MS Azure AZ-900

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which Azure Service contains pre-built machine learning models that you can use in your own code, using an API? Azure Blueprints Azure Functions App Services Cognitive Services

Cognitive Services Explanation Cognitive Services is an API that Azure provides, that gives access to a set of pre-built machine learning models including vision services, speech services, knowledge management and chat bots.

What Azure tool gives you the ability to manage multiple subscriptions into nested hierarchies? Management Groups Resource Groups Azure Active Directory RBAC

Management Groups Explanation Management Groups - a hierarchy of subscriptions; can have many subscriptions, and group them, and put those groups into other groups See: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview

Which major cloud provider offers the most international locations for customers to provision virtual machines and other servers? Microsoft Azure Google Cloud Platform Amazon AWS

Microsoft Azure Explanation Azure has the most regions of any major cloud provider - 60+ global regions. See: https://azure.microsoft.com/en-us/global-infrastructure/regions/

True or False: Azure has the responsibility to manage the hardware in the Infrastructure as a Service model

True Explanation Yes, Azure still manages the hardware itself, the hypervisor and all of the physical elements behind the scenes See: https://azure.microsoft.com/en-us/overview/what-is-iaas/

Which of the following methods of deploying a virtual machine provides the highest availability SLA? Two or more virtual machines in a data center Two or more virtual machines in an availability set A single VM Two or more virtual machines across availability zones in the same region

Two or more virtual machines across availability zones in the same region

What is the most number of virtual machines that can me managed under a single Virtual Machine Scale Set? 100 1000 10 1

1000 Explanation Up to 1000 virtual machines can be managed under a single VMSS

High Elasticity

AUTO scaling and can also decrease capacity if needed unlike scalability. (VM scale sets/ SQL Server Stretch Database)

An IT administrator has the requirement to control access to a specific app resource using multi-factor authentication. What Azure service satisfies this requirement? Azure Function Azure Authentication Azure AD Azure Authorization

Azure AD Explanation You can use Azure AD to control access to your apps and your app resources, based on your business requirements. In addition, you can use Azure AD to require multi-factor authentication when accessing important organizational resources. See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis#which-features-work-in-azure-ad

What is Azure's preferred Identity/authentication service? Azure Active Directory Network Security Group Live Connect Facebook Connect

Azure Active Directory Explanation Azure Active Directory (Azure AD) - Microsoft's preferred Identity as a Service solution See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

What is the MAIN management tool used for managing Azure resources with a graphical user interface? Remote Desktop Protocol (RDP) Azure Portal PowerShell Azure Storage Explorer

Azure Portal Explanation Azure Portal is the website used to manage your resources in Azure See: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview

Who is responsible for the security of the physical servers in an Azure data center? Azure is responsible for securing the physical data centers I am responsible for securing the physical data centers

Azure is responsible for securing the physical data centers Explanation Azure is responsible for physical security See: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security

Cloud Hosting

Best of both worlds. Multiple physical machines acting as one system (the cloud) . Flexible, scalable, secure, cost-effective, high configurability. Speeds and capacity get significantly faster and the pricing model shifts from a fixed cost to a pay for what you consume. Essentially, you are renting computer power and storage from someone else's datacenter.

AZ Supported Regions

Central US East US 2 West US 2 West Europe France Central North Europe Southeast Asia If a Recommended region does not have 3 AZs, azure will show "No infrastructure redundancy required"

Common Cloud Services

Compute, Storage, Networking, Databases

Evolution of compute

Dedicated, VMs, Containers, Functions

Paired Regions

Each region is paired with another region 300 miles away Only one region at a time is update to ensure availability Some Azure Services rely on Paired regions for DA (eg. Azure Geo-Redundant storage)

Public Cloud

Everything is built on CSP. -Most cost-effective -Default security controls might not meet security requirements -Limited configuration -Easy to use Everything is running within Azure in public cloud (aka cloud-native) (ex: VM and database both running on a domain)

True or False: Azure is a public cloud, and has no private cloud offerings

False

True or false: there are no service level guarantees (SLA) when a service is in General Availability (GA)

False Explanation False, most Azure GA services do have service level agreements See: https://azure.microsoft.com/en-ca/support/legal/sla/

True or false: You cannot have more than one Azure subscription per company

False Explanation You can have multiple subscriptions, as a way to separate out resources between billing units, business groups, or for any reason you wish. See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/subscriptions/

Infrastructure as a Service (Iaas)

For Administrators - Basic building blocks of cloud IT. Provides access to networking features, computers and data storage space. Don't worry about IT staff, data centers and hardware. (ex: oracle cloud, azure, aws)

Service Availability Categories

Foundational Mainstream Specialized

Compute

Imagine having a virtual computer that can run an application, programs and code.

Recommended Regions

Majority of services are available

Specialized

May become available in recommended or alternate regions based on customer demand.

Update Domain

Neither domain will be update at the exact same time.

Are all cloud services available in every region?

No. Recommended regions

Private cloud

On-Premise. Everything is built on company's datacenter. -Most expensive -Security limited by knowledge -Requires in-depth knowledge of all lvls of your infrastructure Could use an open-source CSP (i.e. openstack) instead of azure. Uses cloud service but company must manage and maintain their own servers/ datacenters.

Availability Zones (AZ)

Physical location made up of one or more datacenter. A region generally contains 3 availability zones. Low-latency. Its common practice to run workloads in at least 3 AZs.

Azure Services can go through several phases in a Service Lifecycle. What are the three phases called? Preview Phase, General Availability Phase, and Unpublished Private Preview, Public Preview, and General Availability Development phase, QA phase, and Live phase Announced, Coming Soon, and Live

Private Preview, Public Preview, and General Availability

Cloud Deployment Models

Public Cloud, Private Cloud, Hybrid Cloud, Cross-Cloud

Which ways does the Azure Resource Manager model provide to deploy resources? REST API / SDK Powershell CLI Azure Portal

REST API / SDK Powershell CLI Azure Portal Explanation All of those ways can be used to deploy or manage resources using ARM See: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview

Special Regions

Special regions are designed to meet compliance or local regulations. (ex: US DoD Central, US Gov Virginia, US Gov Iowa)

Shared Hosting

Still one physical machine but multiple businesses share the costs. Relies on most tenants under-utilizing their resources. Performance can suffer if one of these business is using a lot of resources. Very, cheap, very limited.

Virtual Private Server

Still one physical machine dedicated to an individual business but can be divided into sub-machines each set to each run individual apps or sites.

Dedicated Server

The OG approach. A single physical machine that runs a single web-app or site. Very expensive and high maintenance. Highly customizable can be very secure.

What feature of a system makes it elastic? The ability to stay up (available) while updates are being made to the system The ability to heal itself after a crash The ability to increase and reduce capacity based on actual demand The ability to withstand denial of service attacks

The ability to increase and reduce capacity based on actual demand Explanation Elasticity - The ability of a system to automatically grow when maximum capacity is reached, and automatically shrink to minimize waste. See: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/

Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy? Subscription Owners (Administrators) can create resources regardless of what the policy restricts Use an account that has Contributor or above permissions to the resource group The only way is to remove the policy, create the resource and add the policy back

The only way is to remove the policy, create the resource and add the policy back Explanation You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task. See: https://docs.microsoft.com/en-us/azure/governance/policy/overview

True or false: you can create your own policies if built-in Azure Policy is not sufficient to your needs

True Explanation True, you can create custom policies using JSON See: https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-custom-policy-definition

Hybrid

Using both on-premise and a CSP -Could be cost-effective based on use -You are responsible for securing connection to the cloud -Requires in-depth knowledge of all lvls of infrastructure and CSPs.

General Availability (GA)

When a service is considered ready to be used publicly by everyone

Availability Sets

When creating a VM, use availability sets to ensure servers are in different fault and update domains to avoid downtimes.

High Availability

(HA) is a characteristic of a system which aims to ensure an agreed level of operational performance, usually uptime, for a higher than normal period. Modernization has resulted in an increased reliance on these systems.

What feature within Azure will make recommendations to you about reducing cost on your account? Azure Advisor Azure Security Center Azure Service Health Azure Dashboard

Azure Advisor Explanation Azure Advisor analyzes your account usage and makes recommendations for you based on its set rules See: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview

Who is responsible for the security of your Azure Storage account access keys? I am responsible for securing the access keys Azure is responsible for securing the access keys

I am responsible for securing the access keys Explanation Customers are responsible to secure the access keys they are given and regenerate them if they are exposed. See: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage

Outlook 365 is what type of hosting model? SaaS PaaS IaaS

SaaS Explanation Outlook 365 is Software as a Service (SaaS). See: https://azure.microsoft.com/en-us/overview/what-is-saas/

Foundational Availability

Services will become available immediately or within 12 months after announced in recommended and alternate regions.

Geography

A discreet , market of two or more regions that preserves data residency and compliance boundaries (data stays within specified borders).

Fault Domain

A group of VMs that share a common power source and network switch to make sure that one affected region of datacenter doesn't affect other areas.

Alternate Regions

A region that extends Azure's footprint within a data residency boundary where a recommended region exist. (Not designated to support AZs. Labeled as "other" in the Azure portal.

What benefit does a Content Delivery Network (CDN) provide its users? Allows you to reduce the traffic coming into a web server for static, unchanging files such as images, videos and PDFs Allows you to store data that can be retrieved later in an extremely fast and inexpensive manner Allows you to keep temporarily session information on the web visitor such as their login ID or their name For a small fee, Azure will take over management of your virtual machine, perform OS updates and ensure it's running well

Allows you to reduce the traffic coming into a web server for static, unchanging files such as images, videos and PDFs Explanation Content Delivery Network - allows you to improve performance by removing the burden of serving static, unchanging files from the main server to a network of servers around the globe; a CDN can reduce traffic to a server by 50% or more, which means you can serve more users or serve the same users faster; SaaS See: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

What service does Azure provide as an optional upgrade to protect against DDoS attacks? Azure DDoS Protection Standard Azure DDoS Protection Basic Azure protects against DDoS as part of it's basic offering and there is no service you can upgrade to Advanced Threat Protection (ATP)

Azure DDoS Protection Standard Explanation Azure DDoS Protection Standard See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

What is the name of Azure's hosted SQL database service? Azure SQL Database Cosmos DB Table Storage SQL Server in a VM

Azure SQL Database Explanation SQL Database is a SQL Server compatible option in Azure, a database as a service See: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-technical-overview

Which tool within Azure helps you to track your compliance with various international standards and government laws? Service Trust Portal Compliance Manager Microsoft Privacy Statement Azure Government Services

Compliance Manager Explanation Compliance Manager will track your own compliance with various standards and laws. See: https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-compliance-manager-general-availability/ba-p/161922

Software as a Service (SaaS)

For Customers - A product that is run and managed by the service provider. Don't worry about how the service is maintained. It just works and remains available. (ex: gmail, office 365)

Platform as a Service(Paas)

For Developers - Focus on the deployment and management of your apps. Don't worry about provisioning, configuring, or understanding the hardware or OS. (ex: heroku, google app engine)

Logic apps, functions, and service fabric are all examples of what model of compute within Azure? SaaS model App Services Model IaaS model Serverless model

Serverless model Explanation The serverless model of compute removes all responsibility to selecting or even managing the server and makes Azure responsible for running your code including scaling See: https://azure.microsoft.com/en-us/solutions/serverless/

Cross-Cloud

Using multiple cloud providers (ex: amazon eks gcp kubernetes engine

Databases

Imagine having a virtual database for storing a reporting data or a database for general purpose web application.

Storage

Imagine having a virtual hard drive than can store files.

Networking

Imagine having a virtual network being able to define internet connections or network isolations.

Mainstream

In alternate regions, service may become available based on customer demand.

What type of container is used to collect log and metric data from various Azure Resources? Managed Storage Azure Monitor account Append Blob Storage Log Analytics Workspace

Log Analytics Workspace Explanation Log Analytics Workspace is required to collect logs and metrics See: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access

What is a DDoS attack? An attempt to send SQL commands to the server in a way that it will execute them against the database An attempt to read the contents of a web page from another website, thereby stealing the user's private information An attempt to guess a user's password through brute force methods A denial of service attack that sends so much traffic to a network that it cannot respond fast enough; legitimate users become unable to use the service

A denial of service attack that sends so much traffic to a network that it cannot respond fast enough; legitimate users become unable to use the service Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source. Explanation Distributed Denial of Service attacks (DDoS) -a type of attack that originates from the Internet that attempts to overwhelm a network with millions of packets of bad traffic that aims to prevent legitimate traffic from getting through See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

What are Azure Availability Zones? A folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks, or almost any resource A feature of Azure that allows you to manually specify into which data center your virtual machines are placed, which allows you to achieve higher availability than any other option. Within each individual data center, certain racks of servers have been architected by Azure to have higher uptime than the others. If you place your apps onto this rack, you'll get higher uptime than if you let Azure do it. This is the same as a region

A feature of Azure that allows you to manually specify into which data center your virtual machines are placed, which allows you to achieve higher availability than any other option. Explanation Availability Zones - Unique physical locations within an Azure region, made up of one or more datacenters; there is a minimum of three zones in each region; you can manually place your resources in an availability zone for highest availability See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

What makes a system highly available? A system specifically designed to be resilient, with no single point of failures It's not possible to make a highly available system Must have a minimum of two VMs If it maintains 100% availability

A system specifically designed to be resilient, with no single point of failures Explanation High Availability - a system specifically designed to be resilient when some component of the system fails See: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/availability

High Scalability

Ability to increase capacity rapidly

Benefits of a cloud computing provider

Ability to outsource costs and physical server real estate to providers. You are only responsible for configuration and code. High uptime and secure.

High Durability

Ability to recover from a disaster and to prevent the loss of data. (DR) Disaster Recovery

Which of the following is something that Azure Cognitive Services API can currently do? Recognize text in an image Speak text in an extremely realistic way Translate text from one language to another Recognize faces in a picture All of these! Azure can do it all! Create text from audio

All of these! Azure can do it all! Explanation Azure can do all of them, of course. See: https://docs.microsoft.com/en-us/azure/cognitive-services/welcome

Which Azure feature is specifically designed to help companies get their in-house developed code from the code repository, through automated unit testing, and onto Azure using a service called Pipelines? Virtual Machines Azure DevOps GitHub Azure Monitor

Azure DevOps Explanation Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to build an automation that moves code (and all related dependencies) through various stages from the development environment into deployment.

Which feature within Azure collects all of the logs from various resources into a central dashboard, where you can run queries, view graphs, and create alerts on certain events? Azure Security Center Azure Portal Dashboard Azure Monitor Storage Account or Event Hub

Azure Monitor Explanation Azure Monitor - a centralized dashboard that collects all the logs, metrics and events from your resources See: https://docs.microsoft.com/en-us/azure/azure-monitor/overview

Which Azure website tool is available for you to estimate the future costs of your Azure products and services by adding products to a shopping basket and helping you calculate the costs? Microsoft Docs Azure Pricing Calculator Azure Advisor

Azure Pricing Calculator Explanation Azure Pricing Calculator lets you attempt to calculate your future bill based on resources you select and your estimates of usage See: https://azure.microsoft.com/en-us/pricing/calculator/

Which Azure service is meant to be a security dashboard that contains all the security and threat protection in one place? Azure Key Vault Azure Portal Dashboard Azure Monitor Azure Security Center

Azure Security Center Explanation Azure Security Center - unified security management and threat protection; a security dashboard inside Azure Portal See: https://azure.microsoft.com/en-us/services/security-center/

If you wanted to simply use Azure as an extension of your own datacenter, not primarily hosting anything there but using it for extra storage or taking advantage of some services, what hosting model is that called? Hybrid Cloud Public cloud Private cloud

Hybrid Cloud Explanation The hybrid cloud is a mixture between private services (like your self-hosted applications) and public ones (like extra storage) See: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/

A virtual machine is called what type of hosting model? IaaS PaaS SaaS

IaaS Explanation Virtual Machines are Infrastructure as a Service (IaaS) See: https://azure.microsoft.com/en-us/overview/what-is-iaas/

What is the name of the group of services inside Azure that hosts the Apache Hadoop big data analysis tools? HDInsight Azure Hadoop Services Azure Kubernetes Services Azure Data Factory

HDInsight Explanation HDInsight is a collection of open-source Apache Hadoop tools See: https://azure.microsoft.com/en-us/services/hdinsight/

Serverless Compute

Functions. Managed VMs running managed containers. Upload code and choose memory and duration you need to utilize. Extremely cost-effective. Cold start side-effect.

Region

Grouping of multiple "availability zones (data centers) Azure has 58 regions available across 140 countries

Which of the following is a feature of the cool access tier for Azure Storage? Significant delays in accessing your data, up to several hours Most expensive option when it comes to bandwidth cost to access your files Cheapest option when it comes to bandwidth costs to access your files Much cheaper to store your files than the hot access tier

Much cheaper to store your files than the hot access tier Explanation Cool access tier offers cost savings when you expect to store your files and not need to access them often See: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal

Which feature of Azure Active Directory will require users to have their mobile phone in order to be able to log in? Azure Security Center Azure Information Protection (AIP) Advanced Threat Protection (ATP) Multi-Factor Authentication

Multi-Factor Authentication

What is the basic way of protecting an Azure Virtual Network subnet? Network Security Group Azure Firewall Azure DDos Standard protection Application Gateway with WAF

Network Security Group Explanation Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports are allowed to travel through from outside the virtual network to inside the virtual network See: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

What types of resources are defined as "compute resources"? Only Virtual Machines All resources that are listed in the Azure Marketplace Resources that perform some type of task that requires CPU cycles to perform the work

Resources that perform some type of task that requires CPU cycles to perform the work Explanation Compute Services - a category of services in Azure that provides CPU cycles for rent. Virtual Machines are only one type of compute resource. The Marketplace contains many types of resources, not just compute. See: https://azure.microsoft.com/en-us/product-categories/compute/

Docker Daemon

Software that allows you to run multiple containers with a VM.

One of the benefits of the cloud is agility. What does that mean in the context of the cloud? The ability of a system to grow it's capacity easily when it reaches full capacity The ability to spin up new resources within minutes The ability to recover from a big region-wide failure in a short amount of time The ability to respond to and drive market change quickly

The ability to respond to and drive market change quickly Explanation Agility - the ability to respond to change "rapidly" based on changes to market or environment; ensuring fast time to market See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-outcomes/agility-outcomes

What is Single Sign-On? When you sign in to an application, it remembers who you are the next time you go there. When an application outsources (federates) it's identity service to a third-party platform The ability to use an existing user id and password to sign in other applications, and not have to create/memorize a new one.

The ability to use an existing user id and password to sign in other applications, and not have to create/memorize a new one. Explanation Single Sign-On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD See: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on

What is the default amount of credits that you are given when you first create an Azure Free account? Azure does not give you any free credits when you create a free account You are given $50 per month, for one year towards Azure services The default is US$200 You can create 1 Linux VM, 1 Windows VM, and a number of other free services for the first year.

The default is US$200 Explanation There are some other benefits to a free account, but you get US$200 to spend in the first month. See: https://azure.microsoft.com/free

Cloud Computing

The practice of using a network of remote servers hosted on the internet to store, manage, and process data rather than a local (on premise) server or a personal computer.

True or false: Formal support is not included in private preview mode.

True Explanation True. Preview features are not fully ready and this phase does not include formal support. See: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

Azure Geographies

United States Azure Government (US) Canada Brazil Mexico

Which of the following Azure features is most likely to deliver the most immediate savings when it comes to reducing Azure costs? -Using Azure Reserved Instances for most of your virtual machines -Using Azure Policy to restrict the user of expensive VM SKUs -Auto shutdown of development and QA servers over night and on weekends -Changing your storage accounts from globally redundant (GRS) to locally redundant (LRS)

Using Azure Reserved Instances for most of your virtual machines Explanation Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual machines See: https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/save-compute-costs-reservations

What hardware device is required to exist or be installed on your company network in order to set up a site-to-site VPN? Application Gateway Virtual machine Virtual Network VPN Gateway

VPN Gateway Explanation A VPN Gateway needs to be configured to connect to Azure for a private network to be established See: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Can you give someone else access to your Azure subscription without giving them your user name and password? Question 2

Yes Explanation Yes, anyone can create their own Azure account and you can give them access to your subscription with granular control as to permissions See: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview

Why would someone prefer a Consumption-based pricing model as opposed to a Time-based pricing model? It is always cheaper to pay for consumption than to pay by the hour You can save a lot of money if you don't use the resource often as opposed to having it available for use 24/7 The pricing model is simpler and easier to understand You can easily predict the cost of the service into the future

You can save a lot of money if you don't use the resource often as opposed to having it available for use 24/7 Explanation Consumption-Based Model - paying for something based on how much you used, as opposed to paying for something no matter if you use it or not. See: https://docs.microsoft.com/en-us/azure/azure-functions/functions-consumption-costs


Ensembles d'études connexes

spelling consonant changes /k/ to /sh/

View Set

AHTG test 1, 2, and quiz questions

View Set

Comp 1b. Formulate questions that can be answered through research and experimental design.

View Set

4.2 Learning Through Operant Conditioning

View Set

GEOG traffic congestion strategies

View Set