AZ-900
Read and write - Role-based access control, using an allow model, grants all of the permissions assigned in all of the assigned roles.
A user is simultaneously assigned multiple roles that use role-based access control. What are their actual permissions? The role permissions are: Role 1 - read || Role 2 - write || Role 3 - read and write.
Virtual machine scale sets
Azure automates most of that work. Scale sets allow you to centrally manage, configure, and update a large number of VMs in minutes. The number of VM instances can automatically increase or decrease in response to demand, or you can set it to scale based on a defined schedule.
Azure policy lets you create policies and initiatives (groups of policies) that prevent non-compliant resource from being created.
How can you prevent creation of non-compliant resources, without having to manually evaluate each resource?
One
How many resource groups can a resource be in at the same time?
Public IP Addresses
If you wanted to reduce the cost of you azure subscription, what one would you remove?
IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.
In which cloud service model is the customer responsible for managing the operating system? Select only one answer. Infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration.
Increasing the capacity of an application by adding additional virtual machine is called [answer choice]. Select only one answer. agility high availability horizontal scaling vertical scaling
You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration.
Select the answer that correctly completes the sentence. Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called [answer choice]. Select only one answer. disaster recovery high availability horizontal scaling vertical scaling
Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours.
Select the answer that correctly completes the sentence. An example of [answer choice] is automatically scaling an application to ensure that the application has the resources needed to meet customer demands. Select only one answer. agility elasticity geo-distribution high availability
Agility means that you can deploy and configure cloud-based resources quickly as app requirements change.
Select the answer that correctly completes the sentence. Deploying and configuring cloud-based resources quickly as business requirements change is called [answer choice]. Select only one answer. agility elasticity high availability scalability
geography
Select the answer that correctly completes the sentence. In a region pair, a region is paired with another region in the same [answer choice]. Select only one answer. availability zone datacenter geography resource group
geo-location
Select the answer that correctly completes the sentence. In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world. Select only one answer. disaster recovery elasticity geo-location high availability
Software as a Service (SaaS)
Subscriber Manages: * Data & Access Cloud Provider Manages: * Applications * Runtime * Operating System * Virtual Machine * Compute * Networking * Storage
Platform as a Service (PaaS)
Subscriber Manages: * Data & Access * Applications Cloud Provider Manages: * Runtime * Operating System * Virtual Machine * Compute * Networking * Storage
Infrastructure as a Service (IaaS)
Subscriber Manages: * Data & Access * Applications * Runtime * Operating System * Virtual Machine Cloud Provider Manages: * Compute * Networking * Storage
Azure Container Apps
They allow you to get up and running right away, they remove the container management piece, and they're a PaaS offering. have extra benefits such as the ability to incorporate load balancing and scaling. These other functions allow you to be more elastic in your design.
Infrastructure as a Service (IaaS)
Virtual Machines are ......
multi-factor authentication (MFA)
What Azure AD feature can you use to configure security authentication that requires users to use their mobile phone to sign in? Select only one answer. Azure Information Protection (AIP) Microsoft Defender for Cloud Microsoft Entra Verified ID multi-factor authentication (MFA)
Tags allow you to associate metadata with a resource to help keep track of resource management, costs and optimization, security, and so on.
What Azure feature can help stay organized and track usage based on metadata associated with resources?
Region pairs
What Azure feature replicates resources across regions that are at least 300 miles away from each other?
The five recommendation categories for Azure Advisor are: Reliability, Security, Performance, Operational Excellence, and Cost.
What are the 5 recommendation categories for Azure Advisor?
Azure CLI and Azure PowerShell
What are two Azure command line tools that are installable on Windows, Mac, and Linux?
Azure Container Instances & Azure Kubernetes Service (AKS)
What are two services that allow you to run applications in containers? Each correct answer presents a complete solution. Select all answers that apply. Azure Container Instances Azure Functions Azure Logic Apps Azure Kubernetes Service (AKS)
a resource lock
What can be applied to a resource to prevent accidental deletion? Select only one answer. a resource lock a resource tag a policy an Azure Reservation
a lock
What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource? Select only one answer. a lock a tag a user-assigned managed identity Conditional Access
Azure role-based access control (RBAC)
What can you use to allow a user to manage all the resources in a resource group? Select only one answer. Azure Key Vault Azure role-based access control (RBAC) resource locks resource tags
Service endpoints are used to expose Azure services to a virtual network, providing communication between the two
What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network? Select only one answer. ExpressRoute network security groups (NSGs) peering service endpoints
Conditional Access
What can you use to ensure that a user can only access applications from compliant devices? Select only one answer. Conditional Access hybrid identity multi-factor authentication (MFA) single sign-on (SSO)
Azure Service Health
What can you use to find information about planned maintenance for Azure services that are critical to your organization? Select only one answer. Azure Advisor Azure Monitor Azure Service Health Log Analytics
Azure Arc
What can you use to manage servers across cloud platforms and on-premises environments? Select only one answer. Azure Arc Azure CLI Azure Monitor Azure PowerShell
Azure Virtual Desktop
What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications? Select only one answer. Azure Container Instances Azure Functions Azure Logic Apps Azure Virtual Desktop
single sign-on (SSO)
What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers? Select only one answer. Conditional Access device management multi-factor authentication (MFA) single sign-on (SSO)
The setting is applied to current and future resources.
What happens to the resources within a resource group when an action or setting at the Resource Group level is applied?
Software as a Service (SaaS)
What is Microsoft 365?
a resource
What is an Azure Storage account named storage001 an example of? Select only one answer. a resource a resource group a resource manager a subscription
You can scale more quickly.
What is an advantage of cloud computing compared to on-premises deployments? Select only one answer. You can scale more quickly. You can work from multiple workstations. You have full access in case of internet outage. You own your CPUs.
the service-level agreement (SLA) that you choose
What is high availability in a public cloud environment dependent on? Select only one answer. capital expenditures cloud-based backup retention limits the service-level agreement (SLA) that you choose the vertical scalability of an app
data and access
What is the customer responsible for in a software as a service (SaaS) model? Select only one answer. data and access storage runtime virtual machines
Azure Arc, working with Azure Resource Manager, lets you extend your Azure compliance and monitoring to your hybrid and multicloud configurations.
What service helps you manage your Azure, on-premises, and multicloud environments?
a web browser
What should you use to access Azure Cloud Shell? Select only one answer. a web browser Azure Resource Manager (ARM) Microsoft Visual Studio Code the command-line on a local computer
Bicep and ARM Templates allow you to deploy your resource as code.
What two components could you use to implement a "infrastructure as code" deployment?
Software as a Service (SaaS)
What type of cloud service type would a Finance and Expense tracking solution typically be in?
The Total Cost of Ownership calculator lets you input your current infrastructure and requirements and provides you with an estimate for running in the cloud.
What's the best method to estimate the cost of migrating to the cloud while incurring minimal costs?
A resource lock can be used to prevent a resource from accidentally being deleted.
What's the best way to prevent inadvertent deletion of a resource?
Size, Storage, and Networking
When you provision a VM, you'll also have the chance to pick the resources that are associated with that VM, including:
Conditional Access is a tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. Conditional Access might challenge you for a second authentication factor if your sign-in signals are unusual or from an unexpected location.
Which Azure Active Directory tool can vary the credentials needed to log in based on signals, such as where the user is located?
The Hot tier is optimized for storing data that is accessed frequently.
Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data? Select only one answer. Archive Cool Hot
The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data.
Which Azure Blob storage tier stores data offline and offers the lowest storage costs and the highest costs to access data? Select only one answer. Archive Cool Hot
Azure Blobs is a massively scalable object store for text and binary data. Azure Blobs also includes support for big data analytics through Data Lake Storage Gen2.
Which Azure Storage service supports big data analytics, as well as handling text and binary data types?
Availability sets
Which Azure Virtual Machine feature staggers updates across VMs based on their update domain and fault domain?
Azure Virtual Desktop
Which Azure service allows users to use a cloud hosted version of Windows from any location and connect from most modern browsers?
Azure Advisor
Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, and cost reduction? Select only one answer. Azure Advisor Azure Monitor Azure Service Health Log Analytics
software as a service (SaaS)
Which cloud service model is used by Microsoft Office 365? Select only one answer. infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
Infrastructure as a Service (IaaS)
Which cloud service type is most suited to a lift and shift migration from an on-premises datacenter to a cloud deployment?
Data Policy
Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets? Select only one answer. Data Catalog Data Estate Insights Data Policy Data Sharing
Azure Resource Manager (ARM)
Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account? Select only one answer. Azure CLI Azure management groups Azure Resource Manager (ARM) Azure Sphere
Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions.
Which resource can you use to manage access, policies, and compliance across multiple subscriptions? Select only one answer. administrative units management groups resource groups
connecting an on-premises datacenter to an Azure virtual network
Which scenario is a use case for a VPN gateway? Select only one answer. communicating between Azure resources connecting an on-premises datacenter to an Azure virtual network filtering outbound network traffic partitioning a virtual network's address space
Zero Trust is a security model that assumes the worst case scenario and protects resources with that expectation.
Which security model assumes the worst-case security scenario, and protects resources accordingly?
Geo-redundant storage (GRS) and geo-zone-redundant storage (GZRS) both provide 16 nines of durability.
Which storage redundancy option provides the highest degree of durability, with 16 nines of durability?
Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.
Which storage service should you use to store thousands of files containing text and images? Select only one answer. Azure Blob storage Azure Disk Storage Azure Queue Storage Azure Table storage
Azure File Sync maintains a bidirectional synchronization of files between your on-premises and cloud Windows servers.
Which tool automatically keeps files between an on-premises Windows server and an Azure cloud environment updated?
Azure SQL databases & virtual machines
Which two Azure resources can make use of availability zones? Each correct answer presents a complete solution. Select all answers that apply. Azure SQL databases Azure subscriptions resource groups virtual machines
resource usage & location
Which two factors affect Azure costs? Each correct answer presents a complete solution. Select all answers that apply. availability zone selection date and time of use resource location resource usage
Network File System (NFS) & Server Message Block (SMB)
Which two protocols are used to access Azure file shares? Each correct answer presents a complete solution. Select all answers that apply. HTTP FTP Network File System (NFS) Server Message Block (SMB)
associating costs with different environments and categorizing costs by department
Which two scenarios are common billing use cases for resource tags? Each correct answer presents a complete solution. Select all answers that apply. associating costs with different environments categorizing costs by department identifying lower cost regions resizing underutilized virtual machines
serving images or documents directly to a browser & storing data for backup and restore
Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution. Select all answers that apply. hosting ASPX files for a website mounting a file storage share to be accessed as a virtual drive on multiple virtual machines serving images or documents directly to a browser storing data for backup and restore
authentication & SSO
Which two services are provided by Azure AD? Each correct answer presents a complete solution. Select all answers that apply. authentication data encryption name resolution single sign-on (SSO)
ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure.
Which two services can you use to establish network connectivity between an on-premises network and Azure resources? Each correct answer presents a complete solution. Select all answers that apply. Azure Bastion Azure Firewall Azure VPN Gateway ExpressRoute
CLI and Powershell
Which two tools are accessible via Azure Cloud Shell and allows you to write Bash scripts to manage an Azure environment? Select all answers that apply. Azure CLI Azure PowerShell Azure Repos Azure Resource Manager (ARM) templates
PowerShell in Azure Cloud Shell & the Azure portal
Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android? Each correct answer presents complete solution. Select all answers that apply. PowerShell in Azure Cloud Shell Remote Desktop SSH the Azure portal
Virtual networks are part of the IaaS cloud service.
Which type of cloud service are virtual networks? Select only one answer. infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
software as a service (SaaS)
Which type of cloud service model is typically licensed through a monthly or annual subscription? Select only one answer. Infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
You are only billed for what you use.
Why is cloud computing often less expensive than on-premises datacenters? Each correct answer presents a complete solution. Select only one answer. Cloud service offerings have limited functionality. Network bandwidth is free. Services are only offered in a single geographic location. You are only billed for what you use.
Total Cost of Ownership (TCO) Calculator
You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure. What should you use to assist you? Select only one answer. Azure Advisor Azure Cost Management Azure Pricing calculator Total Cost of Ownership (TCO) Calculator
Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.
You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand. What should you include in the solution? Select only one answer. Application insights Azure Advisor Azure Monitor Azure Service Health
Azure Policy
You need to recommend a solution for Azure virtual machine deployments. The solution must enforce company standards on the virtual machines. What should you include in the recommendation? Select only one answer. Azure Blueprints Azure Cost Management Azure Lock Azure Policy
Azure Service Health
You need to review the root cause analysis (RCA) report for a service outage that occurred last week. Where should you look for the report? Select only one answer. Azure Advisor Azure Monitor Azure Service Health Log Analytics
Azure Pricing calculator
You plan to build a new solution in Azure that will use platform as a service (PaaS) products. What should you use to estimate the monthly costs? Select only one answer. Azure Advisor Azure Cost Management Azure Pricing calculator Total Cost of Ownership (TOC) Calculator
Resource Health is a tailored view of your actual Azure resources. It provides information about the health of your individual cloud resources
You receive an email notification that virtual machines (VMs) in an Azure region where you have VMs deployed is experiencing an outage. Which component of Azure Service Health will let you know if your application is impacted?
platform as a service (PaaS)
Your organization is building a custom application. You need to focus on application development rather than configuration and management of servers. Which cloud service model should you use? Select only one answer. infrastructure as a service (IaaS) platform as a service (PaaS) software as a service (SaaS)
Azure Reservations
Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines? Select only one answer. Azure Monitor alerts Azure Reservations spending limits
Hybrid cloud
a combination of public cloud and private cloud, using both datacenters dedicated solely to one customer and datacenters that are shared with the public.
Azure Virtual Desktop
a desktop and application virtualization service that runs on the cloud. It enables you to use a cloud-hosted version of Windows from any location. works across devices and operating systems, and works with apps that you can use to access remote desktops or most modern browsers.
Azure Functions
an event-driven, serverless compute option that doesn't require maintaining virtual machines or containers
Virtual machine availability sets
are designed to ensure that VMs stagger updates and have varied power and network connectivity, preventing you from losing all your VMs with a single network or power failure.
Virtual machine scale sets
automatically deploy a load balancer to make sure that your resources are being used efficiently.
Virtual Machines
can group together to provide high availability, scalability, and redundancy. Azure can also manage the grouping of these for you with features such as scale sets and availability sets.
Azure virtual networks and virtual subnets
enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers.
Azure App Service
enables you to build and host web apps, background jobs, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure. It offers automatic scaling and high availability.
Point-to-site virtual private network connections
from a computer outside your organization back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
Horizontal scaling
involves adding or removing resources (such as virtual machines or containers) to meet demand
Azure Kubernetes Service
is a container orchestration service. An orchestration service manages the lifecycle of containers. When you're deploying a fleet of containers, can make fleet management simpler and more efficient.
Reliability
is the ability of a system to recover from failures and continue to function, and it is one of the pillars of the Microsoft Azure Well-Architected Framework.
Cloud computing
is the delivery of computing services over the internet
Virtual machine scale sets
let you create and manage a group of identical, load-balanced VMs
Site-to-site virtual private networks
link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.
Azure Container Instances
offer the fastest and simplest way to run a container in Azure; without having to manage any virtual machines or adopt any additional services. a platform as a service (PaaS) offering. allow you to upload your containers and then the service will run the containers for you.
Infrastructure as a Service (IaaS)
places the most responsibility on the consumer, with the cloud provider being responsible for the basics of physical security, power, and connectivity.
Azure ExpressRoute
provides a dedicated private connectivity to Azure that doesn't travel over the internet.