AZ-900 Test 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

An Azure subscription can be associated to a single Azure Active Directory (Azure AD) tenant.

xplanation An Azure subscription can only be associated with one, single Azure AD tenant. On the other hand, if it makes sense from a technical perspective, you could associate multiple subscriptions to the same Azure AD tenant. "An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices.

Recommended regions in Azure cloud include multiple datacenters.

A recommended region represents a set of datacenters or availability zones deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. So the correct answer is Yes. Alternate regions (designated in the Azure portal as other.), are not designed to support availability zones.

Your company has decided to migrate all its services to Microsoft Azure. You need to deploy an Azure architecture and use only Platform as a Service (PaaS) services available in Azure. Solution: You decide to use Azure Storage accounts and Azure App Service. Does this meet the goal?

Azure App Service is a PaaS (Platform as a Service) Azure offering. On the other hand, Azure Storage accounts represent Azure IaaS (Infrastructure as a Service) offering. For this reason, the proposed solution does not meet the goal.

Which of the following represents a platform-as-a-service (PaaS) Azure service?

Azure Cosmos DB service represents a platform-as-a-service (PaaS) offering. In order to use Azure Cosmos DB, you need to first create an Azure Cosmos account, and then continue and add databases, containers and items under it. "Azure Cosmos DB is a fully managed platform-as-a-service (PaaS). To begin using Azure Cosmos DB, you should initially create an Azure Cosmos account in your Azure resource group in the required subscription, and then databases, containers, items under it." - microsoft.com

You have recently signed up for an Azure account and you are now preparing for a large migration project to Azure cloud. In order to be able to migrate all your resources to Azure, you need to increase your subscription quota limits. Which of the following menus available in Azure portal would you use ? ​

Explanation In order to request a quota increase, you should open a new support request with Microsoft by navigating to Help + support menu, available in the Azure portal.

Traffic leaving Azure data centers (outbound traffic) is always free.

Explanation The general pricing rule that you need to be aware of is that data going into Azure is always free (inbound to Azure), while data leaving Azure data centers (outbound from Azure) is charged. This concept applies to ExpressRoute circuits, VPNs, direct Internet connection to Azure, etc., you name it. For this reason, this statement is False.

After a service transitions from public preview and becomes generally available, the service will not be updated anymore.

After a service is tested, improved and transitioned to GA phase, it can be purchased and used by any Azure customer. The service will continue to be updated and receive updates until Azure decides to discontinue and retire the product.

Please select the appropriate option to complete the following sentence: .......... represents an Azure analytics service, based on Apache Spark.

"Azure Databricks is a data analytics platform optimized for the Microsoft Azure cloud services platform. Azure Databricks offers three environments for developing data intensive applications: Databricks SQL, Databricks Data Science & Engineering, and Databricks Machine Learning." - microsoft.com

You can use Azure Monitor service to monitor both cloud and on-premises environments.

"Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments." - microsoft.com

Azure AD Join allows you to join Android devices to Azure Active Directory (Azure AD).​

Azure AD join only applies to Windows 10 devices. "You can configure Azure AD joined devices for all Windows 10 devices with the exception of Windows 10 Home." - microsoft.com

You need to deploy a few physical severs in your cloud environment. Which of the following cloud deployment models allow you this option?

A private cloud represents an on-premises data center, so you can deploy physical servers in your own infrastructure. Running your applications and services in a hybrid cloud deployment model means that you are running some of your apps in a private cloud and the rest of your apps in public cloud. Obviously, you can deploy physical servers on-premises, in your own data center (private cloud), which overall means that you can deploy servers in a hybrid cloud deployment model.

Azure Active Directory Domain Services (Azure AD DS) allows you to create Group Policies.

Active Directory Domain Services (AD DS) is a server role in Active Directory that allows admins to manage and store information about resources from a network, as well as application data, in a distributed database. AD DS can also help admins manage a network's elements (computers and end users) and reorder them into a custom hierarchy, if needed. Group Policy is an infrastructure used by admins to implement specific configurations for users and computers as a part of an organisation's security policies. These policies are also known as Group Policy Objects (GPOs). "Settings for user and computer objects in Azure Active Directory Domain Services (Azure AD DS) are often managed using Group Policy Objects (GPOs). There are some predefined built-in GPOs and you can customise these to configure Group Policy as needed for your environment." - microsoft.com

Your company has decided to migrate all its services to Microsoft Azure. You need to deploy an Azure architecture and use only Platform as a Service (PaaS) services available in Azure. Solution: You decide to use Azure App Service and Azure virtual machines. Does this meet the goal?

Azure App Service is a PaaS (Platform as a Service) service. On the other hand, Azure virtual machines represent Azure IaaS (Infrastructure as a Service) offering. For this reason, the proposed solution doesn't meet the goal.

You received a new urgent task to create several Azure virtual machines in your Azure environment. Unfortunately, you are on holiday and you have available only your smartphone that runs Android operating system. Solution: You decide to use PowerShell, available in Azure Cloud Shell, and deploy the VMs. Does this meet the goal?

Azure Cloud Shell is a very powerful tool available in Azure Portal. Within Azure Cloud Shell, you can choose either Bash or PowerShell to configure or manage your Azure subscription. Very important to note and understand is that in order to access Azure Cloud Shell (Bash or PowerShell), you only need a valid internet connection to connect to Azure Portal. Once you connect and authenticate with Azure Portal, you can then launch Azure Cloud Shell, choose either Bash or PowerShell and deploy whatever Azure services you want or need. So, for this scenario, it's really not relevant that you will be deploying Azure virtual machines from your Android phone, or Android tablet maybe. The configuration can be performed from any device that is able to connect to internet and successfully open a browser. "1. Start Azure Cloud Shell - Launch Cloud Shell from the top navigation of the Azure portal. 2. Select either Bash or PowerShell environment 3. Run Bash or PowerShell commands in the Azure Cloud Shell console" - microsoft.com

Your manager has asked you to migrate App1 from on-premises to Azure. App1 is currently running in the production environment and is responsible with sending email notifications, based on a rule that you have previously configured. The new app that will be running in Azure needs to be based on a serverless computing solution available in Azure portfolio. Which of the following should you include in the new design ? ​

Azure Logic Apps can be used and integrated with your applications to send email notifications based on conditions that you configure. You can use Logic Apps to send email notifications from your Office365 or even personal Gmail account.

Azure Monitor service is capable of sending alerts to Azure action groups.

Azure Monitor can be configured to send alerts, based on conditions that you define, to either individual recipients or groups of recipients. If you need to send alerts to multiple recipients at once, you can simply use action groups, which are available in Azure. "Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action. Alert rules based on metrics provide near real time alerts based on numeric values." - microsoft.com

Azure Monitor service can send alerts based on data collected in an Azure Log Analytics Workspace.

Azure Monitor uses multiple scopes and signals for alerting purposes, which is known as the Target Resource. A target can be any Azure resource, for example virtual machines, storage accounts, but also Log Analytics workspaces. So the target resource is the resource being monitored, Azure Log Analytics in this scenario. Next, a Signal is emitted by the target resource. Common examples of signals are metrics, activity logs, simple logs, etc. Last, but not least, the Criteria concept ties all the puzzle pieces together. Criteria represents the combination of signal - emitted by the target resource and the logic or condition being monitored on the target resource. Some common examples for logic applied on target resource include percentage CPU over a specific value (%), server response time over a specific value (ms), etc

You are working for a multinational company that has local presence with offices in 40+ countries. As per company policy, you need to make sure that Azure resources are created in an Azure region where each office is located. What Azure service would you use in order to meet the policy requirement ?

Azure Policy is a service in Azure that you use to define, assign, and, manage standards for resources in your environment. You can use an Azure Policy for many useful tasks, such as: - prevent the creation of disallowed resources - ensure new resources have specific settings applied - run evaluations of your existing resources to scan for non-compliance.

You can use Azure Site Recovery in order to provide .......... to your Azure virtual machines.

Azure Site Recovery can help you design a business continuity and disaster recovery (BCDR) strategy. Having a BCDR strategy in place is one of the best practices now-a-days, and can help you keep your data safe, and your apps and workloads online, when planned and unplanned outages occur. "Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location. You can set up disaster recovery for your Azure VMs from a primary region to a secondary region (backup)." - microsoft.com

Your company has decided to migrate all its services to Microsoft Azure. You need to deploy an Azure architecture and use only Platform as a Service (PaaS) services available in Azure. Solution: You decide to use Azure SQL databases, Azure virtual machines and Azure Storage accounts. Does this meet the goal?

Azure virtual machines and Azure Storage represent Azure Infrastructure as a Service (IaaS) service offering, therefore the solution does not meet the requirements. The proposed solution includes only one Azure PaaS service - Azure SQL databases.

You have been working on a new migration project for several weeks already. The project manager has asked you to configure Azure to send email alerts when the cost of the current billing period for the Azure subscription exceeds a specified limit. What will you use in this case?

Budget alerts are simple to understand and use with your Azure subscription(s). Simply put, you define a maximum cost threshold that you want to spend within Azure, and when the threshold is met, you will receive an email alert. For example, if you configure a $10 budget and associate this to your Azure Production Subscription, when your VMs spending reaches $10 limit, you will receive an email alert.

Your company is preparing to audit the whole infrastructure running in Azure. The CTO is very much interested to track company's regulatory standards and regulations, such as ISO 27001, and others as well. Which of the following resources can help?

Compliance Manager will soon be removed from the Service Trust Portal, and all configurations and information will be lost. This is a commercial strategy from Microsoft side. Now if you are a Microsoft-365 user you can use Microsoft-365 compliance, and if you are and Azure user, you can use Regulatory Compliance included in Azure Security Center.

The company CFO is concerned about the costs generated by traffic between Azure services, in the same region. Please evaluate the following statement and select Yes if the statement is true, otherwise select No. You explain to CFO that data traffic between Azure services within the same Azure region is always free. ​ Yes (Correct)

Data transfer between Azure services located within the same region is not charged. And because an Azure region contains multiple availability zones, this means that data transfers between availability zones is not charged. One thing to note is that this is subject to change, starting July 1st, 2022.

Please evaluate the following statements and decide if they are True or False: 1. A Platform as a Service(PaaS) solution provides full control over the operating systems running on the backend servers. 2. A Platform as a Service(PaaS) solution provides additional memory to apps by changing pricing tiers. 3. A Platform as a Service(PaaS) solution can automatically scale the number of instances.

Explanation "Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple apps to sophisticated cloud-based applications." - microsoft.com

You received a new urgent task to create several Azure virtual machines in your Azure environment. Unfortunately, you are on holiday and you have available only your smartphone that runs Android operating system. Solution: You decide to use the Azure portal and deploy the VMs. Does this meet the goal?

Explanation "The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments." - microsoft.com So, indeed, you can use Azure portal to deploy your virtual machines. It really doesn't matter what device you use to connect to Azure portal, either Android phone or tablet, Windows OS laptop or any kind on Apple device. Bottom line, the configuration can be performed from any device that is able to connect to Internet and successfully open a browser.

Your company has decided to migrate all its services to Microsoft Azure. You need to deploy an Azure architecture and use only Platform as a Service (PaaS) services available in Azure. Solution: You decide to use Azure App Service and Azure SQL databases. Does this meet the goal?

Explanation Azure App Service and Azure SQL databases are examples of Azure Platform as a Service (PaaS) solutions. For this reason, the proposed solution meets the goal. "Azure App Service is a PaaS service offering - managed production environment. App Service automatically patches and maintains the OS and language frameworks for you. Spend time writing great apps and let Azure worry about the platform. - microsoft.com => Azure APP service is PaaS Azure SQL Database is a fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. Azure SQL Database is always running on the latest stable version of the SQL Server database engine and patched OS with 99.99% availability." - microsoft.com => Azure SQL Database is PaaS

You received a new urgent task to create several Azure virtual machines in your Azure environment. Unfortunately, you are on holiday and you have available only your smartphone that runs Android operating system. Solution: You decide to use Bash, available in Azure Cloud Shell, and deploy the VMs. Does this meet the goal?

Explanation Azure Cloud Shell is a very powerful tool available in Azure Portal. Within Azure Cloud Shell, you can choose either Bash or PowerShell to configure or manage your Azure subscription. Very important to note and understand is that in order to access Azure Cloud Shell (Bash or PowerShell), you only need a valid internet connection to connect to Azure Portal. Once you connect and authenticate with Azure Portal, you can then launch Azure Cloud Shell, choose either Bash or PowerShell and deploy whatever Azure services you want or need. So, for this scenario, it's really not relevant that you will be deploying Azure virtual machines from your Android phone, or Android tablet maybe. The configuration can be performed from any device that is able to connect to internet and successfully open a browser. "1. Start Azure Cloud Shell - Launch Cloud Shell from the top navigation of the Azure portal. 2. Select either Bash or PowerShell environment 3. Run Bash or PowerShell commands in the Azure Cloud Shell console " - microsoft.com

Azure Cosmos DB is one of the many Azure popular services. What type of Azure service offering does it represent?

Explanation Azure Cosmos DB is a fully managed platform-as-a-service (PaaS) offering. In order to use Azure Cosmos DB, you need to first create an Azure Cosmos account, and then continue and add databases, containers and items under it.

Which of the following Azure services provides a platform for serverless code?

Explanation Azure provides a range of serverless execution environments, fully managed services and a comprehensive set of developer tools and services to build your applications. If we now refer to running code in Azure in a serverless manner, Azure Functions service can be used. Both containers and virtual machines represent Azure computing options, that you will pay for by renting compute power. Azure App Service doesn't meet the requirements as well, you can use App Service if you need a ready, preconfigured environment, where you can easily deploy your web apps for example.

Please evaluate the following statement and select Yes if the statement is true, otherwise select No. Europe is represented by a single Azure region.

Explanation In Europe, multiple Azure regions are available, including North Europe, West Europe, UK West, Switzerland North and some others as well. So there are multiple Azure regions available that are deployed in Europe, which leads to presented statement being False.

Azure Active Directory (Azure AD) allows you to join Windows 10 devices.

Explanation Indeed, Windows 10 devices can be joined in an Azure Active Directory (Azure AD) environment. But, why would you want to add devices to Azure AD? Simply because Azure AD can become your central point of administration, for both users and devices. "Users may register their devices with Azure AD - You need to configure this setting to allow Windows 10 personal, iOS, Android, and macOS devices to be registered with Azure AD." - microsoft.com

You have been tasked to deploy several Azure virtual machines. One of the technical requirements that you need to meet is that virtual machines remain available if a single Azure data center fails. Which of the following are the two best possible solutions?

Explanation Let's first define what Azure regions and availability zones are, by taking a closer look at Microsoft official documentation. "Azure availability zones are unique physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. A region represents a set of data centers deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network." - microsoft.com Azure virtual machines scale sets (VMSS) could also be used, but it depends how you configure them. Virtual machines in a VMSS can be deployed in same Azure availability zone or across multiple availability zones. For this reason, the best two answers are regions and availability zones.

You are working for ACME Corporation. The CTO is very much interested to have complete visibility over events that take place in company's Azure environment. You received a new task to identify an Azure service that is able to collect multiple events, coming from multiple Azure resources that you are currently running. Also, you need to ensure that events will be stored in a centralized repository. Which of the following Azure services should you use?

Explanation Let's take a closer look at all options provided. Azure Event Hubs is actually a big data streaming platform and event ingestion service. So this Azure service is dedicated to big data, which is not the case in this scenario. „Azure Analysis Services is a fully managed platform as a service (PaaS) that provides enterprise-grade data models in the cloud." (microsoft.com). Simply put, Azure Analysis Services can be used to run data analysis, fast and easy, using tools like Power BI. „Azure Stream Analytics is a real-time analytics and event-processing engine that is designed to analyze and process high volumes of fast streaming data, from multiple sources simultaneously." (microsoft.com) For simplicity, streaming data could represent for example TV online streaming, Live video streaming in general, event streaming, etc. So this leads us to the last available option, Azure Monitor. Azure Monitor can be used to collect multiple events from multiple Azure resources , storing them in a centralised repository. "Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs. Log data collected by Azure Monitor can be analyzed with queries to quickly retrieve, consolidate, and analyze collected data. You can create and test queries using Log Analytics in the Azure portal and then either directly analyse the data using different tools or save queries for use with visualisation or alert rules." - microsoft.com

Management groups can include multiple Azure subscriptions, and resource groups also can include multiple Azure subscriptions. ​ True

Explanation Management groups: These groups are containers that help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group. Subscriptions: A subscription logically associates user accounts and the resources that were created by those user accounts. Each subscription has limits or quotas on the amount of resources you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects. Resource groups: A resource group is a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed. So yes, management groups can include multiple subscriptions, this part is true, but resource groups don't include subscriptions, it's the other way around, subscriptions can include multiple resource groups.

You received a new urgent task to create several Azure virtual machines in your Azure environment. Unfortunately, you are on holiday and you have available only your smartphone that runs Android operating system. Solution: You decide to use Power Apps suite of application and services and deploy the VMs. Does this meet the goal?

Explanation Power Apps has nothing to do with the scenario presented, here's why. Power Apps is an application development environment that you can use to build custom applications. "Power Apps is a suite of apps, services, connectors and data platform that provides a rapid application development environment to build custom apps for your business needs. Using Power Apps, you can quickly build custom business apps that connect to your business data stored either in the underlying data platform (Microsoft Dataverse) or in various online and on-premises data sources (SharePoint, Microsoft 365, Dynamics 365, SQL Server, and so on)." - microsoft.com

You received a new task to deploy a critical application in Azure cloud, using Azure virtual machines. The proposed solution must provide a guaranteed availability of 99.99 percent. Which of the following options meets the requirement?

Explanation Technical requirements can be met using two virtual machines, deployed in two, separate availability zones. An Azure availability zone simply represents a data center and, in order to qualify for 99.99% virtual machine uptime SLA, you need to deploy the VMs in different data centers (or availability zones). "Availability zone - Unique physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time." - microsoft.com

Your company is analyzing the possibility to migrate its services to Microsoft Azure. Before any final decision is taken, you need to find out what data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data. Which of the following options could help in this case?

Explanation The Microsoft Privacy Statement can definitely help in this case. As Microsoft official documentation highlights, the privacy statement explains the personal data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data. „This privacy statement explains the personal data Microsoft processes, how Microsoft processes it, and for what purposes." - microsoft.com

Data transfers between Azure services located in different Azure regions are always free.

Explanation The general pricing rule that you need to be aware of is that data going into Azure is always free (inbound to Azure), while data leaving Azure data centers (outbound from Azure) is charged. This concept applies to ExpressRoute circuits, VPNs, direct Internet connection to Azure, etc., you name it. Data transfers between Azure services located in different Azure regions is charged, it is NOT free. Why? Simply because data moving between Azure regions means that data will first need to leave an Azure region, so this is outbound data transfer - which is charged, and enter the new Azure region, which is free.

Your company has started migrating multiple services into Azure. You are the Azure Administrator responsible to deploy several custom applications to Azure. Some of the applications that need to be migrated will have several prerequisite applications and services installed. Which of the following cloud deployment models would you recommend?

Explanation The key point in this question is that you are migrating custom applications to Azure and you need control and flexibility within your new environment - the Azure platform. Taking a look at all the cloud deployment models available, IaaS - Infrastructure as a Service is the one that provides you the most flexibility, as compared to SaaS or PaaS. Migrating applications to Azure IaaS - which actually means migrating to Azure virtual machines, is also known as "lift-and-shift", so taking your applications as they are, without modifying them, from traditional on-premises data centers and moving them to Azure data centers. SaaS or Software as a Service means using an application and adopting a subscription payment model. For example Microsoft Office 365, you are using the application as it is, and you pay on a monthly basis (subscription). PaaS or Platform as a Service provides you some flexibility, but coding is needed, and you can't use PaaS to take your existing applications and move them to Azure. PaaS is generally used when developing an application from scratch, so new applications developed from scratch in Azure cloud, while taking advantage of pre-built servers available in Azure.

Please evaluate the following statement and select Yes if the statement is true, otherwise select No. In Azure Portal, you are able to distinguish between services that are generally available (GA) or in public preview.

Explanation The statement is definitely true. Azure Services that are available in Public Preview are labeled accordingly, a Preview label is nicely attached to the service name. What about Private Preview? What does this mean? During Private Preview phase, Microsoft invites a few customers to take part in early access to new concepts and features. "After the public preview is completed, the feature is open for any licensed customer to use and is supported via all Microsoft support channels." - Microsoft.com So again, any new service that is in the Public Preview state is marked in Azure portal with a (Preview) label, which makes it easy to distinguish the service from a service that is in Generally available (GA) phase. Short note on GA, services in GA are available to all customers.

If your VM has a Read-only lock applied, you can add a Delete lock as well.

Explanation This is indeed possible. Read-Only Lock means authorized users can read a resource, but they can't delete or update the resource. Delete Lock means authorized users can still read and modify a resource, but they can't delete the resource.

You decide to use version control for your software project. Which of the following Azure services would you use to version your application?

Explanation Version control, also known as source control, represents tracking and managing changes to software code. Version control systems are software tools that help software teams manage changes to source code over time. So you develop an application, and this represents version 1.0 (v1.0). After some time, you add new features to your app, so the new version is, for example, v1.1. These kind of tools are especially useful for DevOps teams, since they help them to reduce development time and increase successful deployments. And again, these tools help to keep track and always have available all application versions (v.1.0, v.1.1, etc.).

Which of the following cloud deployment models owns hardware resources that are shared between multiple tenants?

Microsoft Azure is one of the major public cloud providers available today. Microsoft Azure owns the entire infrastructure, which is shared and used by tenants, which represent the customers. "Public clouds are the most common type of cloud computing deployment. The cloud resources (like servers and storage) are owned and operated by a third-party cloud service provider and delivered over the Internet. With a public cloud, all hardware, software and other supporting infrastructure are owned and managed by the cloud service provider. Microsoft Azure is an example of a public cloud." - microsoft.com

You can create a resource group inside another resource group.

Nested resource groups are not available in Azure, so deploying a resource group inside another resource group is not possible. When you create a resource in Azure, you can only define a name for it, select an Azure region (potentially an availability zone as well) and optionally attach tags.

You have previously used an Azure service that was in the public preview phase. Please evaluate the following statement and select Yes if the statement is true, otherwise select No. The Azure service is now generally available and you now need to recreate the service in Azure.

Once the service transitions to generally available (GA) phase, you can simply continue to use the service, as before. You don't need to recreate the service in Azure.

Data transfer between two different Azure regions is always free.

Outbound data transfer is charged at the normal rate and inbound data transfer is free. The pricing rule that you should keep in mind is this: outbound traffic (leaving Azure cloud or an Azure region) is NOT free, inbound traffic is free.

The company CFO is concerned about the costs the new Azure ExpressRoute connection will generate for the company. Please evaluate the following statement and select Yes if the statement is true, otherwise select No. You explain to CFO that inbound data traffic from the company's on-premises data centers to Azure cloud is always free, while using Azure ExpressRoute.

The general pricing rule that you need to be aware of is that data going into Azure is always free (inbound to Azure), while data leaving Azure data centers (outbound from Azure) is charged. This concept applies to ExpressRoute circuits, VPNs, you name it. Now, coming back to Azure ExpressRoute, all inbound data transfer is free of charge, so it will not generate any costs.

You can deploy resources in multiple Azure regions inside the same resource group.

The statement is True, here's why. The location you choose for the resource group has nothing to do with the location you choose to deploy your resources in. A resource group acts as a container for all the resources that it includes and nothing more. "A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group. You decide how you want to allocate resources to resource groups based on what makes the most sense for your organization. Generally, add resources that share the same lifecycle to the same resource group so you can easily deploy, update, and delete them as a group. The resource group stores metadata about the resources. Therefore, when you specify a location for the resource group, you are specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region." - microsoft.com

Only one Azure region is deployed in North America.

The statement is definitely false. North America includes multiple Azure regions, such as Central US, East Us, Canada East, and many others as well. You can explore the different available Azure regions by following the reference link below.

An Azure web app that queries an on-premises Microsoft SQL server is an example of .......... cloud.

There are currently three cloud deployment models available: public cloud, private cloud and hybrid cloud. Hybrid cloud deployment represents a combination between public and private clouds. This means that some of the resources are deployed and running in the public cloud data centers (for example Microsoft Azure), while the rest of your applications and services are running on your own servers, deployed in a traditional infrastructure. In this specific question, the Azure web app (which is running in Azure cloud) interacts with an SQL database that is deployed on-premises. This means that hybrid cloud deployment model is being used.

You can create your own custom Azure roles to assign custom permissions to users, groups, and service principals.

There are two types of RBAC roles available in Azure: built-in roles and custom RBAC roles. Some common built-in roles are Contributor, Owner and Reader roles. Roles are assigned to users. Basically, a role includes permissions that you need or want to assign to your users. When you assign a role to a user, you give the user permissions to perform actions included in the role definition. For example, if you assign a user the Contributor role, the user will be provided full access to manage all resources. And here is the "catch"... What resources? The RBAC role is applied at one of the levels available in the Azure hierarchy: the actual resource, resource group, subscription and management group. So, if you apply the contributor role on a resource group, for a user, the user will be provided full access to manage all resources in that specific resource group. Coming back to the scenario presented in this question, if the built-in roles do not match your needs, and you need to assign very specific permissions to your users, you can create a custom RBAC role. As the statement presents, a role can be assigned to individual users, groups of users or service principles. For this reason, the statement presented in this scenario is definitely True.

Azure resources inherit locks from the resource group they are part of.

When you apply a lock at a parent scope, all resources within that scope inherit the same lock. Even resources you add at a later time, after applying the lock, will inherit the lock from the parent scope.

While using a Software as a Service (SaaS) application, you need to make sure you apply the latest software patches and updates to your app.

When you are implementing a Software as a Service (SaaS) solution, you are responsible for configuring the SaaS solution, everything else is managed by the cloud provider. You either use the application as it is or not use it at all. SaaS requires the least amount of management. You don't need to consider any maintenance windows for upgrading and updating purposes like you would normally do when using an on premises data center. The provider of the SaaS application is fully responsible on maintaining the application. "Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools (such as Microsoft Office 365). SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually with a web browser.

The Azure Active Directory (Azure AD) tenant is deleted by default when the Azure subscription expires. ​ Yes (Incorrect)

When your Azure subscription expires, you will lose access to all the resources deployed within your Azure subscription. However, the Azure AD directory is not deleted and will remain available in your Azure account. If you don't renew your Azure subscription, but still want to use your existing Azure AD tenant, you could associate and manage the directory using a different active Azure subscription.

You can modify the Azure Active Directory (Azure AD) tenant to which an Azure subscription is associated to.

Yes, the statement is true. "An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A subscription trusts Azure AD to authenticate users, services, and devices. Multiple subscriptions can trust the same Azure AD directory. Each subscription can only trust a single directory. If needed, you can modify the Azure AD tenant to which an Azure subscription is associated to." - microsoft.com


Ensembles d'études connexes

Net income ( Operating Activities Section)

View Set

Chapter 17: Financial & Securities Regulations

View Set

6 International Parity Relationships and Forecasting Exchange Rates

View Set

Ortho: knee treatment board questions

View Set

Intro to Human Development Ch.6-7

View Set

Prepu pathophysiology Cht 26 Disorders of Blood flow

View Set

Assignment 13 - Reinsurance Transactions

View Set

Chapter 11, A Guide to Customer User Support Quiz 11, Chapter 11 Quiz Tech Cust, Tech Support Admin. Ch. 11, Tech Sup Chapter 11

View Set

FIN 3716 CH 9: Fundamentals of Capital Budgeting

View Set

Lesson 17: Real Estate Careers and the Real Estate License Law: Pop Quiz

View Set