az 900 practice

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What are the components of a Conditional Access policy?

1.Access Decisions Once the signal condition of a policy is met, an access decision is applied such as grant, block, or grant with restrictions (requires MFA/managed device). 2.Signals Signals are the conditions that must be met to trigger a Conditional Access policy. They include the affected users/groups, applications being signed into, locations, and more.

Which of the following components are required for Azure Monitor alerts?

1.Action Group After an alert is triggered via an alert rule, the action group designates who is informed of the triggered alert. 2.Alert Rule The alert rule provides the conditions that must be met before triggering an alert.

You are the system administrator for T-Bones Restaurant Group, Inc. You currently have an on-premises data center that consists of 50 Windows servers running IIS and SQL Server. IT management has dictated that all systems should be moved to Azure in the coming year. They also state that only platform-as-a-service (PaaS) solutions should be implemented. Which of the following meet these requirements?

1.Azure App Service Azure App Service is a platform-as-a-service (PaaS) offering for web services and is a common solution for the migration of IIS. 2.Azure SQL Database Azure SQL Database is a platform-as-a-service (PaaS) offering for relational database management and is a common solution for the migration of SQL.

Which of the following Azure services can support serverless cloud?

1.Azure Logic Apps Along with Azure Functions, Azure Logic Apps is one of the more well-known serverless cloud services on Azure. 2.Azure App Service Azure App Service is a Platform as a Service (PaaS) offering that supports serverless application environments.

You are the systems administrator for Highlander Cutlery, Inc. Your company has an on-premises network that contains multiple servers. As part of a headcount reduction, the company plans to reduce the following administrative responsibilities of network administrators. Backing up application data. Replacing failed server hardware. Managing physical server security. Updating server operating systems. Managing permissions to shared documents. The company plans to migrate several servers to Azure virtual machines. Which administrative responsibilities will be reduced after the planned migration?

1.Managing physical server security One advantage of the IaaS cloud model is that a cloud service provider will manage physical security of the server infrastructure as part of the Shared Responsibility Model. 2.Replacing failed server hardware Within the Shared Responsibility Model of public cloud deployments, it is the responsibility of the cloud provider to replace failed server hardware.

Choose 2 command-line tools that can be used to interact with Azure resources using the Azure CLI.

1.PowerShell You can use the Azure CLI with PowerShell to work with Azure in a command-line format. 2.Bash You can use the Azure CLI with Bash to work with Azure in a command-line format.

What are the three components necessary for any role-based access control (RBAC) assignment?

1.Role definition Role definition defines what level of access is granted to an identity (security principal). 2.Security principal Security principal is the identity, or the "who," that needs access. 3.Scope Scope determines which set of resources (subscription, resource group, individual VM, etc.) a user or other identity has access to.

You manage a large number of VMs in Azure, all of which are configured to log CPU performance metrics. You want to view a historical analysis of CPU utilization over time in order to find trends. How should you accomplish this?

1.Send the CPU utilization metrics to a Log Analytics workspace. Within Log Analytics, run a query on the metrics to view trends over time. Log Analytics acts as both a storage container for logs/metrics as well as a query service to analyze the same logs/metrics data.

Which of the following statements are true regarding the differences between Private Endpoints and Service Endpoints?

1.Service Endpoints only provide private PaaS connectivity to a subnet in a virtual network. Private Endpoints extend private PaaS connectivity to connected networks, including on-premises. Service Endpoints only work with Azure Virtual Networks at a subnet-level scope. It does not extend to non-Azure networks. 2.Private Endpoints allow you to completely disable public access to a managed PaaS service. Private Endpoints allow private access from connected non-Azure locations, therefore allowing full removal of public PaaS access and still allowing on-premises connectivity.

Which of the following statements are true for IaaS cloud services?

1.Services can be scaled automatically to support system load. IaaS host services often feature the ability to scale automatically to combat increased system load and scaled back during periods of inactivity. 2.The client is responsible for all guest VM OS and application updates. Client must perform all guest OS and application updates. Operating System (OS) licensing is included in the per-use cost of the service.

What types of data does Azure Monitor collect?

1.Subscription monitoring data Azure Monitor collects two broad types of data: metrics and logs. Within these data types sits subscription monitoring data. 2.Metrics and logs All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs. Metrics are numerical values that describe some aspect of a system at a particular point in time. They are lightweight and capable of supporting near real-time scenarios. Logs contain different kinds of data organized into records with different sets of properties for each type. Telemetry such as events and traces are stored as logs in addition to performance data so that it can all be combined for analysis.

Which of the following components are required to establish communication between on-premises resources and resources in Azure?

1.VPN Gateway A VPN Gateway defines the Azure network side of a site-to-site virtual private network. 2.Azure Virtual Network Azure Virtual Network enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.

Which of the following statements are true about virtual machine vertical scaling in Azure Compute?

1.Vertical scaling increases the compute capacity of an existing resource, usually by adding more CPUs or RAM to an existing VM. This is also known as scaling up, where the compute capacity of an existing resource is changed, such as adding more CPUs/RAM to an existing VM. 2.Vertical scaling requires downtime to increase compute capacity. Changing the amount of CPU/RAM in an existing virtual machine requires downtime to make the change.

Choose all components that are required to create a secure IPsec tunnel over the public internet from an Azure virtual network to an on-premises location.

1.Virtual network gateway This scenario calls for a VPN connection over a virtual network gateway. A gateway component is one of the components needed to create this connection. 2.VPN device This scenario calls for a VPN connection over a virtual network gateway. Site-to-Site connections to an on-premises network require a VPN device. 3.Gateway subnet This scenario calls for a VPN connection over a virtual network gateway. A gateway requires its own gateway subnet on an Azure virtual network.

What kind of information does Azure Information Protection protect?

1.Email messages Azure Information Protection (sometimes referred to as AIP) helps protect: Email messages, Office documents and PDF documents. AIP is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Azure Information Protection is not used to protect data in Azure Blob Storage nor can it help protect virtual hard disks 2.Office documents Azure Information Protection (sometimes referred to as AIP) helps protect: Email messages, Office documents and PDF documents. AIP is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Azure Information Protection is not used to protect data in Azure Blob Storage nor can it help protect virtual hard disks. 3.PDF documents Azure Information Protection (sometimes referred to as AIP) helps protect: Email messages, Office documents and PDF documents. AIP is a cloud-based solution that helps an organization classify and, optionally, protect its documents and emails by applying labels. Azure Information Protection is not used to protect data in Azure Blob Storage nor can it help protect virtual hard disks

Which of the below capabilities are enabled by Azure Arc?

1.Enable running Azure serverless services (e.g., Azure Functions) in containerized form on on-premises servers. Azure Arc can run some Azure serverless services on local/on-premises servers. 2.Apply role-based access control (RBAC) polices on non-Azure servers. Azure Arc can extend Azure RBAC controls to non-Azure resources. 3.Protect Amazon EC2 instances with Microsoft Defender for Cloud. Azure Arc can extend the features and monitoring of Microsoft Defender for Cloud to non-Azure resources.

Which of the following are characteristic of public clouds?

1.High scalability Private clouds still afford the scalability and efficiency of a public cloud. Resources are purchased and available to meet your business needs. 2.Lower costs Unlike private cloud deployments, public cloud deployments do not require paying for hardware and services that remain idle for long periods of time. This results in lower costs. Resources are shared with others, so control and security are not as good as those in a private cloud.

Which of the following statements are true about horizontal scaling?

1.Horizontal scaling adds additional copies of a resource, like a VM or container, to a resource pool. Horizontal scaling (or scaling out) is defined by creating additional copies of a resource. It allows rapid expansion of compute capacity in a pool of resources with no downtime. 2.Horizontal scaling can occur automatically with no manual interaction. Since horizontal scaling creates copies of resources, adding and subtracting resources in response to demand can occur automatically based on application demand metrics. 3.Horizontal scaling does not require downtime. Since horizontal scaling creates copies of resources, it can be added to without bringing the application down to make changes to compute capacity. By contrast, increasing the number of CPUs/RAM in existing virtual machines requires taking the VM offline to make the change.

What are the advantages of the Zero Trust security model?

1.Limits rogue actors from accessing sensitive resources. Because it requires establishing trust with identities, as well as restricting access to only what is necessary to perform a job (i.e., principle of least privilege), Zero Trust limits the ability of rogue actors or compromised accounts to do damage. 2.Allows access from any location once identity has been verified. The Zero Trust security model is necessary for the modern "work from anywhere" workplace, as access can be granted regardless of a user's location.

Select which Azure service you should choose to run an application with the following requirements: - All software dependencies are bundled with the application source code - Bundled application is portable - Provision and run compute only when needed to save costs - Minimal management overhead

Azure Container Instances Containers fulfill the requirement to bundle an application with its dependencies and ensure portability. Azure Container Instances allows you to only run your container when needed and have lower management overhead compared to a fully orchestrated Azure Kubernetes Service option.

Your company is beginning their migration of on-premises storage data to Azure. Your existing file server has over 60 TB of data, which is too much to transfer over an internet connection to an Azure Storage account. You want to send an initial bulk offline data transfer, which can be followed up by later transfers over the internet once the first bulk upload is complete. Which tool would you recommend to accomplish this task?

Azure Data Box Azure Data Box is an encrypted hard drive intended for offline bulk data transfers.

You are designing a hybrid network in which your Azure virtual network will need to establish a secure and private connection to your on-premises network via a high-speed leased line that directly connects to Azure. This connection cannot traverse the public internet. Which Azure service should you use to accomplish this task?

Azure ExpressRoute Azure ExpressRoute fulfills the requirement to establish a private connection from on-premises to Azure, and it does so by leasing a dedicated line to an Azure datacenter and does not use the public internet.

Your corporate office hosts data for office users on an on-premises file server. You want to automatically synchronize the file server's data with Azure Files for backup/disaster recovery purposes. You also wish to enable remote users to operate from a synchronized copy of mapped drives in Azure Files in the future. Which tool would you recommend for this task?

Azure File Sync Azure File Sync automatically synchronizes on-premises file servers with Azure Files.

Your company is migrating several types of existing on-premises resources to Azure. You need to migrate the functionality of your existing on-premises file server to Azure, which will act as a mapped drive location for multiple office desktops. This solution needs to use the Server Message Block (SMB) shares for file storage and management. What solution should you use?

Azure Files Azure Files uses SMB shares within a storage account to act as a cloud-based network file server.

Your company is planning to create a large, complex application using multiple types of microservices that will be deployed on Azure. You need to choose an Azure service that can orchestrate multiple containerized microservices with minimal management overhead. Which Azure service should you choose?

Azure Kubernetes Service (AKS) Kubernetes uses containers, which fulfills the requirement to bundle an application with its dependencies and ensure portability. Compared to Azure Container Instances, which are more suitable for running single containers on demand, AKS is more suitable for large-scale orchestration of multiple containers interacting with each other.

You need to select an Azure service that can connect multiple systems, including automating data flow between systems. You do not have a developer background and need to choose a no-code solution. What should you choose?

Azure Logic Apps Azure Logic Apps provides no-code solutions for connecting and automating workflows between different services and applications.

Your company is beginning their migration of on-premises servers to Azure. You need to plan the migration of several VMs and their hosted applications to Azure. This also requires discovering app dependencies on other servers necessary for continuation of service. Which Azure service is best able to help with this migration process?

Azure Migrate Azure Migrate is a full cloud migration and modernization platform. One of its features is the ability to discover dependencies of resources being migrated to Azure.

Which of the following services includes Log Analytics, Azure Monitor alerts, and Application Insights?

Azure Monitor Azure Monitor acts as a wide-ranging surveillance tool that aggregates, scrutinizes, and reacts to telemetry data from your cloud-based and on-site infrastructures. Log Analytics allows you to collect, store, and analyze log data from virtually any source, enabling in-depth insights into operational performances and patterns. Azure Monitor alerts help you identify and respond to critical situations and potential issues within your Azure resources, based on specific metrics and log query results. Application Insights monitors live applications, automatically detects performance anomalies, and helps in diagnosing issues and understanding how to improve app performance and usability.

You have a business-critical database server running on an Azure VM. Because this server is business critical, you need to automatically notify your SRE team whenever CPU utilization rises above 90% for over 5 minutes. Which Azure service or feature is able to fulfill this requirement?

Azure Monitoring alerts Azure Monitoring alerts monitor conditions (such as an unresponsive application/VM) that can then automatically notify relevant personnel to take action on the issue.

You are the Azure Administrator for Radio Gaga, LTD. You have a resource group named RG-RG and need to ensure no other administrators can create virtual networks in this resource group. What can you implement to accomplish this?

Azure Policy Azure Policy is used to enforce different rules and effects over your resources, such as limiting what actions different administrators can perform within your RG-RG resource group. The other answers are incorrect: Access Control can be used to prevent the creation of Azure resources, but improper use could prevent required system access from other administrators, so this is not the best selection. Locks can be used on a resource to prevent accidental deletion or modification of a resource group, for example. Properties are typically read-only values for an Azure resource, such as its resource ID, subscription, resource group, and other information.

You need a service to define and enforce compliance standards in multiple Azure subscriptions. What service or feature should you use?

Azure Policy Azure Policy enforces organizational standards and compliance at scale. Examples include restricting a SKU or size of a virtual machine or defining which types of Azure resources are allowed.

As part of your company's Azure migration, your CFO needs a comparison of how much money would be saved by migrating their existing server cluster to Azure VMs. Additionally, migration savings must be calculated from migrating a server-hosted application to App Service. Which Azure tool can help provide cost-saving estimates of before/after migrations?

Azure TCO Calculator The Total Cost of Ownership (TCO) Calculator is used to estimate the cost savings you can realize by migrating your existing workloads to Azure.

You are designing a hybrid network in which your Azure virtual network will need to establish a secure and private connection to your on-premises network via an IPsec tunnel over the public internet. Which Azure service should you use to accomplish this task?

Azure VPN Gateway Azure VPN Gateway allows you to establish an IPsec tunnel from an on-premises network to an Azure virtual network over the public internet.

From where can you launch Azure Cloud Shell?

Azure portal Cloud Shell is launched from the Azure portal. Inside Cloud Shell, you have access to both Bash and PowerShell environments.

What are Azure Resource Manager (ARM) templates?

Azure's native Infrastructure-as-Code (IaC) solution ARM templates are Azure's native Infrastructure-as-Code (IaC) solution that can consistently and automatically deploy the same environments that are defined in code format.

You have a requirement to select the optimal Azure service for storing large amounts of directly-accessible data, including image files, videos, and backup files. Which service should you choose?

Blob storage in a storage account Blob storage is the preferred storage account method for unstructured data that can be directly accessed, such as video files, images, backup files, and much more.

Your company plans to move several servers to Azure. The company's compliance policy states a server named HRServer1 must be in a separate physical location from all other servers. Which Azure services can be used to meet the compliance policy requirements?

One Azure region for HRServer1 and another Azure region for all other servers An Azure region is a set of data centers deployed in a specific geographic location. By placing HRServer1 in a different Azure region to other servers, you have ensured it resides in a separate physical location from all your other servers. The other answers are incorrect as they will not ensure HRServer1 is in a separate physical location. A resource group is simply a logical construct that groups multiple resources together so they can be managed as a single entity. Resources from different resource groups can reside in the same location. Having HRServer1 reside in a separate subnet or virtual network does not ensure it is in a separate physical location - again these are logical constructs that span the same region/physical location.

Which of the following attributes describe public cloud offerings?

Pay-as-you-go pricing Public cloud uses a pay-as-you-go pricing model, paying for resources as they are used, not in advance.

Select the cloud concept that is defined by: - Knowing that your application will perform as expected, even under heavy load.

Predictability Predictability is knowing that your application will always perform as expected regardless of load. While there is some overlap with the concepts of scalability and high availability to achieve this outcome, the concept of being confident of consistent performance is Predictability.

Which cloud attribute is defined by knowing your application will perform as expected regardless of customer demand?

Predictability Predictability is knowing that your application will perform at a consistent level. This is achieved through a combination of autoscaling, high availability, and load balancing. Though not noted in the question, it also describes transparency in costs.

Which cloud attribute is defined by knowing what your cloud resources are going to cost as well as the ability to predict future costs through current trends?

Predictability Predictability is knowing what your application will cost with real-time tracking of resource usage. It also allows forecasting future costs based on current usage. Though not noted in the question, predictability also describes knowing that your application will perform consistently regardless of customer load.

You need to choose a performance option for an Azure storage account. This storage account will host disks for VMs, and requires the fastest possible performance. Which performance option should you choose?

Premium Page Blobs Premium page blobs support the fastest possible performance for page blob storage types (e.g., IaaS disks).

As part of your company's Azure migration, you plan on hosting an internal application with App Service. Your CFO needs an estimate of the monthly costs of running the application. Which Azure service should you use to create a monthly cost estimate?

Pricing calculator The pricing calculator can create accurate estimates of hourly or monthly Azure costs across the entire Azure portfolio.

What is the purpose of Azure Monitoring alerts?

Proactive notifications to relevant personnel when there is a problem with your infrastructure or application. Azure Monitoring alerts notify support personnel when there is an unexpected problem with your Azure environment, allowing a timely resolution.

What is the purpose of the Service Trust Portal?

Provides customers with Azure's compliance documentation The Service Trust Portal contains details about Microsoft's implementation of controls and processes that protect Microsoft's cloud services and the customers that use it.

What is the purpose of Application Insights?

Provides insights such as customer behavior, performance bottlenecks, and web application errors Application Insights provides website performance monitoring.

What type of cloud architecture is Microsoft Azure generally best described as?

Public Cloud-Microsoft Azure is best described as a Public Cloud provider, since nearly anybody can provision services on Microsoft Azure, if they have an account on the platform. This is the same as other major public cloud providers, like AWS and Google Cloud Platform.

Microsoft Office 365 is an example of which cloud deployment model?

SaaS Software as a service (SaaS) allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendar, and office tools, such as Microsoft Office 365.

Which cloud attribute is defined by maintaining full control of the security of your cloud resources, including patch management and network control?

Security Like its name implies, the security cloud attribute describes having full control, or even choosing how much control you want, over your cloud resources' security configuration.

You have an on-premises application that processes incoming queue messages and records the data to a log file. You migrate this application to an Azure function app. Which cloud service model would your application then be considered after this migration?

Serverless- Serverless computing is the abstraction of servers, infrastructure, and operating systems. When you build serverless apps, you don't need to provision and manage any servers, so you don't have to worry about infrastructure. Serverless computing is driven by the reaction to events and triggers happening in near-real time in the cloud.

You are migrating your on-premises Microsoft Exchange email system to Office 365. What kind of cloud service would this be considered?

Software-as-a-Service (SaaS) Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365).

You are using Azure Blob Storage for long-term storage of server logs to meet compliance requirements. These files will be accessed, at most, once per year (if ever) and do not need to be immediately accessible. How should you meet these requirements with minimal cost?

Store the server logs using the Archive storage tier. The Archive storage tier does meet the requirement to store files at a lower cost. The Archive tier also has a "rehydration" time before the files are accessible; however, that is acceptable in this scenario. This is the preferred option.

You are using Azure Blob Storage for long-term storage of security video footage to meet compliance requirements. Video files are accessed infrequently, yet must be readily available when needed. How should you meet these requirements with minimal cost?

Store video files using the Cool storage tier. The Cool storage tier is ideal for infrequently access files at a lower cost; however, the files are still readily available unlike the Archive tier.

Your company has several internal departments. Each department is responsible for purchasing its own IT equipment and services. The company plans to implement an Azure environment. You need to ensure that each department can use a different payment option for the Azure services it consumes. What should you create for each department?

Subscription A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption. Microsoft's Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and Dynamics 365) charge per-user license fees. Microsoft's Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption. Payment options can only be specified per Azure subscription. A reservation can be used to save costs on Azure resources. Azure resources, such as virtual machines, can be reserved in one-year or three-year terms, resulting in significant cost savings. However, Azure reservations are not used to manage billing for Azure services. If your organization has many subscriptions, you may need a way to efficiently manage access, policies, and compliance for those subscriptions. Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called "management groups" and apply your governance conditions to the management groups. Billing is not managed via an Azure management group. There is no such thing as an Azure payment plan

Name the Azure organizational component that associates a billing account with your Azure environment.

Subscription An Azure subscription is associated with a billing account, and it acts as your billing boundary in your Azure environment.

Your company is spread across five offices and multiple departments, all of which use various Azure services. You need a consistent method to track which office and department is using which resources when it comes to cost tracking. What is the preferred method of labeling various Azure resources to track who is using what?

Tags Tags are labels that can be attached to any Azure resource, whether they are individual services or even resource groups.

Define the concept of "scalability."

The ability of a system to handle increased load Microsoft's official definition of scalability is: "Scalability is the ability of a system to handle increased load."* Elasticity is the ability to dynamically scale to meet demand. Scaling can be dynamic or manual (such as, often, the case for vertical scaling).

What describes the cloud attribute of governance?

The ability to create and enforce standardized environments, usually to meet corporate or government requirements Features such as templates help ensure that all your deployed resources meet corporate standards and government regulatory requirements. In addition, you can update all your deployed resources to new standards as standards change. Cloud-based auditing helps flag any resource that is out of compliance with your corporate standards and provides mitigation strategies. Depending on your operating model, software patches and updates may also automatically be applied, which helps with both governance and security.

You are designing an Azure infrastructure solution for your company's application. This solution must continue to function if a single datacenter goes offline. For compliance reasons, your infrastructure and data must reside in the same general location. How should you design this infrastructure?

Within a single region, replicate your infrastructure across multiple availability zones in that region. Availability zones provide a level of fault tolerance within a single region (or general location). Each availability zone is a self-contained datacenter. By replicating resources across multiple availability zones, if 1 zone (or datacenter) goes offline, the other availability zones in the same region can continue to host your application.

What is the security model that assumes all users are untrustworthy until they prove otherwise with a valid identity?

Zero Trust Zero Trust is the security model that assumes all users are untrustworthy until proven otherwise, regardless of location.

Which of the following operating systems can have Azure CLI and Azure PowerShell installed? Choose all that apply.

macOS Linux Windows

Your company is beginning the process of migrating its existing applications to Azure. A business-critical accounting application requires authentication with the NTLM protocol. This application will be migrated to a virtual machine in Azure. You intend to eventually retire all on-premises resources and be 100% hosted in the cloud. You need to use your existing Active Directory (AD) domain/namespace in a cloud-hosted solution. What options are available for hosting this application in Azure while still being able to authenticate with Active Directory?

Configure an Azure VM with Windows Server and operate as an Active Directory domain controller. Configure the application to authenticate with your VM-hosted AD server. This is referred to as self-managed AD, where you are in charge of configuring and maintaining a Windows Server acting as a domain controller. Self-managed AD on an Azure VM can use an existing domain namespace.

You currently have two Azure Pay-As-You-Go subscriptions. You would like to combine these into a single subscription. How can you accomplish this?

Contact Microsoft Azure Support The only way to combine Azure subscriptions is to open a support case with Microsoft. There is no such feature in the Azure Portal to combine Azure subscriptions. There is no such CLI command to merge subscriptions. There is no such PowerShell cmdlet either.

What describes the cloud attribute of security?

Having full control, or even choosing how much control you want, over your cloud resources' security configuration If you want maximum control of security, Infrastructure as a Service provides you with physical resources but lets you manage the operating systems and installed software, including patches and maintenance. If you want patches and maintenance taken care of automatically, Platform-as-a-Service or Software-as-a-Service deployments may be the best cloud strategies for you

You maintain a pool of identical virtual machines that serves an application behind a load balancer. When customer demand increases, you need to add additional copies of the virtual machine to the pool to meet customer demand. What cloud attribute does this demonstrate?

Horizontal scaling Horizontal scaling (or scaling out) is defined by adding additional copies of a resource, like a VM or container, to a resource pool

What describes the cloud attribute of management?

How you interact with and implement different cloud-based resources Manageability has two aspects: 1. How you create and manage resources, which includes autoscaling, template-based deployments, and monitoring/alerts. 2. How you interact with your cloud environments, including via the web portal, command line, and programmatic APIs.

Your company hosts VM servers in both Azure and AWS. Each cloud server uses its own management tools. In an effort to reduce administrative overhead, your CIO is requesting information on Azure-native services to manage policies on servers in both locations in the same place. Ideally, they want to apply the same Azure RBAC policies and automation routines on both Azure and AWS servers. How can you accomplish this request?

Implement Azure Arc to manage and govern AWS servers within Azure. Azure Arc extends the Azure control plane to non-Azure compute resources, such as AWS and on-premises.

Your company, Llamas-R-Us, currently owns a datacenter with 150 servers for various operations. Periodically, additional compute capacity is required beyond what your datacenter can support. Your CTO has requested a solution that will quickly and temporarily provide additional compute capacity when it is needed. Any solution must minimize costs and administrative effort. What should you recommend?

Implement a hybrid cloud solution A hybrid cloud utilizes an existing on-premises network (or datacenter) and connects it to a public cloud environment. This allows you to retain your existing datacenter infrastructure, while at the same time supplementing your compute capacity with cloud offerings when needed.

What is the name of the query language that Log Analytics uses?

KQL Kusto Query Language (KQL) is the query language used by Log Analytics.

What describes the cloud attribute of predictability?

Knowing what your application will cost with real-time tracking of resource usage as well as knowing that your application will perform consistently regardless of customer load Predictability of performance is achieved with features such as autoscaling and load balancing. Predictability of performance is achieved with real-time tracking of resource usage/costs as well as predicting future costs based on current resource usage.

Which cloud concept describes the ability of a cloud service to be accessed quickly from any location via the internet?

Low latency Low latency is the ability of a cloud service to be accessed quickly from any location via the internet.

Which cloud attribute describes how you manage and interact with cloud resources?

Manageability Manageability has two aspects: 1. How you create and manage resources, which includes autoscaling, template-based deployments, and monitoring/alerts. 2. How you interact with your cloud environments, including via a web portal, command line, and programmatic APIs.

Which of the following is true in relation to Azure Management Groups?

Management Groups allow you to apply policies with flexible hierarchies to multiple subscriptions.Azure management groups provide a level of scope above subscriptions. You organize subscriptions into containers called management groups and apply your governance conditions to the management groups. For example, you can apply policies to a management group that limits the regions available for virtual machine (VM) creation

Your company, A Llama Guru, has increased its usage of Azure services over time. They are now using multiple subscriptions across various sectors of the company for a wide range of projects. As the number of subscriptions has increased, managing access and permissions across your numerous subscriptions has become quite cumbersome. What would you recommend to easily manage multiple subscriptions from a single source?

Management groups Management groups are an Azure resource management scope that sit above individual subscriptions. They are in fact a grouping, or collection of multiple subscriptions. Permissions, policies, and compliance settings applied to a management group are automatically inherited by all subscriptions inside of that group.

You have a virtual machine that is highly sensitive and requires complete isolation from any other virtual machines. What is the best service to use to achieve this requirement?

Virtual network To completely isolate the virtual machine you would use a separate Virtual Network. Although it is possible to achieve this via routing tables and separate subnets in the same VNet, a separate VNet ensures complete isolation.

You need to choose a performance option for an Azure storage account. This storage account will host multiple storage formats, and will need to keep costs low, while maintaining an acceptable level of performance. Which performance option should you choose?

General-Purpose v2 General-purpose v2 is the standard performance option which supports all storage types. It provides an acceptable level of performance for most workloads; however, does not include high performance low-latency operations. It also costs less than the premium performance options.

You need to create a network drive in Azure Storage. The drive needs to be accessible from several computers that run Windows 8.1. What storage solution should you create?

A File service in a storage account Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS.

You need to create an Azure storage solution that will store messages created by an Azure web role. The messages will then be processed by an Azure worker role. What type of storage solution should you create?

A Queue service in a storage account Azure Queue storage is a service for storing large numbers of messages that can be accessed from anywhere in the world via authenticated calls using HTTP or HTTPS

In Azure Active Directory, a user can be a member of how many AAD tenants and a guest in how many tenants outside their organization?

A user can be a member of a single AAD tenant and a guest of up to 499 outside tenants. A user can be a member of a single AAD tenant and a guest of up to 499 outside tenants. There is a difference between an account tied to a host tenant and the same account being a guest on other tenants. Azure AD's service limits and restrictions lump them together.

You are deploying an application to Azure Virtual Machines. You want to ensure that the application will remain available in the event of a hardware failure or an OS update. What Azure concept will help most in this task?

Availability set An availability set consists of 2 or more virtual machines in the same physical location within an Azure datacenter. This configuration ensures that only a subset of the virtual machines in an availability set will be affected in the event of hardware failure, OS update, or a fault domain issue, since the VMs would reside on different racks. Availability zones protect applications from complete Azure datacenter failures, which affect all VMs within the Availability set, however datacenter failures were not a requirement in this scenario.

What tool provides cost information and would help to identify underutilized and idle Azure resources in order to help reduce overall spending?

Azure Advisor Advisor helps you optimize and reduce your overall Azure spending by identifying idle and underutilized resources

Which Azure service can host your web apps without you having to manage underlying infrastructure?

Azure App Service Azure App Service enables you to build and host web apps, mobile back-ends, and RESTful APIs in the programming language of your choice without managing infrastructure.

Which cloud attribute is defined as being able to create and enforce standardized environments, usually to meet corporate or government requirements?

Governance Governance describes enforcing standards via templates and policies that dictate what can and cannot be created. It also includes the ability to audit cloud environments to alert if any resources are out of compliance.

Your corporation relies on compute services hosted on-premises, on Azure, and on AWS. You recently deployed Microsoft Defender for Cloud to your Azure resources and have been very pleased with the result. You would like to implement the "single pane of glass" functionality of Defender for Cloud for your AWS and on-premises resources. What is a required prerequisite to achieve this?

AWS and on-premises resources must first have Azure Arc enabled. Azure Arc is the standard method of integrating non-Azure resources with Azure management tools and is a prerequisite to integrate external locations with Microsoft Defender for Cloud. Please note that Azure Arc integration was not a prerequisite in the older version of Azure Security Center (now Defender for Cloud), but it is now a prerequisite.

Your website has recently been experiencing a higher number of errors in addition to performing below expectations. Which Azure tool is recommended to troubleshoot errors and performance bottlenecks?

Application Insights Application Insights provides valuable data on web-based applications, such as performance, customer usage, error reporting, and more.

You need to prevent any modifications to the configuration of a critical VM in an Azure resource group such as changing the VM size. You also need to prevent any accidental deletion of the VM. What should you use to accomplish this task?

Apply a read-only lock on the VM. A read-only lock prevents both deletion AND modification of our locked resource.

What do you use to make sure that users of your application are who they say they are?

Authentication Authentication is confirming users are who they say they are.

What is the purpose of Azure Blueprints?

Automated and repeatable environment setup in Azure. Azure Blueprints provides automated and repeatable environment setup in Azure. It is able to implement: - Role assignments - Policy assignments - Azure Resource Manager templates (ARM templates) - Resource groups

Your Azure subscriptions uses a number of different services spread across multiple resource groups. You need an all-in-one view of the current and predicted costs of your resources. Which tool would you use to find this information?

Cost Management Cost Management monitors and analyzes the cost of your current Azure resources.

What is the necessary process for creating a hosted Azure Files storage service on Azure for Server Message Block (SMB) file storage?

Create a storage account. Then, create an Azure Files share on the storage account. Azure Files are hosted inside of a storage account.

You've been given the task of creating a company-owned Azure network infrastructure that establishes a secure, private connection to all resources in those networks using only Azure's private network backbone. Your Azure resources are located in 2 different regions. What Azure services should you use to accomplish this task?

Create a virtual network in each region, and connect both networks with network peering. Network peering allows you to connect multiple virtual networks over the private Azure network for a private network connection.

What is the concept in which you layer multiple stages of security such as physical security, network security, etc., to create a robust defense against cybersecurity threats?

Defense in depth Defense in depth is the concept in which by layering different security measures, protection against security threats is greatly increased.

You are deploying an application to Azure, hosted on virtual machines. You need to increase the reliability of this application, ensuring it is still available even if there is a datacenter outage. What should you do to ensure reliable operation of your application in case of a disaster?

Deploy additional virtual machines to host the application in another zone. Zones within a region are separate locations or datacenters in the same geographical area. Deploying additional machines to another zone will increase the reliability of the solution in case one of the datacenters is unavailable.

What is the preferred method to run Azure serverless services, like Logic Apps, on your on-premises servers?

Enable Azure Arc on your on-premises servers. Azure Arc enables Azure serverless services (like Logic Apps) to run on non-Azure servers as a containerized workload.

What is the purpose of Azure Conditional Access Policies?

Enforce conditions to grant or deny access to Azure AD resources in addition to username/password authentication. Conditional Access Policies effectively use a series of if/then statements to either grant, deny, or grant (with conditions) access to an Azure AD resource.

What is the purpose of Azure Arc?

Extends Azure's control plane, allowing you to manage non-Azure resources as if they were in Azure Azure Arc extends Azure's management and governance abilities to non-Azure computing sources allowing Azure management regardless of where your compute is hosted.

You need to create a virtual machine with the following disk requirements: - Hold up to 64TB in a single disk - Highest possible performance with sub-millisecond latency Which disk type should you select for your virtual machine?

Ultra Ultra disks are the most expensive, yet highest-performing disk types available for Azure virtual machines. They support up to 64TB on a single disk.

What is the preferred method to synchronize user identities on an on-premises Active Directory server with Azure AD?

Use Azure AD Connect in your on-premises environment to synchronize on-premises and Azure AD accounts. Azure AD Connect in an on-premises environment is capable of synchronizing on-premises and Azure AD accounts, so users can be signed in and be managed in both locations without having to maintain 2 separate Active Directory environments.

You need to implement multi-factor authentication (MFA) for Microsoft Cloud apps across your entire organization. The requirement for MFA needs to be centrally rolled out and enforced. What Azure functionality should you use to accomplish this task?

Use a Conditional Access policy to roll out MFA to the entire organization Conditional Access policies are a component of Azure Active Directory that let you create if-then statements for allowing/denying authentication to different applications, including conditions to require multi-factor authentication. They provide centralized conditional access that can be enforced company-wide.

You maintain a single virtual machine (VM) as an internal server. This server has two CPUs and 8 GB RAM. You decide to increase the capacity of the same server to four CPUs and 16 GB RAM. Which cloud attribute is this an example of?

Vertical scaling Vertical scaling (or scaling up) is increasing the compute capacity of an existing resource, usually by adding more CPUs or RAM to an existing VM.


Ensembles d'études connexes

NR 507 Pulmonary System & Function

View Set

HESI PN Obstetrics/Maternity Practice Exam, Pediatrics HESI PN Review, Hesi Peds, PN HESI Peds, Peds & Maternity HESI, HESI Maternity/Pediatric Remediation

View Set

Community Final; Chapter 17, 20, and 21

View Set

Chapter 1- The Sociological Perspective, Sociology Chapter 1 : the Sociological Perspective

View Set

Int. Biochem & Organic Chemistry Final Review

View Set

Chapter 2: PrepU - Health Education and Health Promotion

View Set

Constitutional Powers - Final Exam

View Set

life insurance practice questions (ones I got wrong)

View Set

Pre-Ch 4: Activity based costing

View Set