AZ-900 Exam Prep - Microsoft
Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution. - Applications can be provisioned and de-provisioned quickly. - Hardware must be purchased. - Organizations only pay for what they use. - The company has complete control over physical resources and security.
- Applications can be provisioned and de-provisioned quickly. - Organizations only pay for what they use. In a private cloud, hardware must be purchased for start up and maintenance. In a private cloud, organizations control resources and security. Quick provisioning is a characteristic of the public cloud deployment model. Paying only for what is used is a characteristic of the public cloud deployment model.
What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Azure AD? Select only one answer. Azure AD Connect Azure Key Vault Azure Resource Manager (ARM) Conditional Access
Azure AD Connect Azure AD Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Azure AD. Azure AD Connect allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.
You need to be notified when there are new recommendations for reducing Azure costs. Which tool should you use? Select only one answer. Azure Advisor Azure Monitor Azure Service Health Log Analytics
Azure Advisor Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.
What can you use to automatically detect performance anomalies for web apps? Select only one answer. Azure Advisor Azure Application Insights Azure Cognitive Services Azure DevOps
Azure Application Insights
What can you use to manage servers across cloud platforms and on-premises environments? Select only one answer. Azure Arc Azure CLI Azure Monitor Azure PowerShell
Azure Arc Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Which two tools are accessible via Azure Cloud Shell and allows you to write Bash scripts to manage an Azure environment? Select all answers that apply. Azure CLI Azure PowerShell Azure Repos Azure Resource Manager (ARM) templates
Azure CLI Azure PowerShell Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.
You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration. What should you recommend? Select only one answer. Azure Blueprint Azure CLI Azure Powershell Azure Resource Manager (ARM) template
Azure CLI Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.
What are two services that allow you to run applications in containers? Each correct answer presents a complete solution. Select all answers that apply. Azure Container Instances Azure Functions Azure Logic Apps Azure Kubernetes Service (AKS)
Azure Container Instances Azure Kubernetes Service (AKS) Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.
Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol? Select only one answer. Azure Disk Storage Azure Files Azure Queue Storage Azure Table storage
Azure Files Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.
Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes? Select only one answer. Azure Advisor Azure Monitor Azure Policy Azure Service Health
Azure Monitor Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.
Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account? Select only one answer. Azure CLI Azure management groups Azure Resource Manager (ARM) Azure Sphere
Azure Resource Manager (ARM) ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.
Select the answer that correctly completes the sentence. [Answer choice] is the deployment and management service for Azure. Select only one answer. Azure AD Azure API Management Azure Monitor Azure Resource Manager (ARM)
Azure Resource Manager (ARM) ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.
What can you use to find information about planned maintenance for Azure services that are critical to your organization? Select only one answer. Azure Advisor Azure Monitor Azure Service Health Log Analytics
Azure Service Health You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime
Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution. Select all answers that apply. Azure Bastion Azure Firewall Azure VPN Gateway ExpressRoute
Azure VPN Gateway ExpressRoute ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.
What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications? Select only one answer. Azure Container Instances Azure Functions Azure Logic Apps Azure Virtual Desktop
Azure Virtual Desktop Azure Virtual Desktop is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.
Which Azure compute service can you use to deploy and manage a set of identical virtual machines? availability sets availability zones Azure Container Instances Azure Virtual Machine Scale Sets
Azure Virtual Machine Scale Sets Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.
What can you use to ensure that a development team can only create virtual machines of a certain size? Select only one answer. Azure Blueprints Azure Policy Cloud Adoption Framework Conditional Access
Azure policy Azure Policy enables you to define both individual policies and groups of related policies called initiatives. Azure Policy evaluates your resources and highlights resources that are not compliant with the policies you created. Azure Policy can also prevent noncompliant resources from being created.
Select the answer that correctly completes the sentence. [Answer choice] refers to upfront costs incurred one time, such as hardware purchases. A consumption-based model Capital expenditures Elasticity Operational expenditures
Capital expenditures Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.
What Azure AD feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications? Select only one answer. Azure role-based access control (RBAC) Conditional Access multi-factor authentication (MFA) single sign-on (SSO)
Conditional Access Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.
What can you use to ensure that a user can only access applications from compliant devices? Conditional Access hybrid identity multi-factor authentication (MFA) single sign-on (SSO)
Conditional Access Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.
Which two actions can be performed by using the graphical user interface (GUI) in the Azure portal? Each correct answer presents a complete solution. Select all answers that apply. Change the availability zone of a virtual machine. Create new resources. Repeatedly set up one or more resources and ensure that all the dependencies are created in the proper order. Review a graphical view of all the services you are using.
Create new resources. Review a graphical view of all the services you are using. The Azure portal provides a GUI to view all the services you are using, create new services, configure your services, and view reports.
Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets? Select only one answer. Data Catalog Data Estate Insights Data Policy Data Sharing
Data Policy Incorrect: Data Catalog -- This enables data discovery. Incorrect: Data Sharing -- This shares data within and between organizations. Incorrect: Data Estate Insights -- This accesses data estate health. Correct: Data Policy -- This governs access to data.
You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day. What should you do to minimize costs but preserve the associated hard disks and data? Select only one answer. Deallocate the virtual machine. Delete the virtual machine. Implement Privileged Identity Management. Resize the virtual machine. Next
Deallocate the virtual machine If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.
Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data? Archive Cool Hot
Hot The Hot tier is optimized for storing data that is accessed frequently. The Cool access tier has a slightly lower availability SLA and higher access costs compared to hot data, which are acceptable trade-offs for lower storage costs. Archive storage stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? Each correct answer presents complete solution. Select all answers that apply. PowerShell in Azure Cloud Shell Remote Desktop SSH the Azure portal
PowerShell in Azure Cloud Shell The Azure Portal The Azure portal can run on devices that have the Android operating system installed. The browser can be any type, such as Internet Explorer 11, Chrome, Firefox, or Safari (all the latest versions). When you visit the portal, you will see Cloud Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can use Bash and PowerShell to create Azure virtual machines.
What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers? Select only one answer. Conditional Access device management multi-factor authentication (MFA) single sign-on (SSO)
SSO SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals. Azure AD supports the registration of devices.
You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure. What should you use to assist you? Select only one answer. Azure Advisor Azure Cost Management Azure Pricing calculator Total Cost of Ownership (TCO) Calculator
Total Cost of Ownership (TCO) Calculator The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.
What is an advantage of cloud computing compared to on-premises deployments? You can scale more quickly. You can work from multiple workstations. You have full access in case of internet outage. You own your CPUs.
You can scale more quickly. Cloud computing allows you to scale more quickly. Owning your own CPUs and having full access in the event of an internet outage are not features of cloud computing. Working from multiple workstations is not specific to cloud computing compared to an on-premises deployment.
What is an Azure Storage account named storage001 an example of? a resource a resource group a resource manager a subscription
a resource A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
Select the answer that correctly completes the sentence. [Answer choice] is the logical container used to combine and organize Azure resources. a management group a resource group Azure Resource Manager (ARM) an Azure region
a resource group Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed.
What can be applied to a resource to prevent accidental deletion? Select only one answer. a resource lock a resource tag a policy an Azure Reservation
a resource lock A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.
Which Azure resource is a software emulation of a physical computer that includes a virtual processor, memory, storage, and networking resources? a container a function a virtual machine an App Service
a virtual machine Virtual machines are software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. Virtual machines host an operating system, and you can install and run software just like on a physical computer.
Select the answer that correctly completes the sentence. Deploying and configuring cloud-based resources quickly as business requirements change is called [answer choice]. agility elasticity high availability scalability
agility Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.
What can you use to restrict the deployment of a virtual machine to a specific location? Azure AD Azure Policy resource groups resource locks
azure policy Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.
Which scenario is a use case for a VPN gateway? Select only one answer. communicating between Azure resources connecting an on-premises datacenter to an Azure virtual network filtering outbound network traffic partitioning a virtual network's address space
connecting an on-premises datacenter to an Azure virtual network A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.
What is the customer responsible for in a software as a service (SaaS) model? data and access storage runtime virtual machines
data and access SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.
Which type of strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data? defense in depth distributed denial-of-service (DDoS) least privileged access perimeter
defense in depth A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application's resources. The perimeter layer is about protecting an organization's resources from network-based attacks.
Select the answer that correctly completes the sentence. An example of [answer choice] is automatically scaling an application to ensure that the application has the resources needed to meet customer demands. agility elasticity geo-distribution high availability
elasticity Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.
Select the answer that correctly completes the sentence. In a region pair, a region is paired with another region in the same [answer choice]. Select only one answer. availability zone datacenter geography resource group
geography Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.
Which cloud deployment model are you using if you have servers physically located at your organization's on-site datacenter, and you migrate a few of the servers to the cloud? hybrid cloud private cloud public cloud
hybrid cloud A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.
Which type of cloud service are virtual networks? infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
infrastructure as a service (IaaS) IaaS helps you reduce the cost and complexity of maintaining a physical server and its datacenter infrastructure. Virtual networks are part of the IaaS cloud service.
In which two deployment models are customers responsible for managing operating systems that host applications? Each correct answer presents a complete solution. infrastructure as a service (IaaS) on-premises platform as a service (PaaS) software as a service (SaaS)
infrastructure as a service (IaaS) on-premises Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.
Which resource can you use to manage access, policies, and compliance across multiple subscriptions? Select only one answer. administrative units management groups resource groups
management groups Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Azure AD resources, such as users and groups. Accounts are used to provide access to resources
Which cloud service model is used by Azure SQL Database? Infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
platform as a service (PaaS)
Your organization is building a custom application. You need to focus on application development rather than configuration and management of servers. Which cloud service model should you use? Select only one answer. infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
platform as a service (PaaS) With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.
Which two factors affect Azure costs? Each correct answer presents a complete solution. Select all answers that apply. availability zone selection date and time of use resource location resource usage
resource location resource usage Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.
To which object or level is an Azure role-based access control (RBAC) role applied? Select only one answer. policy resource lock resource tag scope
scope An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.
Which type of cloud service model is typically licensed through a monthly or annual subscription? Infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
software as a service (SaaS) SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.
What is high availability in a public cloud environment dependent on? capital expenditures Cloud-based backup retention limits the service-level agreement (SLA) that you choose the vertical scalability of an app
the service-level agreement (SLA) that you choose Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.
Select the answer that correctly completes the sentence. Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called [answer choice]. disaster recovery high availability horizontal scaling vertical scaling
vertical scaling You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.