Azure Fundamentals - MeasureUp Practice Questions
What do you use under Azure Monitoring when you want you and your team members to receive a text message when Azure maintenance is planned?
Health alerts - It allows you to configure notifications that affect you.
Which two options can you use to connect Azure Virtual Networks (VNets) to each other? A) VPN gateways B) VNet peering C) Azure Traffic Manager D) Azure Front Door E) Azure ExpressRoute
You should use VNet peering or VPN gateways to connect Azure Virtual Networks (VNets) to each other. With VNet peering you can seamlessly connect two or more VNets in Azure, routing the traffic directly through the Microsoft backbone infrastructure. Alternatively, you can deploy VPN gateways in each VNet to connect them to each other over the public internet. None of the other options (Azure Traffic Manager, Azure Front Door, or Azure ExpressRoute) can be used to connect Azure Virtual Networks (VNets) to each other.
You are given approval to move your company's web application to Azure as an App Service. However, your manager wants to know the annual cost for such a move. You decide to use the Azure Pricing Calculator to estimate the cost. You need to determine which factors still affect the cost. Which five factors affect the cost of an App Service? 1. Instance type 2. Number of Webjobs 3. Tier 4. Type of application framework 5. Number of instances 6. Operating system 7. Region
1. Instance type 2. Number of instances 3. Operating system 4. Region 5. Tier
You are planning to create a cloud solution in azure. You need to choose the appropriate networking resources to deploy for certain scenarios. Which resources should you deploy for the scenarios below? 1. You want to allow inbound traffic to an azure virtual machine (VM) from only specific IP addresses. 2. You want to prevent a malicious flood of HTTP traffic to a VM that hosts Internet Information Services (IIS). 3. You want to create a rule that restricts network traffic across subscriptions.
1. Network Security Group (NSG) - NSG's are used to allow inbound traffic to an Azure VM from only specific IP addresses. It allows or denies the inbound traffic to an Azure resource. 2. Distributed Denial-of-Service (DDoS) Protection - Use DDoS Protection to prevent a malicious flood of HTTP traffic to a VM that hosts IIS. DDoS Protection helps prevent volumetric attacks, protocol attacks, and application layer attacks. 3. Azure Firewall - Use Azure Firewall when you want to create a rule that restricts network traffic across subscriptions. It has built-in high availability. Rules are enforced and logged across subscriptions, which reduces management overhead.
For each of the following statements, select yes if the statement correctly describes the use of Azure Policy initiatives. Otherwise, select no. 1. An initiative is limited to being assigned to resource groups or subscriptions only. 2. When an initiative assignment is evaluated, all of the policies in that initiative are evaluated. 3. An initiative can only contain policies thatare located in the same subscription.
1. No 2. Yes 3. Yes
For each of the following management tools, select yes, if you can use the tool to manage Linux VMs in Cloud Shell. 1. Azure Command Line Interface (CLI) 2. Azure PowerShell 3. Azure portal
1. Yes 2. Yes 3. No - You can access cloud shell through the Azure portal, but you can't use the Azure portal inside Cloud Shell
What is the maximum length of time you can use the credits from an Azure free subscription before it expires?
30 days - The subscription includes a $200 credit that can be used any time within the first 30 days. Any credit left over after 30 days does not carry over.
What is a dashboard?
A collection of customizable tiles that are displayed in the Azure portal.
What is a blade?
A panel that slides out in a navigation sequence. Each blade either provides information or configuration options in the Azure portal.
What is Azure Advisor?
A service that provides recommendations on high availability in the Azure portal. it also provides recommendations on cost, security, and performance. It analyzes the services you deploy and tries to find ways to improve the usage of those services.
Define agility:
Speed and flexibility in allocation and dealocation of required resources.
You need to bring azure storage into your virtual network with a dedicated IP address. Which solution should you choose? A) Create a private connection with Azure express route B) Peer your Azure virtual network (VNet) with an Azure Storage VNet. C) Create a private endpoint with Azure Private Link. D) create a site-to-site VPN with Azure VPN Gateway.
C) Create a private endpoint with Azure Private link. - A is private endpoint a network interface that connects you privately and securely to a service powered by azure private link. Private endpoints use a private IP address from your VNet, and they communicate with the service over a secure connection. Traffic from a private endpoint to the service traverses over the MSFT backbone network, eliminating exposure from the public internet.
You need to compare the costs of running an application in Azure versus on-premises. What should you do to ensure that you can use the Azure TCO calculator to complete this task?
Define the server, database, storage, and networking workload.
Your company suffers a catastrophic web outage due to a misconfigured driver on database server. You need to find a cloud solution that allows the highly customized web application to run without requiring management of operating system settings or services. However, the company's web developers must be able to maintain customizations. What should you do to meet these requirements?
Deploy the web app functionality using platform as a service (PaaS).
Azure Pricing Calculator is a tool that allows you to?
Estimate the cost of a cloud solution. You can add various resources to the calculator, you can chose the region of the resources, and the number of instances of a resource to help estimate the cost.
What is read-access GRS (RA-GRS)?
It allows replicated data to be simultaneously accessed in two regions. It's a service that creates geo-redundant replicas of your data in two separate Azure regions, so that your data is always available, even in the event of a regional outage. Unlike, GRS, RA-GRS is a storage redundancy type that provides read access from both locations simultaneously.
Your company uses management groups to manage resources in your Azure tenant more efficiently. User1 should be able to assign access and assign policies to management groups. You need to determine which role-based access control (RBAC) role User1 should b added to. Your solution should follow the principle of least privileged. Which role should you and the user to? A) user access administrator B) management group contributor C) contributor D) owner
User access administrator - This role grants permission to assign access and assign policies only.
Match each Azure resource to each scenario?: - Azure App Service - Azure Functions - Azure Virtual Machines (VMs) - Azure Traffic Manager Scenarios: 1. Migrate a workload from an on-premises Hyper-V host to Azure, still retaining full control over the operating system. 2. Deploy a web application using platform as a service (PaaS) for scalability and security. 3. Build an event driven solution and pay only for the time spent running your code.
1. Azure Virtual Machines (VM) - Azure VM is an infrastructure-as-a-service (IaaS) offering that provides flexibility of virtualization with full control over the computing environment, without the need to buy and maintain physical hardware. 2. Azure App Service - Using Azure App Service allows you to focus on building your web solution, while Azure handles the management of the underlying infrastructure. 3. Azure Functions - Azure Functions is a serverless platform where execution of your code is triggered by a specific type of event. It uses a pay-per-use pricing model, so you are charged only for the time you run your code.
Your company creates general-purpose V2 storage accounts. You must match each azure storage blob access tier your account utilizes with its associated feature/description. Storage Blob Access Tiers: - Hot - Cool - Archive Features: 1. Incurs penalties for data deleted within 30 days. 2. Is not available at the account level. 3. Incurs the highest rehydration cost.
1. Cool - It's designed to hold data that only requires infrequent access. Any data that is placed in the Cool tier must be stored for at least 30 days, and if you move or delete it before the 30 days is up, then you will incur penalties. 2. Achieve - it holds data that rarely requires access. it is not available at the account level, and it is configured within the blob itself. It has the highest access latencies, and the process of rehydrating the data incurs the highest costs. 3. Archive Azure Storage offers 3 pricing and availability tiers for blob storage. These tiers facilitate cost-effective storage based on how frequently data needs to be accessed. Hot Tier - Offers the highest performance and lowest access latencies, but it is the most expensive. it is intended to hold data that is accessed frequently.
Your Azure tenant includes several internet-facing web servers. The web servers rely on data stored on Azure SQL Database servers. The web servers are located in different virtual network (Net) subnets. The database servers have their endpoint exposed to the subnets. You need to implement detailed controls over the types of connections supported between the web servers and database servers. You want to minimize the effort necessary to implement and maintain your solution. Which two technologies should you include in your solution? Each correct answer presents part of the solution. 1. Azure Traffic Manager 2. Network Security Groups (NSGs) 3. User Defined Routes (UDRs) 4. Application Security Groups (ASGs) 5. Azure Firewall
1. Network Security Groups (NSGs) - NSGs are specialized packet-filtering firewalls that let you define security rules to control Traffic into and out of a VNet, between subnets, or per VM. You can apply network security groups (NSGs) to application security groups (ASGs) to limit their filtering to servers in those application security groups (ASGs). 2. Application Security Groups (ASGs) - ASGs provide the possibility to group network interfaces of virtual machines (VMs) per service tier and give each service tier human readable labels. User Defined Roles are custom routing tables that are used to override and supplement the default routing tables in VNets. Azure Traffic Manager - This is a DNS-based load balancer that lets you distribute traffic across global Azure regions. It does not provide the ability to filter traffic by connection.
For each of the following statements regarding security benefits offered by Azure cloud, select yes if the statement is true. Otherwise, select no. A) Azure Active Directory (Azure AD) is used to manage API cryptographic keys. B) Azure Storage encryption is enabled by default. C) Azure ExpressRoute is used to secure traffic between virtual networks.
1. No - Azure AD combines core directory services and helps you manage users, groups, and access to applications in your Azure subscription. The correct answer to this question would be Azure Key Vault. 2. Yes 3. No - Azure ExpressRoute is a private network connection between you organization and Microsoft cloud services. You can establish connections to Azure services from your datacenter, office, or on-premises environment.
For each of the following statements regarding factors that affect cost in Azure, select yes if the statement is true. Otherwise select no. 1. Azure Advisor makes shutdown recommendations based on CPU and memory utilization over the last seven days. 2. You can use azure advisor to reduce costs by resizing underutilized virtual machines. 3. Tags can aid in cost management for your subscriptions, and each tag consists of a name, location, and a value.
1. No - Azure Advisor makes shutdown recommendations based on CPU and outbound network utilization, not memory utilization. 2. Yes 3. No - Tags aid in cost management for your subscriptions, and each tag consists of a name and a value pair, but not a location.
Identify the features of Azure Cloud Shell. For each of the following statements, select yes if the statement is true. Otherwise, select no. 1. When running Azure PowerShell with Cloud Shell, both Linux-specific and Windows- specific functionality is available. 2. Cloud Shell times out after 20 minutes of inactivity. 3. Cloud Shell provides a way to run Azure Command-Line Interface (CLI) and Azure PowerShell on iOS and Android mobile devices.
1. No - Only Linux-specific functionality is available. This is because Cloud Shell runs PowerShell 7 on a Linux container. 2. Yes 3. Yes
For each of the following statements about infrastructure as a service (IaaS) on Azure, select yes if the statement is true. Otherwise, select no. 1. Azure IaaS provides and manages container orchestrators. 2. Resources can be allocated on a pay-as-you-go basis, whenever needed. 3. You are responsible for managing applications and middleware while Azure manages operating systems.
1. No - PaaS does this, not IaaS. 2 Yes 3. No - You are responsible for managing the applications, middleware, and operating systems.
You work for a small college, and the college has no more than 250 active students. You consider moving the college's infrastructure to the cloud. Which subscriptions should you use for the different scenarios below? (Enterprise, Free, Pay-as-you-go, or Student) Scenarios: 1. You want to evaluate Azure Virtual Machines (VMs) for 18 months. 2. You want to purchase Azure Virtual Machines (VMs) and software licenses under one agreement. 3. You want to evaluate Azure App Services for six months.
1. Pay-as-You-Go - Use this type of subscription because it charges you monthly for Azure resources. 2. Enterprise - Use an enterprise subscription when you want to purchase azure VMs and software licenses under one agreement. This helps you save money. 3. Free - Use a free subscription when you want to evaluate Azure App Services for six months. This includes a $200 credit to be used on any service across 30 days. it also provides free access to Azure services for 1 year.
A company subscribes to Azure as a platform for developing and deploying Web apps. The company wants to keep initial expenses to a minimum. The company cannot use the free edition as it does not support many features required, so the company decides to go with Azure AD Premium subscription. You need to determine the features available to the company with Azure AD Premium P1 edition. Which two features are supported by Azure (AD) Premium P1 edition? Each correct answer presents a complete solution. 1. Identity protection 2. Role-based access control (RBAC) 3. Conditional access 4. Privileged identity management (PIM), just-in-time access 5. Self-service entitlement management
1. RBAC 2. Conditional access Identity protection, Self-service entitlement management, and PIM are included in the Azure AD P2 license. Azure AD comes in four license editions: Free, O365, Premium P1, and Premium P2.
You are interviewing for a job as an entry level Azure administrator. You need to describe Azure regions. Which two descriptions of regions are accurate? 1. Regions contain one or more data centers 2. Regions represent physical data centers 3. Regions can span across countries 4. Regions specify the location of resources.
1. Regions contain one or more data centers. - Regions contain one or more data centers, and they represent an area within a geographical area, such as East US or West US. 2. Regions specify the location of resources. - Although you can't specify the exact data center for a deployed resource, you can choose its region. Azure then determines the physical data center where the resource is provisioned Regions cannot span countries, and they do not represent physical data centers.
Match each azure resource with each scenario. Azure Resources: - Azure SQL database - Azure database for PostgreSQL - Azure SQL managed instance - SQL server on Azure VMs Scenarios: 1. Fast migration of SQL server from on-premises to Azure with retention of operating system access. 2. Cost-effective, serverless database with an intermittent usage pattern and a low compute utilization over time. 3. Lift-and-shift of on-premises SQL Server with minimal changes to an Azure Platform-as-a-Service (PaaS) solution.
1. SQL Server on Azure VMs - Use this for a fast migration of SQL server from on-premises to Azure and have operating system access. 2. Azure SQL Database - This is used as a cost-effective, serverless database with an intermittent usage pattern and low compute utilization overtime. it is optimized for scenarios with intermittent or unpredictable usage patterns. It automatically pauses the database during periods of inactivity, and resumes it when activity returns. 3. Azure SQL Managed Instance - This is best used for the lift-and-shift on an on-premises SQL server with minimal changes to an Azure PaaS solution. It enables frictionless migration to Azure with minimal application and database changes. It is also a PaaS offering, and eliminates overhead for the management of the underlying infrastructure.
Match each Azure Cloud Framework (ACF) methodology with its description. Methodology: 1. Innovate 2. Plan 3. Ready 4. Strategy Descriptions: 1. Define the business justification and the expected outcomes of adoption. 2. Align actionable adoption plans with business outcomes. 3. Prepare the cloud environment for the planned changes. 4. Develop new cloud-native hybrid solutions.
1. Strategy 2. Plan 3. Ready 4. Innovate
For each of the following statements about azure dedicated hosts, select yes it the statement is true. Otherwise, select no. 1. A provided physical server is dedicated to your organizations workload only. 2. You can share a provided physical server across your multiple azure subscriptions. 3. You are charged per number of virtual machines (VMs) deployed.
1. Yes 2. No -You can't share provided physical servers Across your multiple Azure subscriptions. The underlying physical hosts are a single tenant and are therefore only dedicated to one Azure subscription. 3. No - Azure Dedicated Hosts are charged per dedicated host, regardless of how many VMs you run on the host. Azure Dedicated Hosts are isolated physical servers where you can run your organization's workload only. They are not shared with other Azure customers.
For each of the following statements about Azure subscriptions, select Yes if the statement is true. Otherwise, select no. 1. You can transfer an existing subscription to a new Azure Active Directory (AD) tenant. 2. Quotas for resources in Azure Resource Groups are per region and per subscription. 3. A user can only be given access to one subscription.
1. Yes 2. Yes 3. No - A user can be given access to multiple subscriptions and access resources in those subscriptions. However, a resource can only belong to one subscription.
For each of the following statements regarding Azure virtual network peering, select yes is the statement is true. Otherwise, select no. 1. Virtual network peering can be used to connect virtual networks across Azure regions. 2. Virtual network peering can be used to transfer data between Azure Active Directory (Azure AD) tenants. 3. Configuring peering requires a short downtime for the peered virtual networks.
1. Yes 2. Yes 3. No - It does not require any downtime, and resources can continue to support inbound and outbound connections for the duration of the peering process.
For each of the following statements of Azure Virtual Desktop (AVD), select yes if the statement is true. Otherwise, select no. 1. AVD supports Remote Desktop clients on macOS and iOS. 2. You are charged for the use of AVD on a monthly basis accordingly by active users. 3. AVD users should exist in the same Windows Server Active Directory (AD) that is linked to Azure AD.
1. Yes - AVD supports these platforms along with: Windows Desktop, Web, Android, and Microsoft Store Client. 2. No - You are not charged on a monthly basis accordingly by active users. AVD is a service that doesn't require any additional licenses, but rather, you can use it with your existing M365 license or Windows per user license. You are charged for the virtual machines where AVD runs. 3. Yes - AVD should exist in the same Windows Server AD that is linked to Azure AD. AVD does not support the use of MSFT accounts or Azure AD B2B when users are sourced from a separate Azure AD tenant.
For each of the following statements about Azure Netwoking, select yes if the statement is true. Otherwise, select no. 1. ExpressRoute traffic is routed through a private connection. 2. Traffic between peered virtual networks (VNets) is routed over the public internet. 3. A VNet is created within the scope of a region.
1. Yes - ExpressRoute traffic is routed over a private connection. It's enabled through a connectivity provider at a co-location facility that lets you link your on-premises networks to MSFT cloud services, such as MSFT Azure and M365. 2. No - Traffic between peered virtual networks is routed through the MSFT backbone infrastructure without the involvement of the public internet. 3. Yes - A VNet is created within the scope of a region, and it is a regional resource. However, VNets from different regions can still b connected to eachother via Global VNet peering using internal MSFT connectivity in Azure or via VPN gateways using the public internet.
For each of the following statements about Azure spot pricing, select yes if the statement is true. Otherwise, select no. 1. Spot pricing provides access to discounted Azure compute resources. 2. Spot virtual machines (VMs) use the standard SLA for Azure VMs. 3. You can set the maximum price that you agree to pay.
1. Yes - It provides deep discounts when unused azure capacity is available. 2. No - There are no SLAs for spot VMs because azure allocates spot VMs only if there is unused capacity available. If Azure needs the capacity back, then spot VMs can be evicted with a 30 second notice. 3. Yes
You need to identify features of resource groups. For each of the following statements, select yes if the statement is true. Otherwise, select no. 1. Locking a rests resource group as read-only restricts all resources within the resource group, and users cannot modify or delete a resource. 2. A resource group can contain resources from the same region as the resource group only. 3. You can add a resource or remove a resource from a resource group as long as the resource group is not locked. 4. Resources can interact with other resources in a different resource group.
1. Yes - Locking a resource group as read-only restricts all resources within the resource group, and users can't modify or delete a resource. You can apply locks to a resource group or a subscription to prevent deletion or make contained resources read-only. You can also apply locks directly to a resource. 2. No - A resource group can contain resources from any region, not just the region in which the resource group is located. 3. Yes - You can add a resource to or remove a resource from a resource group, except when the resource group is locked. You can also move resources between resource groups. A resource can live in only one resource group at a time. Deleting a resource group will delete all resources contained in that group. 4. Yes - Resources can interact with other resources in a different resource group. The resource group creates a logical resource grouping primarily for management purposes and does not impact access between resources.
Your company is reorganizing after acquiring a new company. Both your company and the new company have their own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of a subscription from an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. For each of the following statements, select yes if the statement is true. Otherwise, select no. 1. All users and groups with roll-based access to manage their subscription lose their access. 2. System-assigned managed identities are re-enabled automatically. 3. Moving a subscription that owns an Azure Kubernetes Service (AKS) cluster causes the cluster to lose functionality.
1. Yes - RBAC assignments do not carryover when you associate the new subscription with a new tenant. Classic subscription administrators such as Service Administrators or Co-administrators also lose access. 2. No - System-assigned managed identifies are not re-enabled automatically and must be re-enabled after the transfer. Any user-assigned managed identities must be recreated. 3. Yes - Moving it causes the cluster to lose functionality. This is due to lost service principle rights and lost role assignments.
For each of the following statements regarding Azure Files, select yes if the statement is true. Otherwise, select no. 1. Azure Files can be accessed using the server message block (SMB) protocol. 2. Azure Files can be accessed using the network file system (NFS) protocol. 3. A shared access signature (SAS) is required to access Azure Files.
1. Yes - SMB protocol is a file sharing protocol used on Windows operating systems. Using SMB with Azure Files allows for Windows and other SMB-capable clients to access shared files located in the cloud. 2. Yes - The Network File System (NFS) is just like the SMB one, except it is for Linux and UNIX-based systems rather than Windows. 3. No - A Shared Access Signature (SAS) is a unique identifier that you can use to authorize access to your Azure resources. It includes all of the information required to authenticate and access resources, including: the resource Uniform Resource Identifier (URI), permissions, and expiry. You can create a SAS manually or via a program. Azure Files is a cloud file storage service from MSFT Azure that operates like a traditional file server.
You are considering moving some of your applications to azure as container instances. However, your manager wants you to explain to them about containers and their benefits first. Which four descriptions of containers are accurate? 1. A container requires you to configure the host virtual machine. 2. A container can be accessed over the internet by IP address or domain name. 3. A container can run on Windows or Linux. 4. A container can scale out as needed. 5. A container requires you to manually install dependencies. 6. A container represents a single app and it's dependencies.
2. A container can be accessed over the internet by IP address or domain name. 3. A container can run on Windows or Linux. 4. A container can scale out as needed. - You do not need to use custom scaling rules as you do with App Services. 6. A container represents a single app and its dependencies. - This allows you to package, deploy, and manage the container as a unit.
Which two organization-level insights can you derive from the regulatory compliance dashboard of Microsoft Defender for Cloud? 1. Mitigation steps for reported threats 2. Number of passing and failing attempts 3. Security alerts ranked by severity 4. Overall secure score 5. Overall compliance score
2. Number of passing and failing attempts 5. Overall compliance score - This provides insight into the organization's compliance posture against a supported set of standards and policies.
You deploy three virtual machines (VMs) to Azure as a three-tiered architecture. One VM hosts a front-end web application, one VM hosts a business application programming interface (API), and the other VM hosts a Microsoft SQL Server database. Only the front-end web application should be publicly accessible, and it should be accessible over HTTP over port 80. All three VMs must be accessible over RDP on port 222. Only your account should be able to use RDP to access the VMs. You need to determine how Network Security Groups (NSGs) can be used in this scenario. Which two ways can NSGs be used? (Pick 2) A. To ensure that only the front-end VM is publicly accessible over port 80 B. To ensure that only your account can use RDP to access the VMs C. To ensure that all three VMs are accessible over port 222 D. To ensure that the front-end VM hosts only web applications
A) To ensure that only the front-end VM is publicly accessible over port 80. B) To ensure that all three VMs are accessible over port 222. These answers are correct because network security groups (NSGs) act as a firewall. It defines rules that allow or or deny inbound or outbound traffic.
Define elasticity:
Automatically increasing or decreasing resources to meet spikes in demand.
Your company wants to ensure that it meets its internal compliance goals and that Azure resources are compliant with company standards. This will include ongoing evaluation for compliance and the identification of non-compliant resources. What should you use? A) Azure Advisor B) Azure Monitor C) Azure Policy D) RBAC
Azure Policy - Azure Policy lets a company enforce rules that apply to resources to help ensure compliance with company standards. They can also be used to ensure that resources meet SLA agreements. Resources are evaluated based on policies and non-compliant resources are identified.
Which Azure management tool provides a graphic interface for deploying, managing, and monitoring Azure resources?
Azure Portal - It can also be used to manage all aspects of your applications.
Your company plans to deploy to the Azure cloud three virtual machines (VMs) and a Load Balancer. You want to estimate the cost of using all four resources before you create a subscription. You need to choose the most appropriate cost estimation tool. Which tool should you choose?
Azure Pricing Calculator - It allows you to estimate the monthly cost of a cloud solution. You can: and various resources to the calculator, choose the region of the resources, and the number of instances of a resource to help estimate the cost.
Which two solutions should you use to transfer an on-premises virtual hard disk (VHD) to Azure? 1. Azure Storage Explorer 2. Azure Data Share 3. AzCopy 4. Azure Files
Azure Storage Explorer and AzCopy. Azure Storage Explorer is a graphical user interface tool that you can use to manage your Azure Storage resources. With storage explorer, you can create and manage storage accounts, blobs, queues, tables, and files. You can also monitor your storage account metrics and access your stored data through the various storage explorer files. AzCopy is a command-line tool that can be used to upload and download data to and from Azure blob storage. AzCopy can be used to transfer data within azure storage accounts or between storage accounts. It supports both block blobs and page blobs.
You build a new operational analytics solution in Azure using PostgreSQL as a relational database. The estimated monthly growth of your database is 20 Gb. You need to ensure that your database can scale horizontally and support query parallelization for faster responses on a large dataset, without your team's involvement in database or operating system management. Which deployment option of PostgreSQL in Azure should you use? 1. Azure database for PostgreSQL Single Server 2. PostgreSQL on Azure VMs 3. Azure database for PostgreSQL Hyperscale (Citus) 4. Azure database for PostgreSQL Flexible Server
Azure database for PostgreSQL Hyperscale (Citus) - This is offered as a Platform-as-a-service offering that can scale horizontally by breaking up large data tables into smaller chunks, called shards. It also enables query parallelization across multiple servers, providing greater performance on datasets of 100 Gb and above.
You need to give all users in the group the ability to create and manage all types of Azure resources in a subscription. Rights granted to the users should be kept to a minimum. Which built-in role-based access control (RBAC) role should you assign to the group? A) user access administrator B) contributor C) owner D) reader
Contributor - This role meets the scenario requirements but it keeps the additionalpermissions allowed to a minimum. The Contributor role does not include the ability to grant access to others.
You manage a development team that needs to focus all its efforts on creating and maintaining application code. Your team does not have the resources to provision and scale the infrastructure your applications require to run. What should you do? A) Automate virtual machine provisioning B) containerize the apps and deploy a container cluster service. C) create an azure functions subscription and upload your code. D) configure virtual machines and deploy application updates using Azure command-line interface (CLI).
Create an Azure Functions subscription and upload your code. Azure Functions is an example of serverless computing. In the serverless computing model, a customer can submit their application code to a CSP such as Azure. Azure provisions and maintains the servers and infrastructure required to run the application. This includes code backups, high availability features, and auto-scaling to increase workloads.
Your company wants to ensure that it meets its internal compliance goals and that azure resources are compliant with company standards. This will include ongoing evaluation for compliance and the identification of non-compliant resources. You need to recommend a solution. What should you use? A) Azure Advisor B) Azure Monitor C) Role-based access control. (RBAC) D) Azure Policy
D) Azure Policy - this lets you enforce rules that apply to resources to help ensure compliance with company standards. Policies can also be used to ensure that resources meet SLAs requirements. Resources are evaluated based on policies and non- compliant resources are identified. Azure Monitor collects, analyzes, and acts on telemetry from cloud and on-premises environments, but it would not enable you to monitor for compliance with company standards.
Your company is planning a deployment using Azure Database for PostgreSQL. The deployment should meet the following requirements: - Up to 10 TB storage - Azure premium storage - Point-in-time-restore for up to 35 days You need to select the appropriate deployment and pricing tier to meet these requirements and minimize costs. What should you select? A) Azure database for PostgreSQL hyperscale (citrus) B) Azure database for PostgreSQL Single server basic tier C) Azure database for PostgreSQL single server memory optimized tier D) Azure database for PostgreSQL single server general purpose tier
D) Azure database for PostgreSQL Single Server General Purpose tier. - The general purpose tier supports data storage up to 16 TB and uses Azure Premium storage. Point-in-time restore is met by all Azure Database for PostgreSQL deployments. Azure Database PostgreSQL Single Server Basic tier has storage that is limited to 1 TB and it has Azure Standard Storage. Azure Database PostgreSQL Single Server Memory Optimizer meets all of the requirements, but it is more expensive than the General Purpose Tier. Azure Database PostgreSQL Hyperscale (Citrus) is too expensive, and you would use this option if you needed to support horizontally scaled queries across multiple machines using sharding.
Which example best describes authorization? A) Passengers who present their drivers license to prove their identity before boarding a flight. B) Banking customers who enter their personal identification number (PIN) to log into an ATM. C) Students who enter their password to check their grades at university. D) People who present their birth certificate to prove that they are eligible to receive government age-based benefits.
D) People who present their birth certificate to prove that they are eligible to receive government age-based benefits. - In this scenario, the person is already authenticated (by proof of the birth certificate) and the age on the certificate is what is verifying that the person has a right to reciere govt. Age-based benefits. Authentication - The process of proving that somebody is who they say they are. Authorization - The act of granting an authenticated person permission to do something.
You are going to start collecting data about your Azure infrastructure with Azure Monitor. Which type of data collection requires you to enable diagnostics?
Event Logs
What do you use under Azure Monitoring when you want to view the Azure features that are planned to be deprecated?
Health advisories - Health advisories show you events that are of concern to you, such as when you exceed the usage quota or when a feature is about to be deprecated.
What do you use under Azure Monitoring when you want to know how many times your web app has been unavailable during the past month?
Health history - It keeps track of inactive events for 90 days.
A company plans to use a custom software as a service (Saas) application and wants to minimize costs. The company is legally required to maintain and secure all data onsite.
Hybrid model - it combines features of public and private clouds. This provides a way to save costs by sharing less-secure solution needs in a public cloud, and keep high-risk, high-value resources internal to the network.
Define Azure Virtual Machines -
Includes a virtual processor, memory, storage, and networking resources.
Define Azure Functions -
Includes the abstraction of servers, infrastructure, and operating systems. Functions provides a way to run small pieces of code, or "functions," in the cloud. They can be triggered by events or they can run on a schedule. They are easy to use, scale automatically, and you can use it to call other Azure services, like Cosmos DB or Storage.
Define Container Instances -
Is a lightweight, virtualized application environment. They provide many of the same benefits as virtual machines, and are designed to be portable and largely self-contained. Docket is a popular container ecosystem.
What is the Total Cost Ownership (TCO) calculator?
It allows you to compare the difference in cost between your current on-premises infrastructure and your predicted cloud infrastructure. It looks at: - on-premises hardware - electricity - IT labor - software licensing And then compares this lost to the assumed resources needed in Azure.
What is Azure Marketplace?
It allows you to create new resources from a catalog.
What is a resource panel?
It is the left hand side panel in the Azure portal, and it lists the main resource types that are available.
What is geo-redundant storage (GRS)?
It stores 3 data copies in each of two regions. It makes sure that your data remains available even if there is a complete failure at one location. in the event of a localized failure or network outage, your applications can still be accessed from the second location.
What is Locally redundant storage (LRS)?
It stores all replicas in one data center. It protects data locally by writing to 3 disks within the data
Define scalability:
Manually increasing or decreasing resources to meet a predictable workload.
Application Security Groups (ASGs) let you?
Organize similar servers so you can easily define and implement security policies based on those groups.
A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physically deployed offsite.
Private model - A private model solution is one where an organization builds and maintains its own solution, either in its datacenter or hosted as dedicated resources by a solution provider. Services and infrastructure are hosted on a private network dedicated to that organization only.
What cloud model would you use in this example? A company wants to deploy multiple servers to host web applications but wants to keep hardware costs and management costs to a minimum. The solution should be highly scalable.
Public model
You have completed the migration of your organization's core servers and processors to cloud-based virtual machines. Your final project involves migrating a weekly batch-processing task that relies on operating system driver to print PDF reports. You need to meet this requirement while minimizing costs. What should you do?
Run the batch processing task using spot instances. - Spot virtual machines or instances can help reduce costs by taking advantage of unutilized capacity.
You need to ensure consistent performance for users who access your application, which runs on customized Linux virtual machines. What should you use to provision virtual machines automatically? 1. Availability zones 2. Functions 3. Dedicated hosts 4. Scale sets
Scale sets - Scale sets provision virtual machines automatically. An Azure virtual machine scale set is a group of identical, autoscaling virtual machines in the Azure cloud. They allow you to easily deploy and manage a large number of virtual machines as a single unit, making them ideal for scalable workloads, like: web servers, application servers, and batch processing jobs.
A company is deploying a critical business application on two virtual machines (VMs). The deployment needs to support - Highly available access - Separate fault and update zones - Minimal latency between instances Most users who need to access the application are in the Azure East US 2 Region. Which configuration should the company use to deploy the solution?: A) separate availability sets B) separate availability zones C) separate regions in a regional pair D) separate resource groups in the same region
Separate availability zones. The regions that support availability zones, including East US 2, provide for three availability zones. - Availability zones are deployed in separate data centers, so interruptions in one availability zone, such as a storage device failure, do not impact the other availability zones. - Each availability zone is a separate fault and update zone, and has very low latency with other availability zones in the region.