Az-900
You have an Azure environment that contains 10 web apps. To which URL should you connect to manage all the Azure resources?
portal.azure.com
How should you calculate the monthly uptime percentage? To answer, select the appropriate options in the answer area.
(Max Available Minute - Downtime)/Max Available Minutes x 100
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed.Does this meet the goal? A. Yes B. No
A
Choose all that apply: A. Data that is copied to an Azure Storage account is maintained automatically in at least three copies. B. All data that is copied to an Azure Storage account is backed up automatically to another Azure data center. C. An Azure Storage account can contain up to 2 TB of data and up to one million files.
A
One of the benefits of Azure SQL Data Warehouse is that *** HIGH AVAILABILITY *** is built into the platform. Instructions: A. No change is needed. B. Automatic scaling. C. Data compression. D. Versioning.
A
UNDERLINE:Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts.A. No change is neededB. Azure Active Directory (Azure AD) administrative accountsC. Personally Identifiable Information (PII)D. server applications
A
You plan to deploy several Azure virtual machines.You need to control the ports that devices on the Internet can use to access the virtual machines.What should you use? A. a network security group (NSG) B. an Azure Active Directory (Azure AD) role C. an Azure Active Directory group D. an Azure key vault
A
Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.Which Azure Resource Manager feature should you use before you generate the reports? A. tags B. templates C. locks D. policies
A
Your company plans to automate the deployment of servers to Azure.Your manager is concerned that you may expose administrative credentials during the deployment.You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.What should you include in the recommendation? A. Azure Key Vault B. Azure Information Protection C. Azure Security Center D. Azure Multi-Factor Authentication (MFA)
A
Your company plans to migrate all its network resources to Azure.You need to start the planning process by exploring Azure.What should you create first? A. a subscription B. a resource group C. a virtual network D. a management group
A
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.You need to recommend an Azure deployment that provides the ability to segment Azure for the departments. The solution must minimize administrative effort.What should you include in the recommendation? A. multiple subscriptions B. multiple Azure Active Directory (Azure AD) directories C. multiple regions D. multiple resource groups
A
After you create a virtual machine, you need to modify the network security group (NSG) to allow connections from TCP port 8080 to the virtual machine. A. No change is needed B. virtual network gateway C. virtual network D. route table
A. No change is needed NSG is for Individual Resources(granular level); FireWall is at Subnet Level. You can also group set of like-functional application resources(like group of VM's or Group of DB's) and assign Application Security Group as well.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify an Azure firewall.Does this meet the goal? A. Yes B. No
A. Yes
A support engineer plans to perform several Azure management tasks by using the Azure CLI.You install the CLI on a computer.You need to tell the support engineer which tools to use to run the CLI.Which two tools should you instruct the support engineer to use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Command Prompt B. Azure Resource Explorer C. Windows PowerShell D. Windows Defender Firewall E. Network and Sharing Center
AC
You plan to implement an Azure database solution.You need to implement a database solution that meets the following requirements:✑ Can add data concurrently from multiple regions✑ Can store JSON documents
Azure Cosmos DB is a great way to store unstructured and JSON data.
Azure HDInsight Azure Data Lake Analytics Azure SQL Data Warehouse Azure SQL Database
Azure HDInsight - An open-source framework for the distributed processing and analysis of big data sets in clusters Azure Data Lake Analytics - can run massively parallel data transformation and processign programs across petabytes of data Azure SQL Data Warehouse - A cloud-based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database Azure SQL Database - A managed relational cloud databased service
Azure Machine Learning Azure IoT Hub Azure AI bot Azure Functions
Azure Machine Learning - Uses past training to provide predictions that have high probability Azure IoT Hub - Processes data from millions of sensors Azure AI bot - Provides a digital online assistant that provides speech support Azure Functions - Provides serverless computing functionalities
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.Does this meet the goal? A. Yes B. No
B
Choose all that apply: Answers A. Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment. B. Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines. C. Azure Advisor provides recommendations on how to configure the network settings on Azure virtual machines.
B
UNDERLINE:You have several virtual machines in an Azure subscription.You create a new subscription. The virtual machines cannot be moved to the new subscription. A. No change is needed B. The virtual machines can be moved to the new subscription C. The virtual machines can be moved to the new subscription only if they are all in the same resource group D. The virtual machines can be moved to the new subscription only if they run Windows Server 2016.
B
Your company has an Azure subscription that contains the following unused resources :✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfacesYou need to reduce the Azure costs for the company. Solution: You remove the unused user accounts.Does this meet the goal? A. Yes B. No
B
Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfacesYou need to reduce the Azure costs for the company. Solution: You remove the unused network interfaces.Does this meet the goal? A. Yes B. No
B
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.What should the company use to build, test, and deploy predictive analytics solutions? A. Azure Logic Apps B. Azure Machine Learning Studio C. Azure Batch D. Azure Cosmos DB
B
Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify a DDoS protection plan.Does this meet the goal? A. Yes B. No
B. No
If a resource group named RG1 has a delete lock, *** ONLY A MEMBER OF THE GLOBAL ADMINISTRATORS GROUP *** can delete RG1. A. No change is needed. B. The delete lock must be removed before an administrator. C. An Azure policy must be modified before an administrator. D. An Azure tag must be added before an administrator.
B. the delete lock must be removed before an administrator
Choose all that apply: A. All the Azure resources deployed to a single resource group must share the same Azure region. B. If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag. C. If you set permissions ti a resource group, all the Azure resources in that resource group inherit the permissions.
C
What should you use to evaluate whether your company's Azure environment meets regulatory requirements? A. the Knowledge Center website B. the Advisor blade from the Azure portal C. Compliance Manager from the Security Trust Portal D. the Security Center blade from the Azure portal
C
This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines *** TO THE SAME AZURE REGION ***. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. Answers A. No change is needed. B. By using the same Azure Resource Manager template. C. To the same resource group. D. To the same availability zone.
C basically, the statement should be like this: When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same resource group
Which Azure service should you use to correlate events from multiple resources into a centralized repository? A. Azure Event Hubs B. Azure Analysis Services C. Azure Monitor D. Azure Log Analytics
C. Azure Monitor
*** RESOURCE GROUPS *** provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions. A. No change is needed. B. Management groups. C. Azure policies. D. Azure App Service plans.
C. Azure policies.
Your company hosts an accounting named App1 that is used by all the customers of the company.App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.Which benefit of Azure Cloud Services supports cost management for this type of usage pattern? A. high availability B. high latency C. elasticity D. load balancing
C. elasticity
This question requires that you evaluate the underlined text to determine if it is correct.An organization that hosts its infrastructure in a private cloud can decommission its data center.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. in a hybrid cloud C. in the public cloud D. on a Hyper-V host
C. in the public cloud
Your company plans to migrate all on-premises data to Azure. You need to identify whether Azure complies with the company's regional requirements.What should you use? A. the Knowledge Center B. Azure Marketplace C. the Azure portal D. the Trust Center
D
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits.What should you do to increase the limits? A. Create a service health alert B. Upgrade your support plan C. Modify an Azure policy D. Create a new support request
D The limit can be raised above the default limit but not above the maximum limit. If you want to raise the limit or quota above the default limit, open an online customer support request at no charge.
You have an on-premises network that contains 100 servers.You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.What should you include in the recommendation? A. a complete migration to the public cloud B. an additional data center C. a private cloud D. a hybrid cloud
D. a hybrid cloud
You have an Azure environment.You need to create a new Azure virtual machine from an Android laptop.Solution: You use Bash in Azure Cloud Shell.Does this meet the goal? A. Yes B. No
Explanation:With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.
You plan to extend your company's network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.You need to create an Azure resource that identifies the VPN appliance.Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
Local network gateways
HOTSPOT: A Standard support plan is included in an Azure free account. A Premier support plan can only be purchased by companies that have an Enterprise Agreement (EA). Support from MSDN forums is only provided to companies that have a pay-as-you-go subscription.
MSDN - MicroSoft Developer Network N - you get basic support Y N - any plan has access to it
HOTSPOT: If your company uses an Azure free account, you will only be exposed to a subset of Azure services. All Azure free accounts expire after a specific period. You can create up to 10 Azure free accounts by using the same Microsoft account.
N Y N
What is the basic way of protecting an Azure Virtual Network subnet? Network Security Group Application Gateway with WAF Azure DDos Standard protection Azure Firewall
Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports are allowed to travel through from outside the virtual network to inside the virtual network
Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify an Azure Traffic Manager profile.Does this meet the goal?
No
An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script.Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.Does this meet the goal? A. Yes B. No
No * The script to be run is a PowerShell script * The Linux machine has CLI installed instead, not PowerShell. You cannot run PowerShell script in CLI. So the answer is No.
Logic apps, functions, and service fabric are all examples of what model of compute within Azure? App Services Model Serverless model IaaS model SaaS model
The serverless model of compute removes all responsibility to selecting or even managing the server and makes Azure responsible for running your code including scaling
In Azure Active Directory Premium, at least 99.9 percent availability is guaranteed. The Service Level Agreement (SLA) for Azure Active Directory Basic is the same as the SLA for Azure Active Directory Free. All paying Azure customers can claim a credit if their monthly uptime percentage is below the guaranteed amount in the Service Level Agreement (SLA).
Y N Y
An IT administrator has the requirement to control access to a specific app resource using multi-factor authentication. What Azure service satisfies this requirement? Azure Function Azure Authorization Azure Authentication Azure AD
You can use Azure AD to control access to your apps and your app resources, based on your business requirements. In addition, you can use Azure AD to require multi-factor authentication when accessing important organizational resources.
You need to manage Azure by using Azure Cloud Shell.Which Azure portal icon should you select? To answer, select the appropriate icon in the answer area.
>_
SET:Your company has an Azure subscription that contains the following unused resources:✑ 20 user accounts in Azure Active Directory (Azure AD)✑ Five groups in Azure AD✑ 10 public IP addresses✑ 10 network interfacesYou need to reduce the Azure costs for the company.Solution: You remove the unused public IP addresses.Does this meet the goal?A. YesB. No
A
Azure Databricks Azure Functions Azure App Service Azure Application Insights
Azure Databricks - A big data anlalysis service for machine learning Azure Functions - Provides the platform for serverless code Azure App Service - Hosts web app Azure Application Insights - Detects and diagnoses anomalies in web apps
Which Azure service should you use to store certificates? A. Azure Security Center B. an Azure Storage account C. Azure Key Vault D. Azure Information Protection
C
You deploy an Azure resource.The resource becomes unavailable for an extended period due to a service outage. Microsoft will automatically refund your bank account. A. No change is needed. B. automatically migrate the resource to another subscription C. automatically credit your account D. send you a coupon code that you can redeem for Azure credits
C
You need to configure an Azure solution that meets the following requirements:✑ Secures websites from attacks✑ Generates reports that contain details of attempted attacksWhat should you include in the solution? A. Azure Firewall B. a network security group (NSG) C. Azure Information Protection D. DDoS protection
D
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.Which Azure service should you use? A. Azure AD Connect Health B. Azure AD Privileged Identity Management C. Azure Advanced Threat Protection (ATP) D. Azure AD Identity Protection
D
HOTSPOTYou plan to implement several security services for an Azure environment.You need to identify which Azure services must be used to meet the following security requirements:✑ Monitor threats by using sensors✑ Enforce azure Multi-Factor Authentication (MFA) based on a conditionWhich Azure service should you identify for each requirement?Monitor threats by using sensorsEnforce Azure MFA based on a conditionAzure MonitorAzure Security CenterAzure Active Directory (Azure AD) Identity ProtectionAzure Advanced Threat Protection (ATP) Monitor threats by using sensors - Azure Advanced Threat Protection (ATP)Enforce Azure MFA based on a condition - Azure Active Directory (Azure AD) Identity Protection
Monitor threats by using sensors - Azure Advanced Threat Protection (ATP)Enforce Azure MFA based on a condition - Azure Active Directory (Azure AD) Identity Protection
HOTSPOT:All Azure services in private preview must be accessed by using a separate Azure portal. Azure services in public preview can be used in production environments. Azure services in public preview are subject to a Service Level Agreement (SLA).
N Y N
HOTSPOT: Authorization to access Azure resources can be provided only to Azure Active Directory (Azure AD) users. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and on-premises Active Directory can be used to access Azure resources. Azure has built-in authentication and authorization services that provide secure access to Azure resources.
N Y Y
To implement an Azure Multi-Factor Authentication(MFA) solution, you must deploy a federation solution or sync on-premises identities to the cloud Two valid methods for Azure Multi-Factor Authentication (MFA) are picture identification and a passport number Azure Multi-Factor Authentication (MFA) can be required for administrative and non-administrative user accounts
NO NO YES
HOTSPOT: By creating additional resource groups in an Azure subscription, additional costs are incurred. By copying several gigabits of data to Azure from an on-premises network over a VPN, additional data transfer costs are incurred. By copying several GB of data from Azure to an on-premises network over a VPN, additional data transfer costs are incurred.
No, No, Yes. Inbound Inter-virtual network data transfers (i.e. data going into Azure data centers between two virtual networks)—Free Outbound Inter-virtual network data transfers (i.e. data going out of Azure data centers between two virtual networks) From Zone 1*— $0.035 per GB From Zone 2*— $0.09 per GB From Zone 3*— $0.16 per GB
What is the most number of virtual machines that can me managed under a single Virtual Machine Scale Set? 1000 100 1 10
Up to 1000 virtual machines can be managed under a single VMSS
Each Azure subscription can contain multiple account administrators. Each Azure subscription can be managed by using a Microsoft account only. An Azure resource group contains multiple Azure Subscriptions.
Y Y N
HOTSPOT: From Azure Service Health, and administrator can view the health of all the services deployed to an Azure environment and all the other services available in Azure. From Azure Service Health, an administrator can create a rule to be alerted if an Azure service fails. From Azure Service Health, an administrator can prevent a service failure from affecting a specific virtual machine.
Y Y N
You need to identify which blades in the Azure portal must be used to perform the following tasks: ✑ View security recommendations. ✑ Monitor the health of Azure services. ✑ Browse available virtual machine images. Which blade should you identify for each task? To answer, select the appropriate options in the answer area.
✑ View security recommendations. - Advisor ✑ Monitor the health of Azure services. - Monitor ✑ Browse available virtual machine images. - Marketplace
Azure Germany can be used by *** LEGAL RESIDENTS OF GERMANY ONLY ***. A. No change is needed. B. Only enterprises that are registered in Germany. C. Only enterprises that purchase their azure licenses from a partner based in Germany. D. Any user or enterprise that requires its data to reside in Germany.
D. any user or enterprise that requires its data to reside in Germany
You plan to migrate several servers from an on-premises network to Azure.You need to identify the primary benefit of using a public cloud service for the servers.What should you identify? A. The public cloud is owned by the public, NOT a private corporation B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud C. All public cloud resources can be freely accessed by every member of the public D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud
D
You have an application that is comprised of an Azure web app that has a Service Level Agreement (SLA) of 99.95 percent and an Azure SQL database that has an SLA of 99.99 percent.The composite SLA for the application is the product of both SLAs, which equals 99.94 percent. A. No change is needed B. the lowest SLA associated to the application, which is 99.95 percent C. the highest SLA associated to the application, which is 99.99 percent D. the difference between the two SLAs, which is 0.05 percent
A
Your company has an on-premises network that contains multiple servers.The company plans to reduce the following administrative responsibilities of network administrators:✑ Backing up application data✑ Replacing failed server hardware✑ Managing physical server security✑ Updating server operating systems✑ Managing permissions to shared documentsThe company plans to migrate several servers to Azure virtual machines.You need to identify which administrative responsibilities will be reduced after the planned migration.Which two responsibilities should you identify? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Replacing failed server hardware B. Backing up application data C. Managing physical server security D. Updating server operating systems E. Managing permissions to shared document
A, C
Which ways does the Azure Resource Manager model provide to deploy resources? Azure Portal CLI Powershell REST API / SDK
All of those ways can be used to deploy or manage resources using ARM
What service does Azure provide as an optional upgrade to protect against DDoS attacks? Azure DDoS Protection Standard Advanced Threat Protection (ATP) Azure DDoS Protection Basic Azure protects against DDoS as part of it's basic offering and there is no service you can upgrade to
Azure DDoS Protection Standard
You have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 *** IS DELETED AUTOMATICALLY ***. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. Answers A. No change is needed. B. Is moved automatically to another resource group. C. Continues to function normally. D. Is now a read-only object.
C
You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.What should you create? A. an Azure SQL database B. a virtual machine data disk C. a Files service in a storage account D. a Blobs service in a storage account
C Files stored on a network share are accessible to anyone who has permissions to the share
This question requires that you evaluate the underlined text to determine if it is correct.When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. defining scalability rules C. installing the SaaS solution D. configuring the SaaS solution
D. configuring the SaaS solution
What are two characteristics of the public cloud? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. dedicated hardware B. unsecured connections C. limited storage D. metered pricing E. self-service management
D. metered pricing E. self-service management
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.
Help + Support Blade
What type of container is used to collect log and metric data from various Azure Resources? Azure Monitor account Log Analytics Workspace Append Blob Storage Managed Storage
Log Analytics Workspace Log Analytics Workspace is required to collect logs and metrics
You plan to migrate a web application to Azure. The web application is accessed by external users.You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.What should you include in the recommendation? A. software as a service (SaaS) B. platform as a service (PaaS) C. infrastructure as a service (IaaS) D. database as a service (DaaS)
PaaS because its a web app, SaaS is for software services like Office365.Web app may need modifications, for which Paas is good
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy? The only way is to remove the policy, create the resource and add the policy back Subscription Owners (Administrators) can create resources regardless of what the policy restricts Use an account that has Contributor or above permissions to the resource group
The only way is to remove the policy, create the resource and add the policy back You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task.
You create a resource group named RG1 in Azure Resource Manager.You need to prevent the deletion of the resources in RG1. A. a lock B. an Azure role C. a tag D. an Azure policy
a lock
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop. Solution: You use the PowerApps portal.Does this meet the goal?
No PowerApps portal is a tool to create web page layout (you will need to program all the buttons yourself in html).
What hardware device is required to exist or be installed on your company network in order to set up a site-to-site VPN? Application Gateway Virtual Network VPN Gateway Virtual machine
A VPN Gateway needs to be configured to connect to Azure for a private network to be established
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.You need to recommend a storage solution for the data.Which two solutions should you recommend? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Azure Data Lake B. Azure Cosmos DB C. Azure SQL Data Warehouse D. Azure SQL Database E. Azure Database for PostgreSQL
A, C Out of the various storage solutions by Azure, only these two are designed as purely huge data dumps for the most infrequent usage.
This question requires that you evaluate the underlined text to determine if it is correct.When planning to migrate a public website to Azure, you must plan to pay monthly usage costs.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Deploy a VPN C. pay to transfer all the website data to Azure D. reduce the number of connections to the website
A. No change is needed
Azure DevOps Azure Advisor Azure Cognitive services Azure Application Insights
An integrated solution for the deployment of code - Azure DevOps A tool that provides guidance and recommendation to improve an Azure environment - Azure Advisor A simplified tool to build intelligent Artificial Intelligence (AI) applications - Azure Cognitive services Monitors web applications - Azure Application Insights
A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run WindowsServer 2016 and 20 of the virtual machines run Ubuntu Linux.You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.What should you recommend? A. Azure Reserved Virtual Machines (VM) Instances B. Azure virtual machine scale sets C. Azure DevTest Labs D. Microsoft Managed Desktop
Azure DevTest Labs enables developers on teams to efficiently self-manage virtual machines (VMs) and PaaS resources without waiting for approvals. Scale sets are used with the identical machines
To what should an application connect to retrieve security tokens? Answers A. An Azure Storage account. B. Azure Active Directory (Azure AD). C. A certificate store. D. An Azure key vault.
B
Your company has an Azure environment that contains resources in several regions.A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.You need to create the Azure resource that must be used to meet the policy requirement.What should you create? A. a read-only lock B. an Azure policy C. a management group D. a reservation
B
You plan to create an Azure virtual machine.You need to identify which storage service must be used to store the data disks of the virtual machine.What should you identify? To answer, select the appropriate service in the answer area.
Blobs
***Authorization*** is the process of verifying a user's credentials. A. No change is needed B. Authentication C. Federation D. Ticketing
False
This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. An Azure region *** CONTAINS ONE OR MORE DATA CENTERS *** that are connected by using a low-latency network. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. Answers A. No change is needed. B. Is found in each country where Microsoft has a subsidiary office. C. Can be found in every country in Europe and the Americas only. D. Contains one or more data centers that are connect by using a high-latency network.
High-latency = slow connection So, no change is needed
eDiscovery Customer Lockbox PSTN Calling MyAnalitics
Identify and deliver electronic information that can be used as evidence in legal cases - eDiscovery Control how a Microsoft support engineer accesses your data during a help session - Customer Lockbox Extend an existing telephone system for call delegation and call on-behalf functionality - PSTN Calling (Public Switched Telephone Network) Provide statistics that help you understand how you spend your time at work - MyAnalitics
Several support engineers plan to manage Azure by using the computers shown in the following table: Computer 1 - Windows 10 Computer 2 - Ubuntu Computer 3 - MacOS Mojave You need to identify which Azure management tools can be used from each computer. Choose three: Answers A. Computer 1 - The Azure CLI and Azure portal B. Computer 1 - The Azure portal and Azure PowerShell C. Computer 1 - The Azure CLI and Azure PowerShell D. Computer 1 - The Azure CLI, the Azure portal and Azure PowerShell E. Computer 2 - The Azure CLI and Azure portal F. Computer 2 - The Azure portal and Azure PowerShell G. Computer 2 - The Azure CLI and Azure PowerShell H. Computer 2 - The Azure CLI, the Azure portal and Azure PowerShell I. Computer 3 - The Azure CLI and Azure portal J. Computer 3 - The Azure portal and Azure PowerShell K. Computer 3 - The Azure CLI and Azure PowerShell L. Computer 3 - The Azure CLI, the Azure portal and Azure PowerShell
The Azure CLI, the Azure portal and Azure PowerShell for all machines
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop. Solution: You use PowerShell in Azure Cloud Shell.Does this meet the goal?
YES
You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop. Solution: You use the Azure portal.Does this meet the goal?
YES
This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must *** BE DEPLOYED TO A SEPARATE VIRTUAL NETWORK ***. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. Answers A. No change is needed. B. Run a different operating system than the other virtual machines. C. Be deployed to a separate resource group. D. Have two network interfaces.
A
Your company plans to deploy several web servers and several database servers to Azure.You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.What should you include in the recommendation? A. network security groups (NSGs) B. Azure Service Bus C. a local network gateway D. a route filter
A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more availability zones.Does this meet the goal? A. Yes B. No
A Availability Zone Unique physical locations within a region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
Your company has several business units.Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.You need to recommend a solution to automate the creation of the Azure resources.What should you include in the recommendations? A. Azure Resource Manager templates B. virtual machine scale sets C. the Azure API Management service D. management groups
A ARM templates
You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files.You need to recommend which Azure feature must be used to provide the best video playback experience.What should you recommend? A. an application gateway B. an Azure ExpressRoute circuit C. a content delivery network (CDN) D. an Azure Traffic Manager profile
A Content delivery Network is a distributed network of server that can efficiently deliver a web content to user.
You have an Azure web app.You need to manage the settings of the web app from an iPhone.What are two Azure management tools that you can use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Azure CLI B. the Azure portal C. Azure Cloud Shell D. Windows PowerShell E. Azure Storage Explorer
A, C
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company plans to migrate all its data and resources to Azure.The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that supports the planned migration.Solution: You create an Azure App Service and Azure SQL databases.Does this meet the goal?
A. Yes B. No
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.You need to identify which expenditure model to use for the planned Azure solution.Which expenditure model should you identify? A. operational B. elastic C. capital D. scalable
A. operational The expenditure models are either CapEx or OpEx (Capital or Operational). CapEx is what you pay upfront, on prem, for servers, racks, cooling, security, the Datacenter itself. OpEx is what you pay to keep your infrastructure operational, like IT staff. In this case, when you move to the Cloud, what you identify in this case is the OpEx or Operational model. This is because you actually don't have CapEx on the Cloud (or at least you look to minimize CapEx) as you pay for the resources you use and not for the underlying hardware, security, cooling, etc that you will pay for in an On-Prem solution. That is why the right answer is (A) Operational. Elastic and Scalable are not expenditure models.
You need to identify the type of failure for which an Azure availability zone can be used to protect access to Azure services.What should you identify? A. a physical server failure B. an Azure region failure C. a storage failure D. an Azure data center failure
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures.
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.You need to recommend a solution to minimize the impact on users after the planned migration.What should you recommend? A. Implement Azure Multi-Factor Authentication (MFA) B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) C. Instruct all users to change their password D. Create a guest user account in Azure Active Directory (Azure AD) for each user
B
What can Azure Information Protection encrypt? A. network traffic B. documents and email messages C. an Azure Storage account D. an Azure SQL database
B Azure Information Protection (sometimes referred to as AIP) is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1? A. Azure Service Fabric B. Azure Monitor C. Azure virtual machines D. Azure Advisor
B Azure Monitor maximizes the availability and performance of your applications by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more regions.Does this meet the goal? A. Yes B. No
B Microsoft recommended solution is to Use Availability Zones to protect from datacenter failures. There might be multiple solution, but we need to consider proven, cost effective & recommended only.Not all Regions across the World support the same Services.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to two or more scale sets.Does this meet the goal? A. Yes B. No
B Scale sets are used to run multiple instances of your application. If one of these VM instances has a problem, customers continue to access your application through one of the other VM instances with minimal interruption. For additional availability, you can use Availability Zones to automatically distribute VM instances in a scale set within a single datacenter or across multiple datacenters.
The company's compliance policy states that a server named FinServer must be on a separate network segment.You are evaluating which Azure services can be used to meet the compliance policy requirements.Which Azure solution should you recommend? A. a resource group for FinServer and another resource group for all the other servers B. a virtual network for FinServer and another virtual network for all the other servers C. a VPN for FinServer and a virtual network gateway for each other server D. one resource group for all the servers and a resource lock for FinServer
B This is a network segmentation.
Your company plans to deploy several million sensors that will upload data to Azure.You need to identify which Azure resources must be created to support the planned solution.Which two Azure resources should you identify? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Azure Data Lake B. Azure Queue storage C. Azure File Storage D. Azure IoT Hub E. Azure Notification Hubs
B, D "Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously."
You plan to deploy a critical line-of-business application to Azure. The application will run on an Azure virtual machine. You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent. What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment? Answers A. Minimum number of virtual machines: 1 B. Minimum number of virtual machines: 2 C. Minimum number of virtual machines: 3 D. Minimum number of availability zones: 1 E. Minimum number of availability zones: 2 F. Minimum number of availability zones: 3
B, E For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time. For all Virtual Machines that have two or more instances deployed in the same Availability Set, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time. For any Single Instance Virtual Machine using premium storage for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to migrate all its data and resources to Azure.The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that supports the planned migration.Solution: You create an Azure App Service and Azure Storage accounts.Does this meet the goal? A. Yes B. No
B. No Azure Storage Accounts are IaaS, PaaS as Microsoft says is "a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications". So the answer is No because Storage is IaaS.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to migrate all its data and resources to Azure.The company's migration plan states that only platform as a service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that supports the planned migration.Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.Does this meet the goal? A. Yes B. No
B. No Virtual Machine is not a PaaS, hence no is correct
This question requires that you evaluate the UPPER-CASED text surrounded by *** to determine if it is correct. *** AZURE POLICIES PROVIDE *** a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment. Instructions: Review the UPPER-CASED text surrounded by ***. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. Answers A. No change is needed. B. Resource groups provide. C. Azure Resource Manager provides. D. Management groups provide.
C
This question requires that you evaluate the underlined text to determine if it is correct.From Azure Monitor, you can view which user turned off a specific virtual machine during the last 14 days.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Azure Event Hubs C. Azure Activity Log D. Azure Service Health
C
You have an on-premises application that sends email notifications automatically based on a rule.You plan to migrate the application to Azure.You need to recommend a serverless computing solution for the application.What should you include in the recommendation? A. a web app B. a server image in Azure Marketplace C. a logic app D. an API app
C Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both. For example, here are just a few workloads you can automate with logic apps: -> Process and route orders across on-premises systems and cloud services. -> Send email notifications with Office 365 when events happen in various systems, apps, and services. -> Move uploaded files from an SFTP or FTP server to Azure Storage. -> Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.
Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. a Canadian government contractor B. a European government contractor C. a United States government entity D. a United States government contractor E. a European government entity
C, D
Which tool within Azure helps you to track your compliance with various international standards and government laws? Compliance Manager Azure Government Services Microsoft Privacy Statement Service Trust Portal
Compliance Manager will track your own compliance with various standards and laws.
Which of the following is a feature of the cool access tier for Azure Storage? Significant delays in accessing your data, up to several hours Much cheaper to store your files than the hot access tier Cheapest option when it comes to bandwidth costs to access your files Most expensive option when it comes to bandwidth cost to access your files
Cool access tier offers cost savings when you expect to store your files and not need to access them often
Choose all that apply: A. If you have Azure resources deployed to every region, you can implement availability zones in all regions. B. Only virtual machines that run Windows Server can be created in availability zones. C. Availability zones are used to replicate data and applications to multiple regions. D. None of the above
D None of the above
You have an Azure environment that contains multiple Azure virtual machines.You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.You need to recommend which Azure resources must be created for the planned solution.Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. a virtual network gateway B. a load balancer C. an application gateway D. a virtual network E. a gateway subnet
D, E
What Azure tool gives you the ability to manage multiple subscriptions into nested hierarchies? Resource Groups Azure Active Directory RBAC Management Groups
Management Groups - a hierarchy of subscriptions; can have many subscriptions, and group them, and put those groups into other groups
True or false: Formal support is not included in private preview mode. FALSE TRUE
True. Preview features are not fully ready and this phase does not include formal support.
Which of the following methods of deploying a virtual machine provides the highest availability SLA? Two or more virtual machines across availability zones in the same region A single VM Two or more virtual machines in a data center Two or more virtual machines in an availability set
Two or more virtual machines across availability zones in the same region Availability Zones offer 99.99% availability when configured correctly.
A virtual machine is called what type of hosting model? SaaS PaaS IaaS
Virtual Machines are Infrastructure as a Service (IaaS)