AZ-900 Review Questions
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? An Azure geography always corresponds to a specific country. A. corresponds to a single country or a market encompassing multiple countries. B. determines where your resources can reside. C. represents physical data centers. D. No change is needed.
A (Although an Azure geography often aligns to a specific country, a geography can also align to a market, such as Europe or Asia. You can host resources in any region, so geographies by themselves do not determine where you can place resources. Geographies also do not correspond to physical data centers, but instead contain regions in which data centers reside. See Chapter 2 for more information.)
Which of the following is a good option for deploying a single VM in Azure? A. Azure portal B. An Azure Resource Manager (ARM) template C. Azure Mobile App D. PowerShell
A (Although you could use any of these options to deploy a VM, the Azure portal is the easiest option for deploying a single resource. See Chapter 7 for more information.)
Which of the following solutions would enable only you and one of your peers to access and manage an Azure VM using RDP on port 3389? A. Role-based access control (RBAC) and an Azure network security group (NSG) B. An appropriately designed Azure policy applied to the resource group containing the VM C. Azure Firewall D. Azure Front Door
A (An Azure NSG enables you to restrict access to the VM based on port, and RBAC enables you to restrict access to specific individuals. See Chapter 4 for more information.)
Which of the following accurately describes an Azure geography? A. It corresponds to a single country or to a market encompassing multiple countries. B. It always corresponds to a specific country. C. It represents a set of physical data centers. D. None of the above.
A (An Azure geography can align to a single country or to a market that encompasses multiple countries, such as Europe. See Chapter 2 for more information.)
Which of the following enables you to bring your existing licenses for SQL Server into Azure to save licensing costs? A. Azure Hybrid Benefit B. An enterprise agreement C. SQL Managed Instance D. Cosmos DB
A (Azure Hybrid Benefit enables you to potentially use your Windows Server and SQL Server licenses in Azure to save costs. See Chapter 6 for more information.)
Which of the following enables developers to create serverless workflow solutions in Azure? A. Logic Apps B. Functions C. Bot Services D. PowerShell
A (Azure Logic Apps enables you to create serverless workflow solutions in Azure. See Chapter 5 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? As a cloud service, Microsoft Azure enables your organization to budget IT infrastructure costs as a capital expenditure. A. as an operational expenditure. B. on an annual basis. C. using the Azure Pricing Estimator. D. No change is needed.
A (Azure enables your organization to pay for only those services it uses, which enables you to budget your IT infrastructure costs as an operational expenditure based on the services you consume in each month. Operational expenditures are generally those that you consume on a pay-as-you-go basis. By contrast, purchasing hardware and software would require a capital expenditure, which is an acquisition of fixed assets. See Chapter 1 for more information.)
You have a solution in Azure comprising two VMs, each with a 99.5% SLA. What is the composite SLA for the solution? A. 99.0% B. 99.5% C. 99.9% D. 99.99%
A (Composite SLAs are the product of the individual SLAs in the solution, and in this case, would be 0.995 × 0.995. See Chapter 6 for more information.)
Which of the following is not an example of a standards-based, nonregulatory organization or agency? A. GDPR B. ISO C. NIST D. All of the above
A (ISO and NIST are both standards-based, nonregulatory agencies. General Data Protection Regulation (GDPR) defines data protection and privacy requirements as a regulation in European Union law. See Chapter 4 for more information.)
Which of the following provides bidirectional communication between Internet of Things (IoT) devices and other Azure services? A. IoT Hub B. IoT Central C. IoT Connector D. None of the above
A (IoT Hub provides bidirectional communication between IoT devices in Azure. See Chapter 5 for more information.)
Which of the following statements is not true regarding Azure subscriptions? A. A subscription is aligned to a specific Azure region. B. You can move resources from one subscription to another. C. Subscriptions can help simplify Azure billing and cost management. D. You can move a subscription to a new Azure AD tenant.
A (Subscriptions are just logical containers and therefore are not limited to a single region. See Chapter 2 for more information.)
What function does the Azure Cloud Shell provide? A. It enables you to run either PowerShell or the Azure CLI from a web browser. B. It is a library of management functions that you can integrate into your web apps to monitor Azure services. C. It enables you to run PowerShell commands within the Azure CLI. D. All of the above.
A (The Azure Cloud Shell enables you to run either PowerShell or the Azure CLI from the Azure portal. See Chapter 7 for more information.)
Which of the following should you use to estimate the cost of storage that you will include with three new VMs that you need to deploy to Azure? A. Pricing Calculator B. Storage Calculator C. TCO Calculator D. Azure Advisor
A (The Pricing Calculator enables you to price individual Azure services based on factors such as CPU cores, memory, and storage capacity. See Chapter 6 for more information.)
You deploy a web app using Azure App Services and configure autoscaling for it so that it can request additional compute resources when the app experiences high increases in demand. What is this an example of? A. Elasticity B. PaaS C. Fault tolerance D. High availability
A (The capability to automatically expand resources when needed describes elasticity. This scenario does not describe resources used to quickly develop and deploy applications, so PaaS is incorrect. Fault tolerance describes the capability of a system to endure a fault in one of its resources. No fault occurs in this scenario, so fault tolerance is incorrect. High availability is generally achieved by deploying multiple resources to guard against failures, so high availability is not a correct answer. See Chapter 1 for more information.)
Which of the following data solutions would be the most cost-efficient solution for storing and retrieving sales data for your sales team using SQL statements? A. Host a database using Azure SQL Database B. Host a database using Azure Managed SQL Instance C. Install SQL Server on a VM in Azure D. Host a database using Cosmos DB
A (The most cost-effective option is to use Azure SQL Database. See Chapter 2 for more information.)
Azure App Service provides support for multiple development languages, containers, and Windows and Linux. A. Yes B. No
A (The statement is true. See Chapter 2 for more information.)
Deploying virtual machines (VMs) in a shared cloud environment is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
A (This is an example of IaaS. See Chapter 1 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Moving servers from an on-premises data center to virtual machines in Azure enables you to reduce IT staffing because Microsoft manages the infrastructure for you. A. enables you to pay for only the Azure resources you consume on a monthly basis. B. represents a platform-as-a-service (PaaS) solution. C. enables you to use additional firewall services only available in Azure to protect against security risks. D. No change is needed.
A (This scenario represents a consumption-based model where you pay for only those Azure resources that you consume. It does not involve Azure services for developing web applications, and therefore does not represent a PaaS solution. IT staffing is not necessarily reduced because you must still manage the virtual machines, operating systems, and applications running on them. Although you can use several firewall-related services in Azure, you could deploy those same or similar solutions in your own data center. See Chapter 1 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Policies enable you to specify what actions a user can take with a resource in Azure after they have authenticated in Azure. A. apply policies to a single resource or to a resource group, with the latter causing all resources in the group to have the policy applied. B. create policies in Security Center to control access to specific Azure resources. C. deploy specific sets of RBAC permissions to new Azure users. D. No change is needed.
A (You can apply policies at the resource or resource group levels, and if at the resource group, the policies apply to all resources in the group. See Chapter 4 for more information.)
Which of the following statements are not true? (Choose all that apply.) A. Microsoft can share your personal information with vendors and third parties only with your authorization. B. You must provide personal information to use some Microsoft products. C. You cannot use a work email when setting up a Microsoft account that you will then use to access Microsoft services. D. You can use a personal email account when setting up a Microsoft account that you will then use to access Microsoft services.
AC (Microsoft can share your personal information with vendors and third parties without your consent, including in response to legal actions. You can use a work email when setting up a Microsoft account. See Chapter 4 for more information.)
Your CIO suggests the possibility of moving some of your organization's resources to Azure to cut costs and improve availability and DR options. She asks you to explain how Azure subscriptions work. Choose all answers that are correct. A. An organization can have multiple Azure subscriptions associated with either the same or different Azure AD tenants. B. A subscription can contain resources only from a single region. C. You can use Azure multiple subscriptions to distribute costs to multiple groups within your organization. D. A subscription can be moved to a new Azure AD tenant.
ACD (Azure subscriptions act as a logical container similar to a resource group but at a higher level. As such, you can have multiple subscriptions aligned to a billing account, which makes answer A correct. Answer B is incorrect because a subscription can contain resources from multiple regions. The subscriptions serve as a billing node under the billing account, which enables you to segregate Azure resources and services into separate sections of your invoice, making answer C correct. You can move a subscription to a new tenant, making answer D correct. Moving a subscription does have potential consequences, however, and these are discussed in Chapter 6. See Chapter 2 for more information.)
Which of the following statements are true regarding public preview features in Azure? (Choose all that apply.) A. They are available to all Azure customers. B. The are available only by invitation from Microsoft. C. They are subject to the same SLAs as generally available (GA) services. D. They are not subject to SLAs.
AD (Services in public preview are available to all Azure subscribers and are not subject to service level agreements (SLAs). See Chapter 6 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? You can purchase Azure services only through an enterprise agreement (EA). A. as a component of your Unified Support agreement with Microsoft. B. directly from Microsoft through the Azure portal. C. only through a cloud solution provider (CSP). D. No change is needed.
B (Although you can purchase Azure through an EA, a CSP, and the Azure portal, only option B is correct as stated. See Chapter 6 for more information.)
Because of a recent network intrusion, you need to present a solution to your CIO that will enable your organization to identify pass-the-hash and reconnaissance attacks. Which of the following is an appropriate solution? A. Windows Defender B. Advanced Threat Protection C. Azure Information Protection D. Security Center
B (Advanced Threat Protection (ATP) provides protection from many kinds of security threats, including pass-the-hash, pass-the-token, and others. See Chapter 4 for more information.)
The term agility in Microsoft Azure refers to: A. The ease with which you can move workloads from on-premises to Azure and back again B. The ability to quickly adjust resources such as memory to adapt to changes in demand C. The ability to add more front-end web servers to a web application to adapt to increased demand D. The ability to quickly create redundancy in a solution
B (Agility refers to the ability to adjust resources to meet changes in demand. See Chapter 1 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Containers that you deploy in a group Azure support only the Linux OS. A. support only the Windows OS. B. share the same OS as other containers in the group. C. require configuration of the OS for each container. D. No change is needed.
B (All containers in a group share the same OS. See Chapter 2 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? A honeytoken attack tests multiple passwords against a username. A. attempts authentication against an alphabetical list of usernames. B. is an attempt to log in to a fake account that you have created. C. is an example of a pass-the-token attack. D. No change is needed.
B (A honeytoken attack is an attempt to authenticate to a fake account that you have created as a "honeypot" to attract attackers. See Chapter 4 for more information.)
Which of the following capabilities requires Azure AD Premium? A. Enabling users to reset their own Azure AD passwords B. Enabling users to reset their own on-premises passwords C. Controlling access to resources in Azure through role-based access control (RBAC) D. All of the above
B (Adding the capability to synchronize password changes to on-premises AD requires Azure AD Premium. See Chapter 4 for more information.)
Which of the following would you choose to perform management tasks in Azure as an experienced Linux administrator? A. Azure PowerShell B. Azure CLI C. Azure Tools for Linux D. Azure Power Tools for Linux
B (Azure CLI is an implementation of the Bash shell, making it an excellent management tool for experienced Linux administrators. See Chapter 7 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure China is only available to Chinese government entities. A. has less restrictive regulations than other Azure geographies. B. is a physically isolated instance of Azure. C. includes Azure services that are only available in China. D. No change is needed.
B (Azure China is a physically isolated instance of Azure designed to meet very strict Chinese regulatory requirements. The services available in Azure China are available in other Azure regions (although not all services are available in all regions). See Chapter 2 for more information.)
Azure China is a physically isolated instance of Azure available only to Chinese government entities. A. Yes B. No
B (Azure China is a physically isolated instance of Azure, but it is available to business as well as governmental organizations within China. See Chapter 4 for more information.)
You manage internal Azure billing for your organization, allocating costs to various departments based on their consumption of Azure services. Which of the following would you use to define budgets for subscriptions? A. Azure Cost Management + Billing B. Azure Cost Management C. Azure Monitor D. Azure Quota Management
B (Azure Cost Management enables you to define budgets for your Azure subscriptions and track expenditures. See Chapter 6 for more information.)
Your organization has compliance restrictions that prevent your data from traversing the Internet between your on-premises data center and your resources in Azure. Which of the following provides a solution for this requirement? A. Azure Managed VPN B. Azure ExpressRoute Direct C. Azure VPN Gateway D. Azure ExpressRoute
B (Azure ExpressRoute Direct provides similar capabilities as Azure ExpressRoute but is not routed across the Internet. See Chapter 4 for more information.)
Which of the following provides significant discounts for purchasing Azure services? A. Azure Reserved Instances (ARI) B. Azure Reservations C. Azure Managed Services D. Azure Enterprise
B (Azure Reservations enables you to reserve Azure resources with a monetary commitment and receive potentially very significant discounts as a result. See Chapter 6 for more information.)
You are planning a deployment of resources in Azure of various types to support a new project, and you want to use templates to simplify deployment and ensure that the new resources are configured the same as your existing Azure resources. Which one of the following would you use? A. Resource groups B. Azure Resource Manager C. Azure Resource Templates D. None of the above
B (Azure Resource Manager supports the use of declarative templates to define resources for deployment, enabling you to create a template based on existing resources, making option B the correct answer. The new resources will be deployed to resource groups, but the resource groups are simply logical containers used to organize your resources, making option A incorrect. Azure Resource Templates is not an Azure service, so option C is not correct. See Chapter 2 for more information.)
You want to deploy a solution that uses SQL to store and retrieve data on sales managers, sales quotas, and seller attainment. You want to minimize cost and configuration effort. Which solution achieves these goals? A. Use Cosmos DB to host the data. B. Use Azure SQL Database to host the data. C. Use a VM with SQL Server installed to host the data. D. None of the above.
B (Azure SQL Database enables you to host SQL databases in Azure without standing up and managing a virtual machine or the SQL Server application. Cosmos DB is a NoSQL solution designed to store and manage nonstructured data, making option A incorrect. Although you could deploy a VM with SQL Server and host the data, doing so increases consumption cost and management overhead, making option C incorrect. See Chapter 2 for more information.)
Which of the following would you use to view status information about resources that your organization hosts in Azure? A. Azure PowerShell B. Azure Service Health C. Azure portal D. Azure Security Center
B (Azure Service Health enables you to view status information for resources that you host in Azure. See Chapter 4 for more information.)
Microsoft Azure enables your organization to move IT expenditures to: A. Capital expenditures B. Operational expenditures C. A controlled expense model D. None of the above
B (Azure is a consumption-based cloud model in which you pay only for the services that you consume, enabling you to move from a CapEx model to an OpEx model. See Chapter 1 for more information.)
Which of the following would enable your organization to monitor and control thousands of sensors deployed in a manufacturing facility, including analyzing telemetry from the sensors? A. IoT Hub B. IoT Central C. IoT Connector D. Azure Sphere
B (IoT Central enables you to monitor and control IoT devices. See Chapter 5 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Microsoft provides at least 30 days' notice before it retires an Azure service. A. 6 months B. 12 months C. 2 year D. 5 years
B (Microsoft provides 12 months' notice before retiring an Azure service. See Chapter 6 for more information.)
You are an IT director for Contoso and are preparing a proposal to your CIO to move all IT infrastructure to Azure. Which of the following is an advantage to moving your infrastructure to a public cloud provider? A. You will have complete control over all infrastructure, network, applications, and all other resources in the cloud. B. You can scale your infrastructure horizontally or vertically without capital expenditure costs. C. You will reduce your operational expenditures. D. The cloud provider will manage all infrastructure for you, enabling Contoso to reduce IT staff.
B (Moving to a public cloud enables you to easily scale your infrastructure as needed. In a public cloud, you do not have full control over all resources since many of the resources are managed by the cloud provider. Your operational expenditures will increase but capital expenditures will decrease. Contoso will still need to manage the infrastructure, so a reduction in IT staff is not guaranteed. See Chapter 1 for more information.)
An Azure region: A. Describes a specific Azure data center B. Is usually paired with another region to ensure high availability C. Can span across multiple countries D. Encompasses the data centers in which all of your Azure resources reside
B (Regions are usually paired with other regions in Azure to help ensure high availability. See Chapter 2 for more information.)
You have set up a new Azure subscription and need to deploy storage to support a virtual machine. What is the first thing you must do to add storage? A. Enable the subscription to support storage. B. Create a storage account. C. Choose the appropriate blob storage tier. D. Nothing, because the VM includes blob hot access tier storage by default.
B (The first step in adding storage in Azure is to create a storage account, making option B the correct answer. You do not need to enable storage at the subscription level, and you must create a storage account before choosing a storage type or access tier, making options A and C incorrect. VMs do not include hot access tier blob storage by default, making option D incorrect. See Chapter 2 for more information.)
You need to deploy a stateful application using Azure Container Instances. Which of the following provides storage, enabling the application to store and retrieve persistent state? A. Azure Disk B. Azure Files C. Azure Blob D. Azure Archive
B (The only storage option that you can use within a container to persist data is Azure Files. See Chapter 2 for more information.)
You are the CIO for a company and are concerned about the security of your data in the cloud. You need to implement a cloud solution in which you gain the flexibility and agility of a cloud solution but maintain full control of your data and infrastructure. You propose to your CEO that you contract with a third-party cloud vendor to host your IT services, and the infrastructure on which your services will be hosted will not be used by any other organization. This represents which type of cloud model? A. Public cloud B. Private cloud C. Hybrid cloud D. Both A and B
B (The third-party provider manages the hardware, networking, and other resources for you, but you maintain control over the VMs, applications, and data. Because no other organizations are using those resources and there is no stated integration between the cloud and your on-premises services, this scenario represents a private cloud model. See Chapter 1 for more information.)
Accessing an application through a web page rather than installing the application on your local device is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
B (This is an example of SaaS. See Chapter 1 for more information.)
You are the application development director for Contoso. Your team needs to develop and bring a new web application online quickly with minimal expense. You consider using Azure Web Apps, Azure Functions, and Azure Database for MySQL. Which Azure service category does this represent? A. Infrastructure-as-a-service (IaaS) B. Platform-as-a-service (PaaS) C. Software-as-a-service (SaaS) D. Development-as-a-service (DaaS)
B (This scenario does not leverage virtual machines or infrastructure that you manage and therefore does not represent IaaS. You are developing custom applications rather than using applications provided by Microsoft, so this scenario does not represent an SaaS solution. There is no DaaS service category in Azure. See Chapter 1 for more information.)
You are an IT manager for a small company that hosts a web application for e-commerce. The web application uses two web servers and a small database cluster. As demand increases through a peak season, you want to add additional web servers to handle the increased demand, then remove those additional servers as demand decreases. You propose moving the application to Azure. Which of the following statements is true? A. The web servers can be moved to Azure but the database cluster must remain on-premises, which represents a hybrid cloud model. B. Horizontal scaling enables you to add and remove web servers to meet demand changes. C. Vertical scaling enables you to add and remove web servers to meet demand changes. D. Azure will automatically add the web servers for you as demand approaches a threshold set by the Azure App Service.
B (This scenario represents an example of horizontal scaling (scalability) because you are adding servers. If you were adding memory to the web server instead of adding servers, it would represent an example of vertical scaling. There is no restriction on moving the database cluster to Azure along with the web server. Finally, though Azure can perform both horizontal and vertical scaling, you must configure autoscaling—it does not happen by default. See Chapter 1 for more information.)
You are deploying a VM-based solution, and due to security and compliance requirements, all traffic reaching that VM must come from a single endpoint located in a different subnet. Which of the following solutions meets this requirement? A. Create a network security group (NSG) with the appropriate routing and apply the NSG to all virtual networks. B. Create a user-defined route and apply it to all subnets in the virtual network. C. Use Azure Firewall to route traffic to the target VM based on the IP address in the resource request URL. D. Create a custom route in Azure Firewall to direct traffic to the endpoint based on source and destination address.
B (To implement custom routing, create a user-defined route and apply it to all relevant virtual networks. See Chapter 4 for more information.)
You are a server administrator for Wingtip Toys, a small company that makes and distributes wooden toys. You manage a custom line-of-business (LOB) application for order management and shipping. The solution is hosted on aging servers in a server room in your manufacturing facility. You want to eventually move the application's functions to Microsoft Dynamics 365 and eliminate the custom application. You propose to your manager that you first migrate the servers into virtual machines hosted in Azure to avoid purchasing new, up-to-date hardware. The current application will run on these new VMs. This proposal represents which of the following? A. Software-as-a-service (SaaS) B. Infrastructure-as-a-service (IaaS) C. Platform-as-a-service (PaaS) D. A hybrid cloud scenario
B (You are replacing your on-premises servers with VMs hosted in Azure, which represents an IaaS solution. You are not using any development services to redesign the application (Paas) or moving to Dynamics 365 (SaaS) at this time. This scenario does not describe integration between services hosted on-premises and in Azure, so it is not a hybrid cloud scenario. See Chapter 1 for more information.)
Which of the following is not a true statement? A. You can use the Azure Mobile App to run the Azure CLI. B. You can run Azure CLI directly in the Azure portal. C. You can run the Azure CLI from within the Azure Cloud Shell. D. You can install the Azure CLI on a Windows device.
B (You cannot run the Azure CLI directly in the Azure portal, but instead must open the Azure Cloud Shell from the portal and then choose Azure CLI. See Chapter 7 for more information.)
Which of the following accurately describes Azure Monitor? A. Azure Monitor supports only Windows operating systems and SUSE Linux. B. Azure Monitor begins monitoring a resource as soon as you create the resource. C. Azure Monitor is a component service of Azure Telemetry and Reporting. D. Azure Monitor requires you to create logs and metrics to begin monitoring resources.
B (You do not need to configure Azure Monitor for it to begin monitoring a resource. Instead, Azure Monitor begins monitoring as soon as you create a resource. See Chapter 4 for more information.)
Contoso is building a web application that uses a SQL database to store data. Which of the following represents a hybrid cloud scenario? (Choose all that apply.) A. A virtual machine in Azure that hosts the web application and a second virtual machine in Azure running SQL Server B. A two-node SQL cluster in a third-party data center that hosts the data and two virtual machines in Azure running the web application C. A web application hosted in Azure that stores its data in an Azure SQL database D. A web application hosted in Azure that sends data to and from a database hosted in Contoso's on-premises data center
BD (A hybrid cloud scenario exists where services hosted in Azure interact with services hosted outside of Azure, whether in a third-party data center, your own data center, or a private cloud. Options A and C both represent a public cloud scenario because all services are hosted within Azure. See Chapter 1 for more information.)
An Azure region ________________. (Choose all that apply.) A. corresponds to a specific data center. B. is paired with another region to help ensure high availability. C. can span multiple countries. D. specifies the location of Azure resources.
BD (A region encompasses multiple data centers, so option A is not correct. Regions are paired within an Azure geography to ensure high availability for resources in the primary region. Although a geography might span more than one country (Europe as an example), regions are defined within a single country, so option C is incorrect. When you deploy resources, you must specify the target region for the resources, so in that sense regions do specify the location of Azure resources. See Chapter 2 for more information.)
Which of the following correctly describes an availability set? A. Protects against power, cooling, or other physical outages but requires distribution of additional instances to other availability zones to enable rolling updates. B. Two or more VM instances deployed to the same availability set results in a 99.99 percent SLA. C. Distributes VM instances across multiple fault and update domains to guard against outages caused by a data center outage and to enable VMs to be updated without making all instances in the set unavailable. D. A and B.
C (Achieving a 99.99 percent SLA requires that you deploy at least two instances in different availability zones within the same region. See Chapter 2 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Your organization currently has two Azure subscriptions. Adding a third Azure subscription will increase your Azure consumption and costs. A. enable you to deploy Azure resources in other regions. B. require you to create a third Azure AD tenant. C. not cause any cost increase by itself. D. No change is needed.
C (Adding an Azure subscription does not by itself result in additional costs, because a subscription is just a logical container for Azure resources, which could be existing resources that you move to the new subscription. See Chapter 6 for more information.)
Which of the following is a popular code repository for open source software development? A. Azure DevTest Labs B. Azure DevOps C. GitHub D. Azure Artifacts
C (Although Azure DevOps provides features and functions similar to GitHub, GitHub is intended for open source projects. See Chapter 5 for more information.)
You need to deploy three virtual machines that will host an application. You want the VMs to reside in the same region, but you want to guard against power or other potential outages. You also need to ensure minimum latency between the instances. Which option describes a scenario that meets your requirements and is the most cost effective? A. You deploy an additional set of three VMs to a different region and use continual replication between the two regions, then fail over to the other region in the event of an outage. B. You place the VMs in separate resource groups in the same region. C. You use separate availability zones for the VMs. D. You use separate availability sets for the VMs.
C (Availability zones are deployed across different data centers in a region, with each zone as a separate update and fault domain. Because they are in the same region, latency is minimized. Using replication across different regions is not correct because of the additional latency introduced across regions and the overhead needed to manage the replication and failover process. Resource groups are not an appropriate solution because they only provide logical organization to your resources; they have no effect on availability or performance. Availability sets are not an appropriate solution because the availability sets exist within the same data center and are subject to power or other outages at that data center. See Chapter 2 for more information.)
Which of the following is not a feature of Azure App Service? A. Support for multiple development languages, including Java and Python B. Support for Windows and Linux C. Firewall protection for apps you develop with Azure App Service D. Support for containers
C (Azure App Service provides a framework for developing and deploying web apps with support for many languages, including Java and Python. It supports both Windows and Linux platforms, as well as containers. Azure App Service does not provide firewall services by itself, but instead requires you to use the Application Gateway service for firewall protection. See Chapter 2 for more information.)
You have deployed a web application in Azure and need HTTPS traffic to be routed to a specific endpoint based on the requested URL. Which of the following load-balancing solutions provides this capability? A. Azure Traffic Manager B. Azure Load Balancer C. Azure Application Gateway D. Azure network security groups
C (Azure Application Gateway provides URL-based routing. See Chapter 4 for more information.)
Which of the following would you choose to add natural language question and answer capabilities to a web application? A. Azure Machine Learning B. Azure Cognitive Services C. Azure Bot Services D. Logic Apps
C (Azure Bot Services provides human-like interaction, including natural language question-and-answer capabilities. See Chapter 5 for more information.)
Which of the following is an appropriate solution for placing video files and large documents close to where your globally dispersed users are located to reduce latency? A. A dedicated point-to-point VPN connection between the source files and each location. B. Azure DirectRoute C. Azure Content Delivery Network D. None of the above
C (Azure Content Delivery Network (CDN) enables you to place replicas of content geographically near the users who need to consume the content. See Chapter 4 for more information.)
You need to ensure that network traffic between your on-premises data center and Azure is securely encrypted as it traverses the Internet, but you do not want your organization to manage the service. Which of the following should you choose? A. Azure VPN Gateway B. Azure Point-to-Point VPN C. Azure ExpressRoute D. Azure ExpressRoute Direct
C (Azure ExpressRoute is the appropriate solution to provide VPN across the Internet, managed by a third party. See Chapter 4 for more information.)
You need to set up a storage solution in Azure to enable you to store the state of an application from one execution of the application to the next. Which of the following storage solutions provide that capability? A. Azure Disk B. Azure Blob C. Azure Files D. Azure Archive
C (Azure Files enables you to save application state from one execution to another. See Chapter 2 for more information.)
Which of the following can you use to orchestrate container management in Azure? A. Azure Container Instance (ACI) B. Azure Resource Manager C. Azure Kubernetes D. Azure CLI
C (Azure Kubernetes provides orchestration services for containers that you create with ACI. See Chapter 2 for more information.)
Which of the following should you use to view information about planned maintenance in Azure? A. Azure Advisor B. Azure Update Center C. Azure Service Health D. None of the above
C (Azure Service Health enables you to view information about planned maintenance in Azure. See Chapter 4 for more information.)
Your organization needs to implement a solution that analyzes photos and videos. Which of the following should you consider as a solution? A. Azure Machine Learning B. Machine Learning Studio C. Cognitive Services D. Azure Analytics
C (Cognitive Services provides human-like analysis services in Azure. See Chapter 5 for more information.)
You are deploying three VMs in a single region as web front ends to a web application. You need to ensure that power outages or other potential data center outages do not make your web application unavailable. Which of the following achieves this goal? A. You place the VMs in an availability set. B. You place the VMs in separate resource groups. C. You place the VMs in different availability zones. D. You deploy additional VMs to other regions.
C (Distributing VMs across availability zones helps guard against data center outages. See Chapter 2 for more information.)
Which of the following would you use to prevent resources in a resource group from being deleted? A. Role-based access control (RBAC) B. Policies C. Resource locks D. Azure Information Protection (AIP)
C (Locking a resource with the CanNotDelete lock prevents resources in the resource group from being deleted. The lock must be removed before a resource in the group can be deleted. See Chapter 4 for more information.)
The cost per subscriber decreases as the number of Azure subscribers increases. Which benefit of cloud computing does this statement describe? A. Agility B. Scalability C. Economy of scale D. Elasticity
C (Microsoft acquires large amounts of hardware and other infrastructure resources to support Azure, enabling it to purchase at a reduced cost, which represents an economy of scale. In addition, distributing those resources among multiple customers also drives economy of scale and reduces the end cost to Consumers of Azure. See Chapter 1 for more information.)
Which of the following Azure services offers security recommendations for improving security in your Azure environment? A. Azure Advanced Threat Protection (ATP) B. Azure Information Protection (AIP) C. Azure Security Center D. Azure Service Health
C (Security Center provides recommendations on improving security, as well as monitoring and alerts. See Chapter 4 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Applying a tag to a resource group propagates the tag to all resources contained in the group. A. prevents resources in the resource group from being deleted if the tag is a CanNotDelete tag. B. determines the actions that administrators can take on resources in the group. C. applies the tag only at the container level. D. No change is needed.
C (Tags provide a means to help identify a resource group and apply only to the resource group itself, not to the resources in the group, making option C the correct answer. Locks prevent resource deletion, not tags, so option A is not correct. Tags do not control permissions in any way, so option B is not correct. See Chapter 2 for more information.)
You have been tasked by the director of infrastructure at your organization to estimate the cost of moving a data center from on-premises to Azure. Which of the following should you use to estimate the cost? A. Azure Advisor B. Pricing Calculator C. TCO Calculator D. Azure Migration Planner
C (The TCO Calculator enables you to factor in facilities costs and other factors when estimating a move from on-premises to Azure. See Chapter 6 for more information.)
Which of the following tools can you use to estimate the expense of moving a data center from on-premises to Azure? A. Azure Pricing Calculator B. Azure Cost Management + Billing C. Azure TCO Calculator D. Azure CLI
C (The TCO Calculator helps you consider the costs of facilities, power, and related expenses associated with moving services hosted in a data center to Azure.)
Your CIO has asked you to investigate Azure as an alternative to hosting resources in your on-premises data center. What is the first action you need to take before creating resources in Azure? A. Create a storage account. B. Create an account in Azure AD. C. Create an Azure subscription. D. Create an Azure AD tenant.
C (The first step before you create or use any resources in Azure is to create a subscription to host those resources. See Chapter 6 for more information.)
A service that provides the capability to deploy a SQL database without the need for you to set up a VM or install SQL Server is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
C (This is an example of PaaS. See Chapter 1 for more information.)
Your organization needs to provide a consistent user experience for running Windows applications across your enterprise, including for macOS, iOS, and Android devices. Which of the following Azure resources provide that consistent experience? A. Azure Client Emulator B. Windows 10 Enterprise C. Windows Virtual Desktop D. Microsoft 365
C (Windows Virtual Desktop provides a virtualized Windows client experience through a client installed on the user's device or through an HTLM 5-compliant web browser, which provides a consistent experience across the enterprise. There is no Azure Client Emulator service, and Windows 10 Enterprise and Microsoft 365 do not provide client OS support for macOS, iOS, or Android devices. See Chapter 2 for more information.)
Your company currently installs Microsoft Office on each user's computer using perpetual licenses that you have purchased from a licensing vendor. You propose to the CIO to transition your users to Microsoft 365 to use Office applications hosted by Microsoft, which enables your organization to work with documents in a web browser and also receive Office application updates automatically. This represents which service category? A. Infrastructure-as-a-service (IaaS) B. Platform-as-a-service (PaaS) C. Software-as-a-service (SaaS) D. None of the above
C (With Microsoft 365, Microsoft manages the Office applications that your users consume through an assigned subscription. Microsoft manages the applications and updates. Although you determine who has access through subscription assignment, Microsoft manages all other aspects of the software. This represents SaaS. Development services are not part of the solution, so PaaS is not correct. Virtual machines and other infrastructure are not involved, so IaaS is not correct. See Chapter 1 for more information.)
Which of the following would you use to ensure that the VMs added to a resource group do not exceed certain limits for the number of CPU cores and memory? A. Azure Initiatives B. Azure Configuration Manager C. Azure Policies D. Resource Locks
C (You can use Azure Policies to enforce restrictions on VM resources. See Chapter 4 for more information.)
You deploy a custom data analytics application to Azure that includes a single web front end through which the users access the application. At peak times during the day, the web server experiences very high memory usage and temporarily enters an unresponsive state due to a bug in your application. As a stopgap measure while your developers research the issue, you add a second web server and balance the load between the two web servers. Although the service sometimes slows down, the servers are able to independently recover from the memory issue and the service remains available. Scaling out the web servers resulted in improvements in which two areas? A. Disaster recovery B. Agility C. Fault tolerance D. High availability
CD (When the CPU becomes overtaxed, a fault occurs, making the application temporarily unavailable. Scaling out in this situation enabled the service to handle the fault and remain operational, resulting in improved fault tolerance. Scaling out also reduced the amount of time it was unavailable, resulting in higher availability. The service did not crash due to a major failure or disaster and therefore require restoration, so disaster recovery is incorrect. Agility is the characteristic of Azure that enabled you to quickly deploy a new VM, but adding the VM did not improve agility. See Chapter 1 for more information.)
An Azure region ________________. A. specifies the location of Azure resources. B. is always paired with another region. C. contains one or more data centers. D. All of the above.
D (All the answers correctly describe Azure regions. When you create a resource, you must specify the region in which it will reside. Regions are always paired with another at least 300 miles away in the same geography for high availability and fault tolerance. An Azure region contains at least one data center. See Chapter 2 for more information.)
Which of the following describes the benefit economy of scale as it relates to Microsoft Azure? A. The capability to distribute resources across multiple regions to reduce cost B. The ability to place resources in less expensive Azure regions to reduce costs C. The capability to automatically scale down the number of virtual machines in an Azure solution to reduce costs when demand decreases D. The decrease in price per subscriber as more subscribers are added
D (As the number of subscribers increases, the cost to provide a service to those subscribers goes down because the cost is spread across more users, providing an economy of scale. See Chapter 1 for more information.)
Which of the following statements is not true? A. Azure Advisor provides recommendations for cost management. B. Azure Advisor provides recommendations for operational excellence. C. Azure Advisor provides recommendations for security. D. Azure Advisor provides reporting for the health and status of Azure services.
D (Azure Advisor does not provide reporting for health and status of Azure services. See Chapter 4 for more information.)
Which of the following Azure services is designed for storing nonstructured data and includes support for NoSQL? A. Azure SQL Database B. Azure HDInsight C. Azure Database for MySQL D. Azure Cosmos DB
D (Azure Cosmos DB supports NoSQL and is designed to store and retrieve data in nonrelational databases, making option D the correct answer. Azure SQL Database is designed specifically to store relational SQL databases, making option A incorrect. HDInsight is Microsoft's cloud distribution of Hadoop that is designed for processing massive amounts of data, making option B incorrect. Azure Database for MySQL supports MySQL relational databases, so option D is incorrect. See Chapter 2 for more information.)
Your CIO has directed you to implement a solution that enables your organization to protect emails and documents using policies, identities, and encryption. Which of the following satisfies this requirement? A. Azure Advanced Threat Protection (ATP) B. Azure Policies C. Azure Initiatives D. Azure Information Protection (AIP)
D (Azure Information Protection (AIP) provides the capability to protect emails and documents using policies, identities, and encryption. See Chapter 4 for more information.)
You are a developer and need to store security credentials for a web application in a secure store in Azure. Which of the following meets this need? A. Azure AD Premium B. Security Center C. Azure Credential Manager D. Azure Key Vault
D (Azure Key Vault is the appropriate place to store secrets such as security credentials in Azure. See Chapter 4 for more information.)
Your organization is planning to deploy a containerized solution in Azure and needs a container orchestration service that enables you to coordinate application upgrades and easily scale out containers. Which solution meets these goals? A. Deploy the solution using Azure Container Instances (ACI). B. Deploy containers using scale sets. C. Deploy the containers using the Docker Management Portal (DMP). D. Deploy the solution using Azure Kubernetes Service (AKS).
D (Azure Kubernetes Service (AKS) is the container orchestration service offered in Azure and meets the requirements of simplified management and scalability. ACI does not provide orchestration services and is only appropriate for individual container deployments, making option A incorrect. Scale sets do not provide container management capabilities, so option B is incorrect. Option C is incorrect because there is no Docker Management Portal in Azure. See Chapter 2 for more information.)
Which of the following does not provide load balancing between resources in Azure? A. Azure Front Door B. Azure Traffic Manager C. Azure Load Balancer D. Azure network security groups (NSGs)
D (Azure NSGs do not provide load-balancing capability. See Chapter 4 for more information.)
Which of the following should you use to implement a large, repeatable deployment of resources in Azure with associated role assignments and policies? A. Azure PowerShell B. Azure CLI C. Azure Initiatives D. Azure Blueprints
D (Blueprints enable you to create large, repeatable deployments of resources in Azure with corresponding role and policy assignments. See Chapter 4 for more information.)
You decide to use Azure Container Instances (ACI) to deploy containers as part of a project to deploy a new solution. You need to describe the benefits of using containers to your project team. Which of the following does not describe containers in Azure? A. Containers can run on either Windows or Linux. B. Containers represent a single application and the application's dependencies. C. All containers in a container group share the same operating system. D. Containers require setup and configuration of a virtual machine hosting them.
D (Containers support Windows and Linux. They contain the dependencies needed to run the application. They also all share the same operating system. The only option that is not correct is D. The primary benefit to using containers is the ease with which you can deploy them without setup and configuration of a VM to host the app and dependencies. See Chapter 2 for more information.)
Which of the following is an example of authorization? A. Providing a username and password when logging in to your device B. Receiving a text message on your mobile device after providing a username and password for a website C. Presenting a passport to enter another country D. Presenting a visa to enter another country
D (In this example, the first three options are examples of authentication (identifying the holder), but do not authorize the user. The visa provides that authorization for entering the country. See Chapter 4 for more information.)
Replace the underlined section of the statement if needed to make the statement true: Azure DDoS Protection Standard alerts you to DNS attacks as they are happening. A. begins protecting resources from DNS attacks as soon as you configure DDoS on the resource. B. begins protecting resources from DNS attacks as soon as you configure the service on a virtual network. C. provides protection and alerts against DDoS attacks but does not provide mitigation reporting. D. No change is needed.
D (No change is needed, since DDoS Standard provides alerting to ongoing distributed denial-of-service (DDoS) attacks. It also provides alerting and mitigation reporting. See Chapter 4 for more information.)
As a consequence of organizational changes that require restructuring some of your IT infrastructure, you need to move virtual machines from one region to another. Which of the following methods presents the easiest solution? A. You back up the VM, restore it to the new region, and delete the original VM. B. You move the VM to a resource group located in the new region. C. You use Azure Resource Manager to move the resource to the new region. D. You configure site recovery between the regions, migrate the VM to the new region using site recovery, and fail over to the new VM.
D (Option A is incorrect because, even though the specified process would work, it does not present the easiest option. The location of a resource group does not define the location of the resources contained within the group, so option B is incorrect. Azure Resource Manager enables resource management but does not provide migration or replication features, making option C incorrect. See Chapter 2 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? A resource group in Azure serves as a logical container for Azure resources. A. provides high availability for resources within the resource group. B. protects resources in the group from being deleted. C. contains resources only from the region in which the resource group resides. D. No change is needed.
D (Resource groups are a logical container for Azure resources. They do not provide any high availability features and only serve as a container. Although you can apply locks to a resource group to prevent the resources in it from being deleted, locks are not created automatically, so option B is incorrect. The resource group can contain resources from multiple regions, making option C incorrect as well. See Chapter 2 for more information.)
What is the function of a resource group in Azure? A. It provides automatic scaling of CPU cores, memory, and other resources for VMs. B. It enables you to establish a higher SLA for VMs. C. It protects resources from being deleted. D. It serves as a logical container for Azure resources.
D (Resources groups serve as a logical container for Azure resources. See Chapter 2 for more information.)
You are considering migrating several SQL instances from on-premises to Azure. Which of the following PaaS solutions provides the best support for SQL and the easiest migration path? A. Azure Database for MySQL B. Azure SQL Database C. Azure SQL Database Premium D. SQL Managed Instance
D (SQL Managed Instance provides many of the same features as Azure SQL Database but with enhanced features, including easier migration capabilities between your on-premises SQL instances and Azure. Azure Database for MySQL is an open source alternative to SQL and does not provide the needed migration capabilities in this scenario. There is no Azure SQL Database Premium offer from Microsoft, making option C incorrect. See Chapter 2 for more information.)
You have been tasked by your CIO with moving a large amount data from on-premises to Azure. The data needs to be maintained for compliance reasons but will not be accessed unless required by an audit or litigation. Which type of storage is the most cost effective? A. Cool access storage B. File storage C. Disk storage D. Archive access storage
D (The archive access storage tier is intended for scenarios in which you must maintain data that is seldom, if ever, accessed. It provides the most cost-effective storage solution in this scenario. File storage and disk storage are both active storage types that are not intended for archival purposes. Cool access storage is intended for scenarios where you need to access data, but not frequently and only for a relatively short period of time. See Chapter 2 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Functions is a solution for creating serverless, stateless functions that can be called from other Azure services to perform data processing. A. a solution for building workflow-based functions that integrate with other Azure services to perform data processing. B. a component of Azure DevOps that helps simplify development and deployment of serverless, stateful functions for data processing. C. a library of functions you can implement in your web applications to monitor and manage Azure services. D. No change is needed.
D (The statement is correct, so no change is needed. See Chapter 5 for more information.)
Is the underlined portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Resource Manager enables you to deploy multiple resources using JSON-based templates. A. is the primary tool you use to manage resources in Azure. B. is the blade in Azure portal that provides access to resource management and monitoring tools, including management templates. C. enables you to interactively allocate additional CPU cores and memory to VMs. D. No change is needed.
D (The underlined fragment is correct. See Chapter 2 for more information.)
Which of the following in an example of vertical scaling? A. Adding VMs to a web app as demand increases B. Reducing memory allocated to VMs when demand decreases C. Adding CPU cores to a VM when demand increases D. Both B and C
D (Vertical scaling refers to adding or removing resources such as CPU cores or memory as demand changes. See Chapter 2 for more information.)