AZ-900 Practice Exam Q/As
What type of documents does the Microsoft Service Trust Portal provide?
A list of standards that Microsoft follows, pen test results, security assessments, white papers, faqs, and other documents that can be used to show Microsoft's compliance efforts
It can be said that most services in Azure have a public endpoint by default. What is a public endpoint?
A public endpoint is effectively a URL that you can use to access data and applications from outside a virtual network. This includes the public Internet. Applications inside Azure can also access this using the public endpoint. Of course, there is often additional security on the application or data to prevent malicious use of this endpoint.
Which of the following Azure Resources are required in order to have a virtual machine? Only choose services that are required, not ones that are optional.
A virtual machine needs a network card, storage and a virtual network. It does not need a public IP address. In fact, most Azure VMs are private and are not accessible from the Internet.
Which of the following are factors in Total Cost of Ownership?
All of the above. The total cost of running a server includes not only the cost of the machine (hardware), and the software, but also the costs of hosting that machine including electricity, real estate, Internet, and salaries of the employees needed to manage the machine.
What is a core principle of Zero Trust?
Assumes your network is already breached. - Assume your network has been breached already. This forces you to take a defensive posture even behind the firewall. All communications must be encrypted. All communications must be authenticated. Never assume any request made from a client to a server is authentic. Validate everything.
What are Azure Availability Zones?
Availability Zones - Unique physical locations within an Azure region, made up of one or more data centers; there is a minimum of three zones in each region; you can manually place your resources in an availability zone for highest availability
Which of the following is the best approach when you need to copy large amount of files between two Azure Storage accounts?
AzCopy - AzCopy allows you to copy files between two Azure Storage accounts without having to download the files to your local machine. The other options are slower, and more expensive.
What is Azure's preferred Identity/authentication service?
Azure AD
What are the two features that Azure AD provides? Choose two.
Azure AD provides many features, but only the two are listed. These being Authentication and Application management.
Which tool within the Azure Portal will make specific recommendations based on your actual usage for how you can improve your use of Azure?
Azure Advisor
Which Azure technology allows you to manage virtual machines running in Azure, in your own environment, and in other environments such as AWS?
Azure Arc
What is the purpose of Azure Blueprints?
Azure Blueprints allows you to create a "template" on which new subscriptions can be made. This way, new subscriptions can come with a pre-defined list of policies, ARM templates, and custom RBAC roles. This way, a subscription follows a company standard each time.
Which of the following scenarios would Azure Policy be a recommended method for enforcement?
Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure.
What does ARM an abbreviation for in Azure?
Azure Resource Manager (ARM) - this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, PowerShell or the SDK, the Azure Resource Manager takes those commands and executes them
Which feature within Azure alerts you to service issues that happen in Azure itself, not specifically related to your own resources?
Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime
Two examples of Azure Sovereign Regions
Azure US Government & Azure China
What operating systems does Microsoft supply Azure Virtual Machine images for?
Azure Virtual Machines support Windows and Linux
What benefit does Azure Scalesets provide when it comes to virtual machines in Azure?
Can manage groups of VMs as one unit. - Scalesets are groups of virtual machines, managed as a single unit. You can set rules for scaling up or scaling down.
Why would someone prefer a Consumption-based pricing model as opposed to a Time-based (Fixed) pricing model?
Consumption-Based Model - paying for something based on how much you used, as opposed to paying for something no matter if you use it or not.
Which Azure AD licenses (select two) are made available through Azure?
Explanation Azure Active Directory provides the following licenses: Free, Office 365, Premium P1, and Premium P2.
What is the fastest connection type between your on-premesis network and Microsoft Azure, if money was not a concern?
Express Route is a private connection from your data center to a Microsoft Azure partner, which has a direct fiberoptic connection into Azure. If you're looking for reliable, high-speed connections into Azure, you should be looking at Express Route.
True or false: Azure charges for bandwidth used <b>inbound</b> to Azure
F - Ingress bandwidth is free. You pay for egress (outbound)
True or False: Azure is a public cloud, and has no private cloud offerings
F - Some aspects of Azure are not open to the public and require a private agreement with Microsoft such as Azure Government and DoD services
True or false: Azure Active Directory is a network gateway that load balances user logins using a CDN (Content Delivery Network).
FALSE - No, Azure Active Directory is an enterprise identity service that provides single sign-on and multi-factor authentication
Which of the following elements is considered part of the <b>perimeter</b> layer of security?
Firewall is part of the perimeter security
How many availability zones are there in each region (for regions that have them)?
For regions that support availability zones, you can deploy your resources to zone 1, 2 or 3. There are 3 zones in each region.
Which of the following services would NOT be considered Infrastructure as a Service?
Functions are small pieces of code that you give to Azure to run for you, and you have no access to the underlying infrastructure.
What is GRS?
Geo-redundant storage - Replicated 3 times within primary region, plus 3 times in secondary region hundreds of KM's away from primary region. No read access in secondary.
Which storage redundancy option is the cheapest?
LRS (Locally Redundant Storage) has the lowest price of all the options.
what is LRS?
Locally Redundant Storage
What Azure tool gives you the ability to manage multiple subscriptions into nested hierarchies?
Management Groups - a hierarchy of subscriptions; can have many subscriptions, and group them, and put those groups into other groups
How does Multi-Factor Authentication make a system more secure?
Multi-Factor Authentication (MFA) - the concept of having something additional to a password" that is required to log in; passwords are findable or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for a unknown hacker to get
True of false: Azure Powershell scripts and Command Line Interface (CLI) scripts are entirely compatible with each other?
No, PowerShell is it's own language, different than CLI
Why is Azure App Services considered Platform as a Service?
PaaS - You give Azure the code and the configuration, and you have no access to the underlying hardware
Which Azure technology allows you to log in to Azure Active Directory device or application using your face, a PIN code, or a gesture instead of having to type a password?
Passwordless authentication makes it easier to log into your Azure AD accounts using your face, a PIN, or a gesture instead of having to remember a password. This increases convenience without reducing security. It does this because you've logged into that device before, and it remembers you. One of the downsides to additional security measures (like Multi-factor authentication) is that it reduces convenience in order to increase security.
What benefit does Availability Sets provide when it comes to virtual machines in Azure?
Physically and logically seperates VMs so that if one goes down, the other do not go down.
What is RA-GRS
Read-access geo-redundant storage (RA-GRS) not only replicates your data to a secondary geographic location but also provides read access to your data in the secondary location. RA-GRS allows you to access your data from either location, in the event that one location becomes unavailable.
What are Resource Groups in Azure?
Resource Groups - a folder structure in Azure in which you organize resources like databases, virtual machines, virtual networks, or almost any resource
What types of resources are defined as <b>compute resources</b>?
Resources that perform some type of task that requires CPU cycles to perform the work.
Which of the following elements is considered part of the <b>network</b> layer of network security?
Seperate servers into distinct subnets by role - Subnets is part of network security
What is Single Sign-On?
Single-Sign On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD
True or false: Azure Cloud Shell allows access to the CLI and Powershell consoles in the Azure Portal
T- Cloud Shell - allows access to the CLI and Powershell consoles in the Azure Portal
True or False: An Azure Storage Account can have both a public endpoint and a private endpoint at the same time.
TRUE - The public endpoint can be enabled, restricted to certain networks or disabled. Multiple private endpoints can be created. There is no restriction preventing you from having both a public endpoint accessible from the Internet and one or more private endpoints as well.
With Azure public cloud, anyone with a valid credit card can sign up and get services immediately (subject to the usual country restrictions of course)
TRUE - Yes, Azure public cloud is open to the public in all countries that Azure supports.
What affect does using a "read only" resource lock on a Azure Storage Account have?
The storage account cannot have its properties altered but it doesnt affect the data itself. - Resource Locks only affect your ability to make changes to a resource within Azure but do not affect the resource itself. For instance, a resource lock on a virtual machine still allows the VM to operate but will prevent someone from restarting a VM. Similarly, a resource lock on a storage account only affects the Azure properties of the account.
What Azure resource allows you to evenly split traffic coming in and direct it to several identical virtual machines to do the work and respond to the request?
This is the core feature of either a Load Balancer or Application Gateway
True or False: Under the Infrastructure as a Service model, Azure is responsible for managing the physical host, physical network, and physical datacenter.
Yes, Azure still manages the hardware itself, the hypervisor and all of the physical elements behind the scenes
What is ZRS?
Zone-redundant storage - Replicated 3 times across two regions. If you select this when you create the storage account, you cannot change from it.
