloud Azure Security Center support is limited to Windows operating systems
No
NSG protects from several subscriptions?
No An NSG does not allow you to create a policy that restricts network traffic across subscriptions. An NSG can only protect resources in a single subscription
Authorization can use a password to identify a person
No Authorization cannot use password to identify a person. This is called authentication
DevTest Labs includes tools to support monitoring, managing actionable alerts, and gaining insights from logs and telemetry
No Does not include tools to support monitoring, managing actionable alerts, and gaining insights from logs and telemetry. This is provided through Azure Monitor
Traffic between peered virtual networks is routed over public internet
No It is routed through Microsoft backcone infrastructure without involvement of the pubic internet
Spot VMs use the standard service level agreement for Azure VMs
No Spot VMs do not use the standard SLA for Azure VMs.
You are charged for the use of Windows Virtual Desktop on a monthly basis accordingly by active users
No WVD is a service that does not require any additional licenses. You can use it with your existing Microsoft 365
Azure PowerShell VM management is limited to Windows VM only
No can be used to manage Linux and Mac OS VIM
Azure Resources Manager templates use Azure PowerShell syntax
No use basic Json syntax
Azure AD
Self-service password change for cloud users user and group management
Define the business justification and the expected outcomes of adoption
Strategy
You deploy 3 VMs to Azure as a three-tieded architecture. One VM hosts a front-end web app, on WM hosts an API, and the other hosts Microsoft SQL Server database Only the fron end web application should be publicly accessible, and it should be accessible over HTTP on port 80. All three VMs must be accessible over Remote Desktop Protocol(RDP) on port 222. Only you can use RDP to access VMs You need to determine how Network Security Groups (NSGs) can be used in this scenario.
To ensure that all three VMs are accessible over port 222 To ensure that only the front-end VM id publicly accessible over port 80 A Network Security Groups can ensure that all three VMs are accessible over port 222. An NSG acts like a firewall. A nsg can ensure that only the front-edn VM is publicly accessible over port 80.
You want to compare the cost savings to moving into the cloud
Total Cost of Ownership TCO calculator
Which two options can you use to connect Azure VNets to each other
VPN gateaways Vnet peering
Authentication can use certificates to identify a person or a service
YES A certification has an embedded key that identifies a person or service
Transfer Billing ownership of a subscription from an Azure AD to another Moving subscription that owns a Azure Kubernetes Service cluster causes that cluster to lose functionality
YES Moving a subscription that owns an Azure Kuberneters Service cluster causes the cluster to lose functionality. This is due to lost service principal rights and role assignments
Quotas for resources in Azure Resource Groups are per region rather than per subscription
YES Quotas are per regions
ExpressRoute traffic is routed through a private connection
YES Routed over a private connection. lets you link on-premise networks to MS cloud services
When a blueprint is unassigned, all resources assigned by the blueprint remain in place, but blueprint resource locking is removed
YES This also results in the deletion of the blueprint assignment object
Windows Virtual Desktop should exist in the same Windows Server Active Directory that is linked to Azure AD
YES WVD users should exist in the same Windows Server AD that is linked to Azure AD. WVD does not support the use of Ms accounts or Azure AD when users are from a separate Azure AD tenant
You can transfer an existing subscription to a new Azure AD tenant
YES When you transfer a subscription, all role based access control role assignment are deleted from the source tenant. RBAC role assignment are not migrated to the destination tenant
Spot pricing provides access to discounted Azure compute resources
YES spot pricing provides access to Azure compute resources at deep discounts when unused Azure capacity is available
DevTest Labs can be used to quickly provision Windows, Linux virtual machines
Yes
You deploy a web app and a Cosmos DB instance to Azure web app SLA 99.95 Cosmos DB SLA 99.99 The combined SLA is lower than each individual SLA
Yes 99.95 * 99.99 = 99.94
A VNet is created within the scope of a region
Yes A Vnet is created within the scope of a region. VNet is a regional reserve
You need to use Azure Cloud Shell to manage Linux VMs. Select yes if you can use Azure Command-line interface
Yes Azure Cloud Shell supports the use of Azure CLI, PowerShell and Bsh to manage Linus, windows, mac os
Machine Learning Studio provides a collaborative drag-and-drop visual workspace to work with machine learning solutions
Yes It allows you to create solutions without the need for coding
Machine Learning Studio publishes machine learning models as web services
Yes Machine Learning Studio publishes machine learning models as web services. This makes the model you create accessible to others
PaaS allows you to manage applications without controlling underlying OS
Yes You only control the application. OS is taken care of
You can set the maximum price that you agree to pay on spot VMs
Yes spot vms prices vary based on available capacity
Can you connect different regions?
Yes you can use Global VNet peering using internal MS connectivity in Azure or via VPN gateways using public internet
Traffic manager
allows users to access Azure resources from a datacenter that is nearest to them by using DNS
Logic Apps
building scalable solutions for app integration, data integration, system integration, enterprise application integration, business-to-business communication
Company B wants to development department to manage its own VMs and storage accounts. It wants the sales team to manage its own Machine Learning models
create a resource group for each department
Company C wants the IT department to manage SQL server VMs that are in the production environment. It also wants to allow the development department to manage SQL Servers VMS that host app in the development environment
create a resource group for each environment
Company A wants the development and QA departments to manage App Services, the IT and development department to manage virtual machines and the IT department to manage SQL Database instances. These departments should manage the corresponding resources in both production and development environments
create a resource group for each resource type
An Azure MFA server is required when
for authentication when supporting users located on on-premises AD only Azure MFA cloud does not support this configuration
Azure Front Door
global endpoint that works at Layer 7 HTTP/HTTPS to enable fast, secure, and widely scalable web apps
Application Security groups
let you group VMs and define network security policies based on those groups. ASG let you organize similar servers so you can easily define and implement security policies based on those groups
Application Gateway
load balancing solution that uses routing to send HTTP traffic to a pool of backend instances
Microsoft Marketplace
provides purchase and subscription links to certified cloud app and solutions from Microsoft and tech partners
Azure Functions
serverless apps that support programming languages
Azure ExpressRoute
service that enables private connectivity between on-premises network and MS Azure or MS 365
Compare using Azure Powershell and Azure CLI for Azure management Commands work the same on Mac, Linux, and Windows
Both
Compare using Azure Powershell and Azure CLI for Azure management Executes commands in an interactive environment
Both
Application Insights
It is used to monitor serverless applications, detect performance anomalies and diagnose issues.
A user can be given access to only one subscription, and resources can belong to only one subscription, and resources can belong to only one subscription
NO A user can be given access to multiple subscriptions and access resources in those subscription. A resource can belong to only one subscription
When running Azure PowerShell with cloud shell, both Linux-specific and windows-specific functionality is available
NO Azure Cloud Shell is an interactive, browser-accessible shell env. When launching Cloud Shell, you need to select PowerShell to execute Azure PowerShell commands or Bash to execute Azure CLI commands. When running Azure PowerShell with Cloud Shell, Linux-specific functionality is available but Windows-specific is not.
Transfer Billing ownership of a subscription from an Azure AD to another System-assigned Managed Identities are re-enabled automatically
NO RABC lose their access. RBAC aaignments do not carry over when you associate the subscription with a new tenant
Azure Dedicated Hosts You can share a provided physical server across your multiple Azure subscription
NO You cannot share provided physical servers across your multiple Azure subscriptions. The underlying physical hosts are single-tenant, so they are dedicated to one Azure subscription only
Can a NSG restrict applications on a VM?
NO You cannot use an NSG to restrict apps on a VM
You need to use Azure Cloud Shell to manage Linux VMs. Select yes if you can use Azure portal
NO you cannot access Azure portal inside the cloud shell
Compare using Azure Powershell and Azure CLI for Azure management Supports an optional GUI interface
Neither
You want to allow inbound traffic to an Azure VM from only one specific IP address
Network Security Group
Machine learning models created in Machine Learning Studio can be deployed and managed by Azure Machine Learning service
No cannot be deployed or managed by Azure Machine Learning service. Machine Learning Studio solutions are managed in Machine Learning Studio and are only deployed as web services
Align actionable adoption plans with business outcomes
Plan
You deploy a web app and a Cosmos DB instance to Azure web app SLA 99.95 Cosmos DB SLA 99.99 You can increase the composite SLA by having the web app access a fallback queue
YES You can increase a composite SLA BY having the web app access a fallback queue. We have the OR instance. If the Cosmos DB is not available for storing data. the wen app can add messages to a queue.
Transfer Billing ownership of a subscription from an Azure AD to another All users and groups with role based access to manage the subscription lose their access
YES when you transfer billing ownership from an account in Azure AD to an account in another Azure AD tenant, you are not required to associate the sub with the new directory
DevTest Labs can provision environment based on Azure Resource Manager templates and pre-configured based
Yes
Virtual machines deployed on its hybrid cloud Azure Security Center provides native integration with Windows Defender
Yes
Windows Virtual Desktop supports Remote Desktop clients on MacOS nad iOs
Yes
Export ARM templates before deployment
You should not export ARM templates before deployment or export the ARM template from the deployment history. These two options only capture the state of the resource at the time of deployment. DO not include any manuel changes made after the original deployment
User Access Administrator
this role grants permissions to assign access and assign policies only