AZ-900 Chapter 1 - 7
Which of the following is not an example of a standards-based, nonregulatory organization or agency? A. GDPR B. ISO C. NIST D. All of the above
A. ISO and NIST are both standards-based, nonregulatory agencies. General Data Protection Regulation (GDPR) defines data protection and privacy requirements as a regulation in European Union law. See Chapter 4 for more information.
Which of the following provides bidirectional communication between Internet of Things (IoT) devices and other Azure services? A. IoT Hub B. IoT Central C. IoT Connector D. None of the above
A. IoT Hub provides bidirectional communication between IoT devices in Azure. See Chapter 5 for more information.
Which of the following statements are not true? (Choose all that apply.) A. Microsoft can share your personal information with vendors and third parties only with your authorization. B. You must provide personal information to use some Microsoft products. C. You cannot use a work email when setting up a Microsoft account that you will then use to access Microsoft services. D. You can use a personal email account when setting up a Microsoft account that you will then use to access Microsoft services.
A & C Microsoft can share your personal information with vendors and third parties without your consent, including in response to legal actions. You can use a work email when setting up a Microsoft account. See Chapter 4 for more information.
Which of the following statements are true regarding public preview features in Azure? (Choose all that apply.) A. They are available to all Azure customers. B. The are available only by invitation from Microsoft. C. They are subject to the same SLAs as generally available (GA) services. D. They are not subject to SLAs.
A & D Services in public preview are available to all Azure subscribers and are not subject to service level agreements (SLAs). See Chapter 6 for more information.
Which of the following is a good option for deploying a single VM in Azure? A. Azure portal B. An Azure Resource Manager (ARM) template C. Azure Mobile App D. PowerShell
A. Although you could use any of these options to deploy a VM, the Azure portal is the easiest option for deploying a single resource. See Chapter 7 for more information.
Which of the following solutions would enable only you and one of your peers to access and manage an Azure VM using RDP on port 3389? A. Role-based access control (RBAC) and an Azure network security group (NSG) B. An appropriately designed Azure policy applied to the resource group containing the VM C. Azure Firewall D. Azure Front Door
A. An Azure NSG enables you to restrict access to the VM based on port, and RBAC enables you to restrict access to specific individuals. See Chapter 4 for more information.
Which of the following accurately describes an Azure geography? A. It corresponds to a single country or to a market encompassing multiple countries. B. It always corresponds to a specific country. C. It represents a set of physical data centers. D. None of the above.
A. An Azure geography can align to a single country or to a market that encompasses multiple countries, such as Europe. See Chapter 2 for more information.
Which of the following enables you to bring your existing licenses for SQL Server into Azure to save licensing costs? A. Azure Hybrid Benefit B. An enterprise agreement C. SQL Managed Instance D. Cosmos DB
A. Azure Hybrid Benefit enables you to potentially use your Windows Server and SQL Server licenses in Azure to save costs. See Chapter 6 for more information.
Which of the following enables developers to create serverless workflow solutions in Azure? A. Logic Apps B. Functions C. Bot Services D. PowerShell
A. Azure Logic Apps enables you to create serverless workflow solutions in Azure. See Chapter 5 for more information.
You have a solution in Azure comprising two VMs, each with a 99.5% SLA. What is the composite SLA for the solution? A. 99.0% B. 99.5% C. 99.9% D. 99.99%
A. Composite SLAs are the product of the individual SLAs in the solution, and in this case, would be 0.995 × 0.995. See Chapter 6 for more information.
Which of the following statements is not true regarding Azure subscriptions? A. A subscription is aligned to a specific Azure region. B. You can move resources from one subscription to another. C. Subscriptions can help simplify Azure billing and cost management. D. You can move a subscription to a new Azure AD tenant.
A. Subscriptions are just logical containers and therefore are not limited to a single region. See Chapter 2 for more information.
What function does the Azure Cloud Shell provide? A. It enables you to run either PowerShell or the Azure CLI from a web browser. B. It is a library of management functions that you can integrate into your web apps to monitor Azure services. C. It enables you to run PowerShell commands within the Azure CLI. D. All of the above.
A. The Azure Cloud Shell enables you to run either PowerShell or the Azure CLI from the Azure portal. See Chapter 7 for more information.
Which of the following should you use to estimate the cost of storage that you will include with three new VMs that you need to deploy to Azure? A. Pricing Calculator B. Storage Calculator C. TCO Calculator D. Azure Advisor
A. The Pricing Calculator enables you to price individual Azure services based on factors such as CPU cores, memory, and storage capacity. See Chapter 6 for more information.
Which of the following data solutions would be the most cost-efficient solution for storing and retrieving sales data for your sales team using SQL statements? A. Host a database using Azure SQL Database B. Host a database using Azure Managed SQL Instance C. Install SQL Server on a VM in Azure D. Host a database using Cosmos DB
A. The most cost-effective option is to use Azure SQL Database. See Chapter 2 for more information.
Azure App Service provides support for multiple development languages, containers, and Windows and Linux. A. Yes B. No
A. The statement is true. See Chapter 2 for more information.
Deploying virtual machines (VMs) in a shared cloud environment is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
A. This is an example of IaaS. See Chapter 1 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Policies enable you to "specify what actions a user can take with a resource in Azure after they have authenticated in Azure." A. apply policies to a single resource or to a resource group, with the latter causing all resources in the group to have the policy applied. B. create policies in Security Center to control access to specific Azure resources. C. deploy specific sets of RBAC permissions to new Azure users. D. No change is needed.
A. You can apply policies at the resource or resource group levels, and if at the resource group, the policies apply to all resources in the group. See Chapter 4 for more information.
Your organization needs to implement a solution that analyzes photos and videos. Which of the following should you consider as a solution? A. Azure Machine Learning B. Machine Learning Studio C. Cognitive Services D. Azure Analytics
C. Cognitive Services provides human-like analysis services in Azure. See Chapter 5 for more information.
Which of the following capabilities requires Azure AD Premium? A. Enabling users to reset their own Azure AD passwords B. Enabling users to reset their own on-premises passwords C. Controlling access to resources in Azure through role-based access control (RBAC) D. All of the above
B. Adding the capability to synchronize password changes to on-premises AD requires Azure AD Premium. See Chapter 4 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? A honeytoken attack "tests multiple passwords against a username." A. attempts authentication against an alphabetical list of usernames. B. is an attempt to log in to a fake account that you have created. C. is an example of a pass-the-token attack. D. No change is needed.
B. A honeytoken attack is an attempt to authenticate to a fake account that you have created as a "honeypot" to attract attackers. See Chapter 4 for more information.
Because of a recent network intrusion, you need to present a solution to your CIO that will enable your organization to identify pass-the-hash and reconnaissance attacks. Which of the following is an appropriate solution? A. Windows Defender B. Advanced Threat Protection C. Azure Information Protection D. Security Center
B. Advanced Threat Protection (ATP) provides protection from many kinds of security threats, including pass-the-hash, pass-the-token, and others. See Chapter 4 for more information.
The term agility in Microsoft Azure refers to: A. The ease with which you can move workloads from on-premises to Azure and back again B. The ability to quickly adjust resources such as memory to adapt to changes in demand C. The ability to add more front-end web servers to a web application to adapt to increased demand D. The ability to quickly create redundancy in a solution
B. Agility refers to the ability to adjust resources to meet changes in demand. See Chapter 1 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Containers that you deploy in a group Azure "support only the Linux OS." A. support only the Windows OS. B. share the same OS as other containers in the group. C. require configuration of the OS for each container. D. No change is needed.
B. All containers in a group share the same OS. See Chapter 2 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? You can purchase Azure services "only through an enterprise agreement (EA)." A. as a component of your Unified Support agreement with Microsoft. B. directly from Microsoft through the Azure portal. C. only through a cloud solution provider (CSP). D. No change is needed.
B. Although you can purchase Azure through an EA, a CSP, and the Azure portal, only option B is correct as stated. See Chapter 6 for more information.
Which of the following would you choose to perform management tasks in Azure as an experienced Linux administrator? A. Azure PowerShell B. Azure CLI C. Azure Tools for Linux D. Azure Power Tools for Linux
B. Azure CLI is an implementation of the Bash shell, making it an excellent management tool for experienced Linux administrators. See Chapter 7 for more information.
Azure China is a physically isolated instance of Azure available only to Chinese government entities. A. Yes B. No
B. Azure China is a physically isolated instance of Azure, but it is available to business as well as governmental organizations within China. See Chapter 4 for more information.
You manage internal Azure billing for your organization, allocating costs to various departments based on their consumption of Azure services. Which of the following would you use to define budgets for subscriptions? A. Azure Cost Management + Billing B. Azure Cost Management C. Azure Monitor D. Azure Quota Management
B. Azure Cost Management enables you to define budgets for your Azure subscriptions and track expenditures. See Chapter 6 for more information.
Your organization has compliance restrictions that prevent your data from traversing the Internet between your on-premises data center and your resources in Azure. Which of the following provides a solution for this requirement? A. Azure Managed VPN B. Azure ExpressRoute Direct C. Azure VPN Gateway D. Azure ExpressRoute
B. Azure ExpressRoute Direct provides similar capabilities as Azure ExpressRoute but is not routed across the Internet. See Chapter 4 for more information.
Which of the following provides significant discounts for purchasing Azure services? A. Azure Reserved Instances (ARI) B. Azure Reservations C. Azure Managed Services D. Azure Enterprise
B. Azure Reservations enables you to reserve Azure resources with a monetary commitment and receive potentially very significant discounts as a result. See Chapter 6 for more information.
Which of the following would you use to view status information about resources that your organization hosts in Azure? A. Azure PowerShell B. Azure Service Health C. Azure portal D. Azure Security Center
B. Azure Service Health enables you to view status information for resources that you host in Azure. See Chapter 4 for more information.
Microsoft Azure enables your organization to move IT expenditures to: A. Capital expenditures B. Operational expenditures C. A controlled expense model D. None of the above
B. Azure is a consumption-based cloud model in which you pay only for the services that you consume, enabling you to move from a CapEx model to an OpEx model. See Chapter 1 for more information.
Which of the following would enable your organization to monitor and control thousands of sensors deployed in a manufacturing facility, including analyzing telemetry from the sensors? A. IoT Hub B. IoT Central C. IoT Connector D. Azure Sphere
B. IoT Central enables you to monitor and control IoT devices. See Chapter 5 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Microsoft provides at least "30 days" notice before it retires an Azure service. A. 6 months B. 12 months C. 2 year D. 5 years
B. Microsoft provides 12 months' notice before retiring an Azure service. See Chapter 6 for more information.
An Azure region: A. Describes a specific Azure data center B. Is usually paired with another region to ensure high availability C. Can span across multiple countries D. Encompasses the data centers in which all of your Azure resources reside
B. Regions are usually paired with other regions in Azure to help ensure high availability. See Chapter 2 for more information.
Accessing an application through a web page rather than installing the application on your local device is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
B. This is an example of SaaS. See Chapter 1 for more information.
Which of the following should you use to view information about planned maintenance in Azure? A. Azure Advisor B. Azure Update Center C. Azure Service Health D. None of the above
C. Azure Service Health enables you to view information about planned maintenance in Azure. See Chapter 4 for more information.
You are deploying a VM-based solution, and due to security and compliance requirements, all traffic reaching that VM must come from a single endpoint located in a different subnet. Which of the following solutions meets this requirement? A. Create a network security group (NSG) with the appropriate routing and apply the NSG to all virtual networks. B. Create a user-defined route and apply it to all subnets in the virtual network. C. Use Azure Firewall to route traffic to the target VM based on the IP address in the resource request URL. D. Create a custom route in Azure Firewall to direct traffic to the endpoint based on source and destination address.
B. To implement custom routing, create a user-defined route and apply it to all relevant virtual networks. See Chapter 4 for more information.
Which of the following is not a true statement? A. You can use the Azure Mobile App to run the Azure CLI. B. You can run Azure CLI directly in the Azure portal. C. You can run the Azure CLI from within the Azure Cloud Shell. D. You can install the Azure CLI on a Windows device.
B. You cannot run the Azure CLI directly in the Azure portal, but instead must open the Azure Cloud Shell from the portal and then choose Azure CLI. See Chapter 7 for more information.
Which of the following accurately describes Azure Monitor? A. Azure Monitor supports only Windows operating systems and SUSE Linux. B. Azure Monitor begins monitoring a resource as soon as you create the resource. C. Azure Monitor is a component service of Azure Telemetry and Reporting. D. Azure Monitor requires you to create logs and metrics to begin monitoring resources.
B. You do not need to configure Azure Monitor for it to begin monitoring a resource. Instead, Azure Monitor begins monitoring as soon as you create a resource. See Chapter 4 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Your organization currently has two Azure subscriptions. Adding a third Azure subscription will "increase your Azure consumption and costs." A. enable you to deploy Azure resources in other regions. B. require you to create a third Azure AD tenant. C. not cause any cost increase by itself. D. No change is needed.
C. Adding an Azure subscription does not by itself result in additional costs, because a subscription is just a logical container for Azure resources, which could be existing resources that you move to the new subscription. See Chapter 6 for more information.
You have deployed a web application in Azure and need HTTPS traffic to be routed to a specific endpoint based on the requested URL. Which of the following load-balancing solutions provides this capability? A. Azure Traffic Manager B. Azure Load Balancer C. Azure Application Gateway D. Azure network security groups
C. Azure Application Gateway provides URL-based routing. See Chapter 4 for more information.
Which of the following would you choose to add natural language question and answer capabilities to a web application? A. Azure Machine Learning B. Azure Cognitive Services C. Azure Bot Services D. Logic Apps
C. Azure Bot Services provides human-like interaction, including natural language question and answer capabilities. See Chapter 5 for more information.
Which of the following is an appropriate solution for placing video files and large documents close to where your globally dispersed users are located to reduce latency? A. A dedicated point-to-point VPN connection between the source files and each location. B. Azure DirectRoute C. Azure Content Delivery Network D. None of the above
C. Azure Content Delivery Network (CDN) enables you to place replicas of content geographically near the users who need to consume the content. See Chapter 4 for more information.
You need to ensure that network traffic between your on-premises data center and Azure is securely encrypted as it traverses the Internet, but you do not want your organization to manage the service. Which of the following should you choose? A. Azure VPN Gateway B. Azure Point-to-Point VPN C. Azure ExpressRoute D. Azure ExpressRoute Direct
C. Azure ExpressRoute is the appropriate solution to provide VPN across the Internet, managed by a third party. See Chapter 4 for more information.
You need to set up a storage solution in Azure to enable you to store the state of an application from one execution of the application to the next. Which of the following storage solutions provide that capability? A. Azure Disk B. Azure Blob C. Azure Files D. Azure Archive
C. Azure Files enables you to save application state from one execution to another. See Chapter 2 for more information.
Which of the following can you use to orchestrate container management in Azure? A. Azure Container Instance (ACI) B. Azure Resource Manager C. Azure Kubernetes D. Azure CLI
C. Azure Kubernetes provides orchestration services for containers that you create with ACI. See Chapter 2 for more information.
You are deploying three VMs in a single region as web front ends to a web application. You need to ensure that power outages or other potential data center outages do not make your web application unavailable. Which of the following achieves this goal? A. You place the VMs in an availability set. B. You place the VMs in separate resource groups. C. You place the VMs in different availability zones. D. You deploy additional VMs to other regions.
C. Distributing VMs across availability zones helps guard against data center outages. See Chapter 2 for more information.
Which of the following would you use to prevent resources in a resource group from being deleted? A. Role-based access control (RBAC) B. Policies C. Resource locks D. Azure Information Protection (AIP)
C. Locking a resource with the CanNotDelete lock prevents resources in the resource group from being deleted. The lock must be removed before a resource in the group can be deleted. See Chapter 4 for more information
Which of the following Azure services offers security recommendations for improving security in your Azure environment? A. Azure Advanced Threat Protection (ATP) B. Azure Information Protection (AIP) C. Azure Security Center D. Azure Service Health
C. Security Center provides recommendations on improving security, as well as monitoring and alerts. See Chapter 4 for more information.
You have been tasked by the director of infrastructure at your organization to estimate the cost of moving a data center from on-premises to Azure. Which of the following should you use to estimate the cost? A. Azure Advisor B. Pricing Calculator C. TCO Calculator D. Azure Migration Planner
C. The TCO Calculator enables you to factor in facilities costs and other factors when estimating a move from on-premises to Azure. See Chapter 6 for more information.
Which of the following tools can you use to estimate the expense of moving a data center from on-premises to Azure? A. Azure Pricing Calculator B. Azure Cost Management + Billing C. Azure TCO Calculator D. Azure CLI
C. The TCO Calculator helps you consider the costs of facilities, power, and related expenses associated with moving services hosted in a data center to Azure.
Your CIO has asked you to investigate Azure as an alternative to hosting resources in your on-premises data center. What is the first action you need to take before creating resources in Azure? A. Create a storage account. B. Create an account in Azure AD. C. Create an Azure subscription. D. Create an Azure AD tenant.
C. The first step before you create or use any resources in Azure is to create a subscription to host those resources. See Chapter 6 for more information.
A service that provides the capability to deploy a SQL database without the need for you to set up a VM or install SQL Server is an example of: A. Infrastructure-as-a-service (IaaS) B. Software-as-a-service (SaaS) C. Platform-as-a-service (PaaS) D. Data-as-a-service (DaaS)
C. This is an example of PaaS. See Chapter 1 for more information.
Which of the following would you use to ensure that the VMs added to a resource group do not exceed certain limits for the number of CPU cores and memory? A. Azure Initiatives B. Azure Configuration Manager C. Azure Policies D. Resource Locks
C. You can use Azure Policies to enforce restrictions on VM resources. See Chapter 4 for more information.
Which of the following is a popular code repository for open source software development? A. Azure DevTest Labs B. Azure DevOps C. GitHub D. Azure Artifacts
C. Although Azure DevOps provides features and functions similar to GitHub, GitHub is intended for open source projects. See Chapter 5 for more information.
Your CIO has directed you to implement a solution that enables your organization to protect emails and documents using policies, identities, and encryption. Which of the following satisfies this requirement? A. Azure Advanced Threat Protection (ATP) B. Azure Policies C. Azure Initiatives D. Azure Information Protection (AIP)
D. Azure Information Protection (AIP) provides the capability to protect emails and documents using policies, identities, and encryption. See Chapter 4 for more information.
Which of the following describes the benefit economy of scale as it relates to Microsoft Azure? A. The capability to distribute resources across multiple regions to reduce cost B. The ability to place resources in less expensive Azure regions to reduce costs C. The capability to automatically scale down the number of virtual machines in an Azure solution to reduce costs when demand decreases D. The decrease in price per subscriber as more subscribers are added
D. As the number of subscribers increases, the cost to provide a service to those subscribers goes down because the cost is spread across more users, providing an economy of scale. See Chapter 1 for more information.
Which of the following statements is not true? A. Azure Advisor provides recommendations for cost management. B. Azure Advisor provides recommendations for operational excellence. C. Azure Advisor provides recommendations for security. D. Azure Advisor provides reporting for the health and status of Azure services.
D. Azure Advisor does not provide reporting for health and status of Azure services. See Chapter 4 for more information.
You are a developer and need to store security credentials for a web application in a secure store in Azure. Which of the following meets this need? A. Azure AD Premium B. Security Center C. Azure Credential Manager D. Azure Key Vault
D. Azure Key Vault is the appropriate place to store secrets such as security credentials in Azure. See Chapter 4 for more information.
Which of the following does not provide load balancing between resources in Azure? A. Azure Front Door B. Azure Traffic Manager C. Azure Load Balancer D. Azure network security groups (NSGs)
D. Azure NSGs do not provide load-balancing capability. See Chapter 4 for more information.
Which of the following should you use to implement a large, repeatable deployment of resources in Azure with associated role assignments and policies? A. Azure PowerShell B. Azure CLI C. Azure Initiatives D. Azure Blueprints
D. Blueprints enable you to create large, repeatable deployments of resources in Azure with corresponding role and policy assignments. See Chapter 4 for more information.
Which of the following is an example of authorization? A. Providing a username and password when logging in to your device B. Receiving a text message on your mobile device after providing a username and password for a website C. Presenting a passport to enter another country D. Presenting a visa to enter another country
D. In this example, the first three options are examples of authentication (identifying the holder), but do not authorize the user. The visa provides that authorization for entering the country. See Chapter 4 for more information.
Replace the quoted section of the statement if needed to make the statement true: Azure DDoS Protection Standard "alerts you to DNS attacks as they are happening." A. begins protecting resources from DNS attacks as soon as you configure DDoS on the resource. B. begins protecting resources from DNS attacks as soon as you configure the service on a virtual network. C. provides protection and alerts against DDoS attacks but does not provide mitigation reporting. D. No change is needed.
D. No change is needed, since DDoS Standard provides alerting to ongoing distributed denial-of-service (DDoS) attacks. It also provides alerting and mitigation reporting. See Chapter 4 for more information.
What is the function of a resource group in Azure? A. It provides automatic scaling of CPU cores, memory, and other resources for VMs. B. It enables you to establish a higher SLA for VMs. C. It protects resources from being deleted. D. It serves as a logical container for Azure resources
D. Resources groups serve as a logical container for Azure resources. See Chapter 2 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Resource Manager "enables you to deploy multiple resources using JSON-based templates." A. is the primary tool you use to manage resources in Azure. B. is the blade in Azure portal that provides access to resource management and monitoring tools, including management templates. C. enables you to interactively allocate additional CPU cores and memory to VMs. D. No change is needed.
D. The quoted fragment is correct. See Chapter 2 for more information.
Is the quoted portion of the following statement true, or does it need to be replaced with one of the other fragments that appear below? Azure Functions is "a solution for creating serverless, stateless functions that can be called from other Azure services to perform data processing." A. a solution for building workflow-based functions that integrate with other Azure services to perform data processing. B. a component of Azure DevOps that helps simplify development and deployment of serverless, stateful functions for data processing. C. a library of functions you can implement in your web applications to monitor and manage Azure services. D. No change is needed.
D. The statement is correct, so no change is needed. See Chapter 5 for more information.
Which of the following in an example of vertical scaling? A. Adding VMs to a web app as demand increases B. Reducing memory allocated to VMs when demand decreases C. Adding CPU cores to a VM when demand increases D. Both B and C
D. Vertical scaling refers to adding or removing resources such as CPU cores or memory as demand changes. See Chapter 2 for more information.