Azure Fundamentals -- Knowledge Check Practice Questions
What is meant by cloud computing?
Delivery of computing services over the internet. EXPLANATION Cloud computing is the delivery of computing services over the internet, which is otherwise known as the cloud.
TRUE or FALSE: With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
TRUE EXPLANATION With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
What is not a reason to move to the cloud?
A limited pool of services EXPLANATION The cloud offers a nearly limitless pool of raw compute, storage, and networking components to help you deliver innovative and novel user experiences quickly. Options include - Geographic Regions - Fast Innovation
What's the SLA for Azure Maps in terms of guaranteed uptime? A) 99 percent B) 99.9 percent C) 99.99 percent
ANSWER B) 99.9 percent -- The SLA for Azure Maps tells you the SLA. EXPLANATION for wrong choices: A) 99 percent -- See the SLA for Azure Maps to get the SLA. C) 99.99 percent -- See the SLA for Azure Maps to get the SLA.
Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration? A) Azure Cosmos DB B) Azure Database for MySQL C) Azure Database for PostgreSQL
ANSWER: B) Azure Database for MySQL -- Azure Database for MySQL is the logical choice for existing LAMP stack applications. EXPLANATION A) Azure Cosmos DB -- nope C) Azure Database for PostgreSQL -- nope
Which of the following features doesn't apply to resource groups? A) Resources can be in only one resource group. B) Role-based access control can be applied to the resource group. C) Resource groups can be nested.
ANSWER: C) Resource groups can be nested. -- Resource groups can't be nested. EXPLANATION of wrong answers: A) Resources can be in only one resource group. -- Resources can be in only one resource group. B) Role-based access control can be applied to the resource group. -- Role-based access control can be applied to the resource group.
TRUE or FALSE: With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources.
FALSE EXPLANATION With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.
True or false: You need to purchase an Azure account before you can use any Azure resources.
False EXPLANATION You can use a free Azure account or a Microsoft Learn sandbox to create resources.
What are the 3 cloud computing categories?
1 Platform-as-a-Service (PaaS) 2 Infrastructure-as-a-Service (IaaS) 3 Software-as-a-Service (SaaS) EXPLANATION Here's a bonus one that's fake. "Networking-as-a-Service (NaaS)" which doesn't exist! NaaS is a lie!
What's the new composite SLA? Remember, the new SLA includes a third virtual machine and Azure Maps. A) 99.58 percent B) 99.78 percent C) 99.99 percent
ANSWER A) 99.58 percent -- To compute the composite SLA for a set of services, you multiply the SLA of each individual service. EXPLANATION for incorrect choices: B) 99.78 percent -- The composite SLA is lower because adding complexity slightly increases the risk of failure. C) 99.99 percent -- The composite SLA is lower than the highest individual SLA because adding complexity slightly increases the risk of failure.
Resources in the Dev and Test environments are each paid for by different departments. What's the best way to categorize costs by department? A) Apply a tag to each virtual machine that identifies the appropriate billing department. B) Split the cost evenly between departments. C) Keep a spreadsheet that lists each team's resources.
ANSWER A) Apply a tag to each virtual machine that identifies the appropriate billing department. -- You can apply tags to groups of Azure resources to organize billing data. EXPLANATION for wrong answers: B) Split the cost evenly between departments.-- Each environment might consume different amounts of Azure resources. Is there a way to better identify which department is consuming which resources? C) Keep a spreadsheet that lists each team's resources. -- What's in your spreadsheet and what's in your Azure subscription can easily drift. Is there a way to associate usage more directly?
What's the best way to ensure that the development team doesn't provision too many virtual machines at the same time? A) Do nothing. Let the development team use what they need. B) Apply spending limits to the development team's Azure subscription. C) Verbally give the development lead a budget and hold them accountable for overages.
ANSWER B) Apply spending limits to the development team's Azure subscription. -- If you exceed your spending limit, active resources are deallocated. You can then decide whether to increase your limit or provision fewer resources. EXPLANATION for wrong choices: A) Do nothing. Let the development team use what they need. -- Although you might want to enable the development team to use what they need, you might want to consider ways to prevent accidental spending. C) Verbally give the development lead a budget and hold them accountable for overages. -- Although it's good for everyone to agree on a budget, are there controls you can put in place to automatically check spending?
Which is the most efficient way for the testing team to save costs on virtual machines on weekends, when testers are not at work? A) Delete the virtual machines before the weekend and create a new set the following week. B) Deallocate virtual machines when they're not in use. C) Just let everything run. Azure bills you only for the CPU time that you use.
ANSWER B) Deallocate virtual machines when they're not in use. -- When you deallocate virtual machines, the associated hard disks and data are still kept in Azure. But you don't pay for CPU or network consumption, which can help save costs. EXPLANATION for incorrect choices: A) Delete the virtual machines before the weekend and create a new set the following week. -- Although you can delete your virtual machines when they're not in use, you also lose any associated hard disks. It can take some time to re-create the environment at the start of each week. C) Just let everything run. Azure bills you only for the CPU time that you use. -- Usage meters track not only CPU time but also network traffic and the number of disk operations.
Adding a third virtual machine reduces the composite SLA. How can Tailwind Traders offset this reduction? A) Increase the size of each virtual machine. B) Deploy extra instances of the same virtual machines across the different availability zones in the same Azure region. C) Do nothing. Using Azure Load Balancer increases the SLA for virtual machines.
ANSWER B) Deploy extra instances of the same virtual machines across the different availability zones in the same Azure region. -- If one availability zone is affected, your virtual machine instance in the other availability zone should be unaffected. EXPLANATION for wrong choices: A) Increase the size of each virtual machine. -- Incorrect. The size of a virtual machine does not affect its SLA. C) Do nothing. Using Azure Load Balancer increases the SLA for virtual machines. -- Incorrect. Although Load Balancer can improve performance by distributing traffic, each service factors separately into the overall SLA.
Which is the best first step the team should take to compare the cost of running these environments on Azure versus in their datacenter? A) They're just test environments. Spin them up and check the bill at the end of the month. B) Assume that running in the cloud costs about the same as running in the datacenter. C) Run the Total Cost of Ownership Calculator.
ANSWER C) Run the Total Cost of Ownership Calculator. -- Running the Total Cost of Ownership Calculator is a great first step because it can provide an accurate comparison of running workloads in the datacenter versus on Azure, certified by an independent research company. EXPLANATION of incorrect answers: A) They're just test environments. Spin them up and check the bill at the end of the month. -- Costs can add up. It's important to understand the full cost of running your solution, whether it's in the datacenter or in the cloud. B) Assume that running in the cloud costs about the same as running in the datacenter. -- Running on Azure can actually save money. But only a thorough cost assessment can tell you with certainty.
What approach might the company take in adding the augmented reality (AR) preview service to its architecture? A) The Special Orders app is already in production. The company shouldn't look into the AR service until the service reaches general availability (GA). B) The Special Orders app is mainly for use by retail employees. The company can integrate the AR service now because potential downtime or failures aren't an important factor. C) The development team can create a prototype version of the app that includes the AR service that it tests out with select retail employees.
ANSWER C) The development team can create a prototype version of the app that includes the AR service that it tests out with select retail employees. -- After the AR service reaches general availability (GA), the team can roll it out to production. EXPLANATION for incorrect answers: A) The Special Orders app is already in production. The company shouldn't look into the AR service until the service reaches general availability (GA). -- Although you don't want to rely on preview services in production, are there ways that the team can begin to at least explore the service? B) The Special Orders app is mainly for use by retail employees. The company can integrate the AR service now because potential downtime or failures aren't an important factor. -- Even though the app is used primarily by retail employees, it's still critical to the business. If the app isn't available or it fails, customers will be disappointed or go to a competitor.
What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively? A) ARM templates B) Azure PowerShell C) The Azure portal D) The Azure CLI
ANSWER: A) ARM templates -- ARM templates are the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively. EXPLANATION for incorrect choices: B) Azure PowerShell -- Azure PowerShell is not a declarative way to set up your entire cloud infrastructure. C) The Azure portal -- The Azure portal is not a declarative way to set up your entire cloud infrastructure. D) The Azure CLI -- The Azure CLI is not a declarative way to set up your entire cloud infrastructure.
You want to be alerted when new recommendations to improve your cloud environment are available. Which service will do this? A) Azure Advisor B) Azure Monitor C) Azure Service Health
ANSWER: A) Azure Advisor -- Azure Advisor can alert you when new recommendations are available. EXPLANATION for wrong choices: B) Azure Monitor -- Azure Monitor offers alerts, but not for new optimization recommendations. C) Azure Service Health -- Azure Service Health offers alerts, but not for new optimization recommendations.
Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems? A) Azure DevTest Labs B) Azure Test Labs C) Azure Repos
ANSWER: A) Azure DevTest Labs -- Azure DevTest Labs is used to manage VMs for testing, including configuration, provisioning, and automatic de-provisioning. EXPLANATION for wrong choices: B) Azure Test Labs -- Azure Test Labs is used to create automated tests, but not to manage VMs to test across various environments. C) Azure Repos -- Azure Repos is a centralized, source-code management repository. It is not used to manage testing VMs.
You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose? A) Azure Functions B) Azure Logic Apps
ANSWER: A) Azure Functions -- Azure Functions is the correct choice because you can use existing Java code with minimal modification. EXPLANATION for wrong one: B) Azure Logic Apps -- Azure Logic Apps could be used to parse a message's contents, but in this case you already have Java code for this purpose.
Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds? A) Azure Functions B) Azure App Service C) Azure Container Instances
ANSWER: A) Azure Functions -- Azure Functions is used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less. EXPLANATION of wrong ones: B) Azure App Service -- App Service is the pane in Azure where you find Azure Functions. C) Azure Container Instances -- In this case, you're still running a full application that might not be designed for quick responses to events.
You need to predict future behavior based on previous actions. Which product option should you select as a candidate? A) Azure Machine Learning B) Azure Bot Service C) Azure Cognitive Services
ANSWER: A) Azure Machine Learning -- Azure Machine Learning enables you to build models to predict the likelihood of a future result. It should not be eliminated as a candidate. EXPLANATION of wrong choices: B) Azure Bot Service -- Azure Bot Service will not help with prediction. It should be eliminated as a candidate. C) Azure Cognitive Services -- The Personalizer service is part of Azure Cognitive Services and allows you to build recommendations to predict what a user might want. It should not be eliminated as a candidate.
Which of the following is a logical unit of Azure services that links to an Azure account? A) Azure subscription B) Management group C) Resource group D) Public cloud
ANSWER: A) Azure subscription -- An Azure subscription is a logical unit of Azure services that links to an Azure account. EXPLANATION of wrong answers: B) Management group -- Management groups are used to help with planning and tracking your Azure spend. C) Resource group -- Resource groups hold resources like virtual machines and storage. They work inside the Azure accounts. D) Public cloud -- A public cloud is a valid type of cloud computing.
What's the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on? A) Collect security data in Azure Sentinel. B) Build a custom tool that collects security data, and displays a report through a web application. C) Look through each security log daily and email a summary to your team.
ANSWER: A) Collect security data in Azure Sentinel. -- Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats. EXPLANATION for wrong options: B) Build a custom tool that collects security data, and displays a report through a web application. -- Although you could take this approach, is there a fully featured service on Azure that provides this functionality? C) Look through each security log daily and email a summary to your team. -- Look through each security log daily and email a summary to your team.
Which is the best way for Tailwind Traders to ensure that the team deploys only cost-effective virtual machine SKU sizes? A) Create a policy in Azure Policy that specifies the allowed SKU sizes. B) Periodically inspect the deployment manually to see which SKU sizes are used. C) Create an Azure RBAC role that defines the allowed virtual machine SKU sizes.
ANSWER: A) Create a policy in Azure Policy that specifies the allowed SKU sizes. -- After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment. EXPLANATION for bad answers: B) Periodically inspect the deployment manually to see which SKU sizes are used. -- Is there a more automated way to verify that allowed SKU sizes are used before virtual machines are deployed? C) Create an Azure RBAC role that defines the allowed virtual machine SKU sizes. -- Azure RBAC enables you to create roles that define access permissions, but it doesn't enable you to define allowed virtual machine SKU sizes.
How can Tailwind Traders allow some users to control the virtual machines in each environment but prevent them from modifying networking and other resources in the same resource group or Azure subscription? A) Create a role assignment through Azure role-based access control (Azure RBAC). B) Create a policy in Azure Policy that audits resource usage. C) Split the environment into separate resource groups.
ANSWER: A) Create a role assignment through Azure role-based access control (Azure RBAC). -- Azure RBAC enables you to create roles that define access permissions. You might create one role that limits access only to virtual machines and a second role that provides administrators with access to everything. EXPLANATION for wrong answers: B) Create a policy in Azure Policy that audits resource usage. -- Although you might be able to audit how your resources are used, is there a way to prevent users from changing resources they're not meant to access? C) Split the environment into separate resource groups. -- Resource groups are meant to contain related resources. Although you can likely split the environment into separate resource groups, this approach would likely be more complex than is needed.
Which of the following options isn't a type of cloud computing? A) Distributed cloud B) Hybrid cloud C) Private cloud D) Public cloud
ANSWER: A) Distributed cloud -- A distributed cloud isn't a valid type of cloud computing. EXPLANATION of incorrect answers: These are all real types of cloud computing: B) Hybrid cloud C) Private cloud D) Public cloud
You want to send messages from the IoT device to the cloud and vice versa. Which IoT technology can send and receive messages? A) IoT Hub B) IoT Central C) Azure Sphere
ANSWER: A) IoT Hub -- An IoT hub communicates to IoT devices by sending and receiving messages. EXPLANATION of incorrect ones: B) IoT Central -- IoT Central is not concerned with communication between devices and the cloud, though it can initiate this communication via a web-based portal. C) Azure Sphere -- Azure Sphere is not primarily concerned with communication between devices and the cloud.
Where can the team access details about the personal data Microsoft processes and how the company processes it, including for Cortana? A) Microsoft Privacy Statement B) The Azure compliance documentation C) Microsoft compliance offerings
ANSWER: A) Microsoft Privacy Statement -- The Microsoft Privacy Statement provides information that's relevant to specific services, including Cortana. EXPLANATION for wrong answers: B) The Azure compliance documentation -- The compliance documentation helps you understand legal and regulatory standards on Azure. C) Microsoft compliance offerings -- Microsoft compliance offerings help your organization comply with national, regional, and industry-specific requirements governing the collection and use of data.
How can the IT department reduce the number of times users must authenticate to access multiple applications? A) SSO B) Conditional Access C) Multifactor authentication
ANSWER: A) SSO -- SSO enables a user to remember only one ID and one password to access multiple applications. EXPLANATION for wrong ones: B) Conditional Access -- Although Conditional Access enables you to allow or deny access to resources based on identity signals, it doesn't provide access to multiple applications. C) Multifactor authentication -- Multifactor authentication provides additional security for your identities, but it doesn't provide access to multiple applications.
Which Azure compute resource can be deployed to manage a set of identical virtual machines? A) Virtual machine scale sets B) Virtual machine availability sets C) Virtual machine availability zones
ANSWER: A) Virtual machine scale sets -- Virtual machine scale sets let you deploy and manage a set of identical virtual machines. EXPLANATION of wrong ones: B) Virtual machine availability sets -- An availability set is a logical grouping of VMs within a datacenter that allows Azure to understand how your application is built to provide for redundancy and availability. C) Virtual machine availability zones -- Zones are unique physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
Your development team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario? A)Azure Cosmos DB B) Azure SQL Database C) Azure Databricks D) Azure Database for PostgreSQL
ANSWER: A)Azure Cosmos DB -- Azure Cosmos DB supports SQL, MongoDB, Cassandra, Tables, and Gremlin APIs. EXPLANATION B) Azure SQL Database -- nope C) Azure Databricks -- nope D) Azure Database for PostgreSQL -- nope
Which of the following statements is a valid statement about an Azure subscription? A) Using Azure doesn't require a subscription. B) An Azure subscription is a logical unit of Azure services.
ANSWER: B) An Azure subscription is a logical unit of Azure services. -- A subscription is a set of Azure services bundled together for tracking and billing purposes.()You can't have more than one subscription. EXPLANATION of wrong answers: A) Using Azure doesn't require a subscription. -- You'll need some type of subscription to be able to use Azure resources.
You need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate? A) Azure Machine Learning B) Azure Cognitive Services C) Azure Bot Service
ANSWER: B) Azure Cognitive Services -- Azure Cognitive Services includes Vision services that can identify the content of an image. Azure Cognitive Services is the best candidate. EXPLANATION of incorrects: A) Azure Machine Learning -- Azure Machine Learning could be used to identify the content of product images. However, creating a model to identify the content of images would be cost and time prohibitive. Azure Machine Learning is not the best candidate. C) Azure Bot Service -- Azure Bot Service can't identify the content of product images. Azure Bot Service is not the best candidate.
Your team has limited experience with writing custom code, but it sees tremendous value in automating several important business processes. Which of the following options is your team's best option? A) Azure Functions B) Azure Logic Apps
ANSWER: B) Azure Logic Apps -- Azure Logic Apps is best suited for users who are more comfortable in a visual environment that allows them to automate their business processes. Logic Apps is the best option in this scenario. EXPLANATION for wrong choice: A) Azure Functions -- Azure Functions is best suited for software developers. Functions is not the best option in this scenario.
You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario? A) Azure Functions B) Azure Logic Apps
ANSWER: B) Azure Logic Apps -- Azure Logic Apps makes it easy to create a workflow across well-known services with less effort than writing code and manually orchestrating all the steps yourself. EXPLANATION for wrong choice: A) Azure Functions -- Azure Functions could be used, but it might require more effort to research the APIs, write the code, and manually orchestrate the services. In this scenario, Functions is not the best option.
Which service is a platform that powers Application Insights, monitoring for VMs, containers, and Kubernetes? A) Azure Advisor B) Azure Monitor C) Azure Service Health
ANSWER: B) Azure Monitor -- Azure Monitor is the platform used by Application Insights. EXPLANATION for incorrects: A) Azure Advisor -- Azure Monitor is not the platform used by Application Insights, nor does it provide monitoring for VMs, containers, and Kubernetes. C) Azure Service Health -- Azure Service Health is not the platform used by Application Insights, nor does it provide monitoring for VMs, containers, and Kubernetes.
Where can the IT department find reference blueprints that it can apply directly to its Azure subscriptions? A) Online Services Terms B) Azure compliance documentation C) Microsoft Privacy Statement
ANSWER: B) Azure compliance documentation -- The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription. EXPLANATION for wrong choices: A) Online Services Terms -- The Online Services Terms is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data. C) Microsoft Privacy Statement -- The Microsoft Privacy Statement provides details about the personal data Microsoft processes and how the company processes it.
How can the IT department ensure that employees at the company's retail stores can access company applications only from approved tablet devices? A) SSO B) Conditional Access C) Multifactor authentication
ANSWER: B) Conditional Access -- Conditional Access enables you to require users to access your applications only from approved, or managed, devices. EXPLANATION for the wrong options: A) SSO -- Although SSO enables a user to remember only one ID and one password to access multiple applications, it doesn't verify the device that's trying to access each application. C) Multifactor authentication -- Multifactor authentication provides additional security for your identities, but it doesn't verify the device that's trying to access the resource or application.
How can Tailwind Traders most easily implement a deny by default policy so that VMs can't connect to each other? A) Allocate each VM on its own virtual network. B) Create a network security group rule that prevents access from another VM on the same network. C) Configure Azure DDoS Protection to limit network access within the virtual network.
ANSWER: B) Create a network security group rule that prevents access from another VM on the same network. -- A network security group rule enables you to filter traffic to and from resources by source and destination IP address, port, and protocol. EXPLANATION for wrong choices: A) Allocate each VM on its own virtual network. -- Although you can isolate each VM by placing it on a separate virtual network, is there an easier way that allows all VMs to safely exist on the same virtual network? C) Configure Azure DDoS Protection to limit network access within the virtual network. -- DDoS Protection helps protect your Azure resources from DDoS attacks, but it doesn't specify connection rules within a virtual network.
What is the first step that you would take in order to share an image file as a blob in Azure Storage? A) Create an Azure Storage container to store the image. B) Create an Azure Storage account. C) Upload the image file and create a container. D) Use a Shared Access Signature (SAS) token to restrict access to the image.
ANSWER: B) Create an Azure Storage account. -- You must create an Azure Storage account before you can use any Azure Storage features. EXPLANATION of wrong ones: A) Create an Azure Storage container to store the image. -- You must create an Azure Storage account before you can use any Azure Storage features. C) Upload the image file and create a container. -- You must create an Azure Storage account before you can use any Azure Storage features. D) Use a Shared Access Signature (SAS) token to restrict access to the image. -- You must create an Azure Storage account before you can use any Azure Storage features.
How can Tailwind Traders enforce having only certain applications run on its VMs? A) Connect your VMs to Azure Sentinel. B) Create an application control rule in Azure Security Center. C) Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn't be running.
ANSWER: B) Create an application control rule in Azure Security Center. -- With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs. EXPLANATION for incorrects: A) Connect your VMs to Azure Sentinel. -- Azure Sentinel enables you to aggregate security data from many different sources to provide additional capabilities for threat detection and responding to threats. C) Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn't be running. -- Although you could follow this approach, it's tedious, time-consuming, and prone to errors. Is there a more automated approach that the company can take?
What's the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts? A) Configure Azure DDoS Protection to limit network access to trusted ports and hosts. B) Create application rules in Azure Firewall. C) Ensure that all running applications communicate with only trusted ports and hosts.
ANSWER: B) Create application rules in Azure Firewall. -- Azure Firewall enables you to limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDNs). EXPLANATION for wrong choices: A) Configure Azure DDoS Protection to limit network access to trusted ports and hosts. -- DDoS Protection helps protect your Azure resources from DDoS attacks, but it doesn't act as a general-purpose firewall. C) Ensure that all running applications communicate with only trusted ports and hosts. -- Is there a way to more easily configure network access without software modifications?
Tailwind Traders wants to create a secure communication tunnel between its branch offices. Which of the following technologies can't be used? A) Point-to-site virtual private network B) Implicit FTP over SSL C) Azure ExpressRoute D) Site-to-site virtual private network
ANSWER: B) Implicit FTP over SSL -- FTP over SSL can't be used to create a secure communication tunnel. EXPLANATION of wrong ones: A) Point-to-site virtual private network -- A point-to-site virtual private network can be used to create a secure communication tunnel between locations. C) Azure ExpressRoute -- Azure ExpressRoute can be used to create a secure communication tunnel between locations. D) Site-to-site virtual private network -- A site-to-site virtual private network can be used to create a secure communication tunnel between locations.
A company wants to quickly manage its individual IoT devices by using a web-based user interface. Which IoT technology should it choose? A) IoT Hub B) IoT Central C) Azure Sphere
ANSWER: B) IoT Central -- IoT Central quickly creates a web-based management portal to enable reporting and communication with IoT devices. EXPLANATION of wrong choices: A) IoT Hub -- An IoT hub does not provide a graphical user interface for device management. C) Azure Sphere -- Azure Sphere does not provide a graphical user interface for device management.
Which of the following can be used to manage governance across multiple Azure subscriptions? A) Azure initiatives B) Management groups C) Resource groups
ANSWER: B) Management groups -- Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group. EXPLANATION of wrong answers: A) Azure initiatives -- These are part of policies, not subscriptions. C) Resource groups -- Resource groups hold resources like virtual machines and storage. They're not part of subscription governance.
Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn't an ExpressRoute model that Tailwind Traders can use? A) Any-to-any connection B) Site-to-site virtual private network C) Point-to-point Ethernet connection D) CloudExchange colocation
ANSWER: B) Site-to-site virtual private network -- A site-to-site virtual private network isn't an ExpressRoute model. EXPLANATION of wrong ones: A) Any-to-any connection -- Any-to-any connection is an ExpressRoute model. C) Point-to-point Ethernet connection -- Point-to-point Ethernet connection is an ExpressRoute model. D) CloudExchange colocation -- CloudExchange colocation is an ExpressRoute model.
Where can the legal team access information around how the Microsoft cloud helps them secure sensitive data and comply with applicable laws and regulations? A) Microsoft Privacy Statement B) Trust Center C) Online Services Terms
ANSWER: B) Trust Center -- The Trust Center is a great resource for people in your organization who might play a role in security, privacy, and compliance. EXPLANATION for incorrect answers: A) Microsoft Privacy Statement -- The Microsoft Privacy Statement provides details about the personal data Microsoft processes and how the company processes it. C) Online Services Terms -- The Online Services Terms is a legal agreement between Microsoft and the customer that details the obligations by both parties with respect to the processing and security of customer data and personal data.
Your company has a team of remote workers that need to use Windows-based software to develop your company's applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario? A) Azure App Service B) Windows Virtual Desktop C) Azure Container Instances
ANSWER: B) Windows Virtual Desktop -- Windows Virtual Desktop enables your team members to run Windows in the cloud, with access to the required applications for your company's needs. EXPLANATION of incorrect ones: A) Azure App Service -- App Service is a service for hosting web apps in the cloud. C) Azure Container Instances -- Azure Container Instances is used for hosting containerized apps in the cloud.
Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to? A) Track resource usage in a spreadsheet. B) Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. C) Apply a tag to each resource that includes the associated billing department.
ANSWER: C) Apply a tag to each resource that includes the associated billing department. -- Tags provide extra information, or metadata, about your resources. The team might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned. EXPLANATION for incorrect answers: A) Track resource usage in a spreadsheet. -- This form of tracking is manual and prone to errors. Is there a more automated way to track resource usage? B) Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. -- Although you can use subscriptions to separate billing by department, is there another method that allows all resources to stay within the same subscription?
Which Azure Storage option is better for storing data for backup and restore, disaster recovery, and archiving? A) Azure Files Storage B) Azure Disk Storage C) Azure Blob Storage
ANSWER: C) Azure Blob Storage -- Azure Blob Storage is your best option for storing disaster recovery files and archives. EXPLANATION of incorrect options: A) Azure Files Storage -- Azure Blob Storage is your best option for storing disaster recovery files and archives. B) Azure Disk Storage -- Azure Blob Storage is your best option for storing disaster recovery files and archives.
Which of the following choices would not be used to automate a CI/CD process? A) Azure Pipelines B) GitHub Actions C) Azure Boards
ANSWER: C) Azure Boards -- Azure Boards is an agile project-management tool. It would not be used to automate a CI/CD process. EXPLANATION for incorrect choices: A) Azure Pipelines -- Azure Pipelines can be used to automate a CI/CD process. B) GitHub Actions -- GitHub Actions can be used to automate a CI/CD process.
You need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate? A) Azure Machine Learning B) Azure Cognitive Services C) Azure Bot Service
ANSWER: C) Azure Bot Service -- Azure Bot Service creates virtual agent solutions that utilize natural language. It should not be eliminated as a candidate. EXPLANATION of wrong ones: A) Azure Machine Learning -- Although Azure Machine Learning could be used to create a natural language model, it would likely be cost and time prohibitive. It should be eliminated as a candidate. B) Azure Cognitive Services -- Azure Cognitive Services provides natural language services. It should be eliminated as a candidate.
An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack? A) Azure Firewall B) Network security groups C) Azure DDoS Protection
ANSWER: C) Azure DDoS Protection -- DDoS Protection helps protect your Azure resources from DDoS attacks. A DDoS attack attempts to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. EXPLANATION for wrong answers: A) Azure Firewall -- Azure Firewall enables you to create network rules that define source address, protocol, destination port, and destination address. It doesn't specifically help against DDoS attacks. B) Network security groups -- Network security groups enable you to filter network traffic to and from Azure resources within a virtual network. They don't specifically help against DDoS attacks.
Which service lacks features to assign individual developers tasks to work on? A) Azure Boards B) GitHub C) Azure Pipelines
ANSWER: C) Azure Pipelines -- Azure Pipelines is a CI/CD tool for building an automated toolchain. It lacks features to assign tasks for individual developers to work on. However, it can automate other tools to assign tasks to users. EXPLANATION for incorrect ones: A) Azure Boards -- Azure Boards has sophisticated project-management features that allow you to assign tasks to a user. B) GitHub -- GitHub has lightweight project-management features that allow you to assign tasks to a user.
Which service provides official outage root cause analyses (RCAs) for Azure incidents? A) Azure Advisor B) Azure Monitor C) Azure Service Health
ANSWER: C) Azure Service Health -- Azure Service Health provides incident history and RCAs to share with your stakeholders. EXPLANATION for incorrects: A) Azure Advisor -- Azure Advisor does not supply RCAs. B) Azure Monitor -- Azure Monitor does not supply RCAs.
A company wants to build a new voting kiosk for sales to governments around the world. Which IoT technologies should the company choose to ensure the highest degree of security? A) IoT Hub B) IoT Central C) Azure Sphere
ANSWER: C) Azure Sphere -- Azure Sphere provides the highest degree of security to ensure the device has not been tampered with. EXPLANATION of the wrong choices: A) IoT Hub -- IoT Hub will not ensure the security of the IoT device. B) IoT Central -- IoT Central will not ensure the security of the IoT device.
Which of the following options isn't a benefit of ExpressRoute? A) Redundant connectivity B) Consistent network throughput C) Encrypted network communication D) Access to Microsoft cloud services
ANSWER: C) Encrypted network communication -- ExpressRoute does provide private connectivity, but it isn't encrypted. EXPLANATION of wrong ones: A) Redundant connectivity -- This option is a benefit of choosing to connect your network to Microsoft by using ExpressRoute. B) Consistent network throughput -- This option is a benefit of choosing to connect your network to Microsoft by using ExpressRoute. D) Access to Microsoft cloud services -- This option is a benefit of choosing to connect your network to Microsoft by using ExpressRoute.
How can the IT department use biometric properties, such as facial recognition, to enable delivery drivers to prove their identities? A) SSO B) Conditional Access C) Multifactor authentication
ANSWER: C) Multifactor authentication -- Authenticating through multifactor authentication can include something the user knows, something the user has, and something the user is. EXPLANATION for wrong answers: A) SSO -- Although SSO enables a user to remember only one ID and one password to access multiple applications, it doesn't use biometric properties to verify the user's identity. B) Conditional Access -- Although Conditional Access enables you to allow or deny access to resources based on identity signals, it doesn't use biometric properties to verify the user's identity.
How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers? A) Configure the network to ensure that VMs on the same physical host are isolated. B) This is not possible. These workloads need to be run on-premises. C) Run the VMs on Azure Dedicated Host.
ANSWER: C) Run the VMs on Azure Dedicated Host. -- Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux. EXPLANATION for wrong answers: A) Configure the network to ensure that VMs on the same physical host are isolated. -- On Azure, it's not necessary to configure the network to isolate VMs on the same physical host. Doing so also might not satisfy regulatory requirements. B) This is not possible. These workloads need to be run on-premises. -- Is there an Azure service that provides dedicated physical servers to host your VMs for Windows and Linux?
Which is the best way for Tailwind Traders to safely store its certificates so that they're accessible to cloud VMs? A) Place the certificates on a network share. B) Store them on a VM that's protected by a password. C) Store the certificates in Azure Key Vault.
ANSWER: C) Store the certificates in Azure Key Vault. -- Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs). EXPLANATION for wrong answers: A) Place the certificates on a network share. -- Although you could place your certificates on a network share, is there a service that can handle secure access and enrollment for you? B) Store them on a VM that's protected by a password. -- Although you could do this, it's less secure. Plus, you'd then need a way to safely manage your password. Is there a service that can handle secure access and enrollment for you?
You're a developer who needs to set up your first VM to host a process that runs nightly. Which of the following tools is your best choice? A) ARM templates B) Azure PowerShell C) The Azure portal D) The Azure CLI
ANSWER: C) The Azure portal -- The Azure portal is a great place for newcomers to learn about Azure and set up their first resources. EXPLANATION for incorrect choices: A) ARM templates -- ARM templates could be used to set up a VM, but they're probably not the best choice for a first-time user. B) Azure PowerShell -- Azure PowerShell could be used to set up a VM, but it's probably not the best choice for a first-time user. D) The Azure CLI -- The Azure CLI could be used to set up a VM, but it's probably not the best choice for a first-time user.
Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis? A) Azure Cosmos DB B) Azure SQL Database C) Azure Database for PostgreSQL D) Azure Synapse Analytics
ANSWER: D) Azure Synapse Analytics -- Azure Synapse Analytics is the logical choice for analyzing large volumes of data. EXPLANATION A) Azure Cosmos DB -- nope B) Azure SQL Database -- nope C) Azure Database for PostgreSQL -- nope
Which of the following choices isn't a benefit of using cloud services? A) Scalability B) Disaster recovery C) High availability D) Geographic isolation
ANSWER: D) Geographic isolation -- You can choose to create resources in a single region; however, one of the primary advantages to cloud computing is geographic distribution. EXPLANATION of wrong ones: These are the benefits of using cloud services: A) Scalability -- Cloud computing allows your resources to be scaled both vertically and horizontally. B) Disaster recovery -- Cloud computing provides a wealth of different technologies that enable disaster recovery. C) High availability -- One of the primary advantages to cloud computing is that it enables your applications to provide a continuous user experience with no apparent downtime, even when things go wrong.
As an administrator, you need to retrieve the IP address from a particular VM by using Bash. Which of the following tools should you use? A) ARM templates B) Azure PowerShell C) The Azure portal D) The Azure CLI
ANSWER: D) The Azure CLI -- The Azure CLI enables you to use Bash to run one-off tasks on Azure. EXPLANATION for wrong answers: A) ARM templates -- ARM templates do not enable you to use Bash to run one-off tasks on Azure. B) Azure PowerShell -- Azure PowerShell does not enable you to use Bash to run one-off tasks on Azure. C) The Azure portal -- The Azure portal does not enable you to use Bash to run one-off tasks on Azure.
Which of the following options can you use to link virtual networks? A) Network address translation B) Multi-chassis link aggregation C) Dynamic Host Configuration Protocol D) Virtual network peering
ANSWER: D) Virtual network peering -- Virtual network peering can be used to link virtual networks. EXPLANATION of wrong ones: A) Network address translation -- Network address translation can't be used to link virtual networks. B) Multi-chassis link aggregation -- Multi-chassis link aggregation can't be used to link virtual networks. C) Dynamic Host Configuration Protocol -- The Dynamic Host Configuration Protocol can't be used to link virtual networks.
TRUE or FALSE: With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.
FALSE EXPLANATION With Capital Expenses (CapEx), you are not only responsible for the computing resources that you use, but are also responsible the purchase and maintenance your computing resources.