Azure Admin Quiz Question Set

How many Parameters are allowed in an ARM Template?

256 You can reduce the number of parameters by using objects that contain multiple properties.

Which of the following would be good example of when to use a resource lock? Select one. A ExpressRoute circuit with connectivity back to your on-premises network. A non-production virtual machine used to test occasional application builds. A storage account used to temporarily store images processed in a development environment.

A ExpressRoute circuit with connectivity back to your on-premises network.

Which of the following best describes the format of an Azure Resource Manager template? Select one: A Markdown document with a pointer table A JSON document with key-value pairs A TXT document with key-value pairs An XML document with element-value pairs

A JSON document with key-value pairs

Which of the following best describes the format of an Azure Resource Manager template? Select one. A JSON document with key-value pairs A TXT document with key-value pairs An XML document with element-value pairs

A JSON document with key-value pairs

What kind of account would be created to allow an external organization easy access? An external account for each member of the team. An administrator account for each member of the team. A guest user account for each member of the external team.

A guest user account for each member of the external team. A guest user account restricts users to just the access they need.

Which of the following is not a feature of Cloud computing?

A limited pool of services

You are configuring Self-service Password Reset. Which of the following is not a validation method? Select one. An email notification. A text or code sent to a user's mobile or office phone. A paging service. A set of security questions

A paging service.

By default, multi-factor authentication is applied to which Azure AD group? Admin agents Administrators All users Domain users

Administrators

Which of the following statements is a valid statement about an Azure subscription? Using Azure doesn't require a subscription. An Azure subscription is a logical unit of Azure services.

An Azure subscription is a logical unit of Azure services.

A dedicated and trusted instance of Azure AD is referred to as: An Azure tenant An Azure identity An Azure account

An Azure tenant

A dedicated and trusted instance of Azure Active Directory is often referred to as? An Azure tenant An Azure identity An Azure Active Directory account

An Azure tenant A tenant is a dedicated and trusted instance of Azure AD. A Tenant is automatically created when the organization signs up for a Microsoft cloud service subscription.

Which of the following would be good example of when to use a resource lock? Select one: An ExpressRoute circuit with connectivity back to your on-premises network. A non-production virtual machine used to test occasional application builds. A storage account used to temporarily store images processed in a development environment. A resource group for a new branch office that is just starting up.

An ExpressRoute circuit with connectivity back to your on-premises network.

Your company provides cloud software to audit administrative access in Microsoft Azure resources. The software logs all administrative actions (including all clicks and text input) to log files. The software is about to be released from beta and the company is concerned about storage performance. You need to deploy a storage solution for the log files to maximize performance. What should you do? Select one: Deploy Azure Files using SMB 3.0. Deploy Azure Table Storage. Deploy Azure Queues Storage. Deploy blob storage using block blobs. Deploy blob storage using append blobs.

Append blobs optimize append operations (writes adding onto a log file, for example). In this scenario, the company needs to write data to log files, most often appending data (until a new log file is generated). Block blobs are cost efficient but not designed specifically for append operations, so performance isn't as high. Queue Storage is used for apps to communicate. Table Storage is a NoSQL database but not optimized for this scenario. Azure Files is geared for SMB storage, such as from Windows Servers but doesn't offer the optimized solution that append blobs do.

The company financial controller wants to identify which billing department each Azure resource belongs to. Which of the following is the best approach to meeting this requirement? Track resource usage in a spreadsheet. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. Apply a tag to each resource that includes the associated billing department.

Apply a tag to each resource that includes the associated billing department. Tags provide extra information, or metadata, about your resources. The team might create a tag that's named BillingDept whose value would be the name of the billing department. Azure policy ensures that the proper tags are assigned when resources are provisioned.

Your company hires a new IT administrator. She needs to manage a resource group with first-tier web servers including assigning permissions. However, she should not have access to other resource groups inside the subscription. You need to configure role-based access. What should you do? Select one: Assign her as a Subscription Owner. Assign her as a Subscription Contributor. Assign her as a Resource Group Owner. Assign her as a Resource Group Contributor

Assign her as a Resource Group Owner.

There are three virtual machines (VM1, VM2, and VM3) in a resource group. The Helpdesk hires a new employee. The new employee must be able to modify the settings on VM3. The employee must not be able to make changes on VM1 and VM2. Which of following meets the requirements and minimizes administrative overhead? Assign the user to the Contributor role on the resource group. Assign the user to the Contributor role on VM3. Move VM3 to a new resource group and assign the user to the Owner role on VM3.

Assign the user to the Contributor role on VM3.

You have three virtual machines (VM1, VM2, and VM3) in a resource group. The Helpdesk hires a new employee. The new employee must be able to modify the settings on VM3, but not on VM1 and VM2. Your solution must minimize administrative overhead. What should you do? Select one: Assign the user to the Contributor role on the resource group. Assign the user to the Contributor role on VM3. Move VM3 to a new resource group and assign the user to the Contributor role on VM3. Assign the user to the Contributor role on the resource group, then assign the user to the Owner role on VM3.

Assign the user to the Contributor role on VM3.

Which of the following correctly describes Azure Active Directory? Azure AD can be queried through LDAP. Azure AD is primarily an identity solution Azure AD uses Organizational Units (OUs) and Group Policy Objects (GPOs).

Azure AD is primarily an identity solution Azure AD is primarily an identity solution, and it is designed for Internet-based applications by using HTTP and HTTPS communications.

Identify three differences from the following list between Azure Active Directory (AD) and Active Directory Domain Services (AD DS). Select three: Azure AD uses HTTP and HTTPS communications Azure AD uses Kerberos authentication There are no Organizational Units (OUs) or Group Policy Objects (GPOs) in Azure AD Azure AD includes Federation Services Azure AD can be queried through LDAP

Azure AD uses HTTP and HTTPS communications There are no Organizational Units (OUs) or Group Policy Objects (GPOs) in Azure AD Azure AD includes Federation Services

Your company is building an app in Azure. The app has the following storage requirements: ● Storage must be reachable programmatically through a REST API. ● Storage must be globally redundant. ● Storage must be accessible privately within the company's Azure environment. ● Storage must be optimal for unstructured data. Which type of Azure storage should you use for the app? Select one: Azure Data Lake store Azure Table Storage Azure Blob Storage Azure File Storage

Azure Blob Storage is optimal for unstructured data and meets the requirements for the company's app. Azure Data Lake supports some of the requirements, such as unstructured data and REST API access. However, Azure Data Lake is geared for analytics workloads and is only available as locally-redundant (multiple copies of data in a single Azure region).

Which Azure service automates the deployment of complete Azure environments, including policies and permissions? Azure Blueprints Azure Advisor Azure Policy Azure Migrate

Azure Blueprints Azure Blueprints automates the deployment of entire Azure environments. A blueprint is a collection of Azure Resource Manager templates plus a few other details, such as policies and user permissions. When a blueprint is assigned to a subscription, it not only automates the creation of an environment, but it also keeps a record of the deployment. This makes it a critical governance tool because it enables the tracking and auditing of deployments.

Which Azure service is ideal for developers with little to no experience with machine learning who want to add pre-built artificial intelligence services to their applications? Azure Cognitive Services Azure Machine Learning Studio Azure Machine Learning Services Azure Analysis Services

Azure Cognitive Services Microsoft offers lots of different AI services. If you're new to AI, then the best place to start is Azure Cognitive Services. This is a collection of pre-built artificial intelligence tools. These services let you add AI capabilities to applications even if you don't know anything about machine learning. They're grouped into five categories: decision, language, speech, vision, and web search.

Which service simplifies the process of configuring, deploying, and managing a simple containerized application on the Azure cloud? Azure Container Instances Azure Functions Azure App Service Azure Pipelines

Azure Container Instances Containers are somewhat like virtual machines except they don't include the operating system. This makes it easy to deploy them because they're very lightweight compared to virtual machines. In fact, containers run on virtual machines. Microsoft provides a variety of ways to run containers. The simplest way is to use Azure Container Instances. This service lets you run a container using a single command.

Which Azure analytics service provides a user-friendly way to run Spark jobs, and is easier to manage than Azure HDInsight? Azure Synapse Analytics Azure Databricks Azure Data Factory Azure Stream Analytics

Azure Databricks Microsoft's analytics offerings have evolved over time, which is why you'll see a variety of services in this area. Azure Databricks is a similar service because it runs Spark as well, but it's more user-friendly and easier to manage than HDInsight.

Your company is planning to storage log data, crash dump files, and other diagnostic data for Azure VMs in Azure. The company has issued the following requirements for the storage: ● Administrators must be able to browse to the data in File Explorer. ● Access over SMB 3.0 must be supported. ● The storage must support quotas. You need to choose the storage type to meet the requirements. Which storage type should you use? Select one: Azure Files Table storage Blob storage Queue storage

Azure Files supports SMB 3.0, is reachable via File Explorer, and supports quotas. The other storage types do not support the requirements. While blob storage is good for unstructured data, it cannot be accessed over SMB 3.0.

Which of the following services should be used when the primary concern is to perform work in response to an event (often via a REST command) that needs a response in a few seconds? Azure Functions Azure App Service Azure Container Instances

Azure Functions Azure Functions is used when you need to perform work in response to an event (often via a REST request), timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.

What is one of Azure's oldest analytics services and supports several open-source big data frameworks such as Hadoop, Spark, and Hive? Azure HDInsight Azure Databricks Azure Synapse Analytics Azure Data Factory

Azure HDInsight When you have a large volume of data coming in, whether it's from IoT devices or applications, you'll probably want to perform analytics on it. Microsoft's analytics offerings have evolved over time, which is why you'll see a variety of services in this area. The oldest one is HDInsight. It supports a wide variety of open-source big data frameworks, including Hadoop, Spark, Hive, Storm, and many others.

What Azure service allows you to automate tasks with a simple drag-and-drop interface and without the use of code? Azure Logic Apps Azure Functions Azure App Service Azure API Management

Azure Logic Apps Microsoft offers a service called Azure Logic Apps that lets you automate tasks without writing any code. You can create a logic app using a drag-and-drop interface.

Which Azure service can help you specifically manage the process of moving on-premise applications to the Azure cloud? Azure Migrate Azure Functions Azure Monitor Azure Active Directory

Azure Migrate If your organization is just getting started with Azure, then one of the first things you'll want to do is figure out how you can migrate at least some of your existing applications to Azure. Microsoft provides a great tool for this called Azure Migrate. First, it discovers your on-premises servers, both physical and virtual. On the virtual side, this includes both Hyper-V and VMware. Then it assesses these machines. For each one, it tells you whether or not it's ready to migrate, how big the Azure VM will be, how much it will cost, and any dependent servers that will also need to be migrated. When you're ready, it will even help you do the migration. Azure Migrate is also integrated with other tools to help you migrate SQL Server databases, web apps, and data. Also, if you have a virtual desktop infrastructure, there's a tool that will do an assessment to help you migrate it to Windows Virtual Desktop, which is hosted on Azure.

Which service within the Azure DevOps suite allows you to create continuous workflows to build, test and deploy code? Azure Pipelines Azure Boards Azure DevTest Labs Azure Repos

Azure Pipelines The DevOps approach has spread rapidly in organizations around the world. If you're not familiar with it, the idea is that you can automate large portions of the building, testing, and releasing of application updates. Microsoft offers a suite of services called Azure DevOps to help you implement these processes. The most important service in this suite is called Azure Pipelines. It lets you create automated workflows to continuously build, test, and deploy code.

The compliance dashboard for Microsoft Defender for Cloud is connected with which of the following services to allow you to create compliance requirements for accounts and resources within your Azure account? Azure Policy Azure Advisor Azure Monitor Azure Service Health

Azure Policy First, it shows you how compliant your Azure subscriptions are. This is based on policies that you create in a service called, naturally, Azure Policy. For example, if someone in your organization creates a subscription that doesn't have your regulatory policy controls assigned to it, then it will show up in this compliance panel.

Which Azure service gives you full control of every machine learning stage, and is ideal for experienced AI developers who need to build a customized artificial learning application? Azure Monitor Azure Application Insights Azure Service Health Azure Advisor

Azure Service Health Microsoft also provides a dashboard called Service Health where you can find out about problems with the Azure platform itself as well as upcoming maintenance events. You can even create alerts so you'll be notified of both planned and unplanned outages.

Which Azure IoT service provides its own certified chips, operating system, and security service to increase the security for IoT devices? Azure Sphere Azure IoT Hub Azure IoT Central Azure IoT Edge

Azure Sphere Microsoft also offers a solution called Azure Sphere to make your IoT devices more secure. It includes certified chips, the Azure Sphere operating system, and the Azure Sphere Security Service, all of which provide layers of protection for your IoT devices.

Which Azure service should you use if you want to provide load balancing for VMs or web apps that are distributed across multiple regions? Azure Monitor Azure Traffic Manager Azure ExpressRoute Azure Container Networking Interface

Azure Traffic Manager If you want to provide load balancing for VMs or web apps that are distributed across multiple regions, then you'll need to use Azure Traffic Manager.

Your company has a team of remote workers that need to use Windows-based software to develop your company's applications, but your team members are using various operating systems like macOS, Linux, and Windows. Which Azure compute service would help resolve this scenario? Azure App Service Azure Virtual Desktop Azure Container Instances

Azure Virtual Desktop Azure Virtual Desktop enables your team members to run Windows in the cloud, with access to the required applications for your company's needs.

What Azure Cloud compute service is useful when planning a 'lift-and-shift" migration of an application from an on-premises environment to the Azure Cloud? Azure Functions Azure DevOps Azure Container Instances Azure Virtual Machines

Azure Virtual Machines

Which of the following services is an example of 'Infrastructure-as-a-Service' or IaaS on Microsoft Azure? Azure Functions Azure Virtual Machines Azure Kubernetes Service Azure App Service

Azure Virtual Machines

What's the main difference between Azure roles and Azure Active Directory roles? Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains. Azure roles can be assigned at the root level. Azure AD roles are used to manage access to Azure resources.

Azure roles apply to Azure resources. Azure AD roles apply to Azure AD resources such as users, groups, and domains.

Which of the following is a logical unit of Azure services that links to an Azure account? Azure subscription Management group Resource group Public cloud

Azure subscription

Which of the following is not true about the Cloud Shell? Authenticates automatically for instant access to your resources. Cloud Shell is assigned multiple machines per user account. Provides both Bash and PowerShell sessions. Provides an editor. Requires an Azure file share.

Cloud Shell is assigned multiple machines per user account.

You are managing Azure locally using PowerShell. You have launched the app as an Administrator. Which of the following commands would you do first? Connect-AzAccount Get-AzResourceGroup Get-AzSubscription New-AzResourceGroup

Connect-AzAccount

Which of the following roles has full access to manage all resources but cannot assign roles? Contributor Owner Reader

Contributor grants full access to manage all resources, but cannot assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

Which of the following roles has full access to manage all resources but does not allow you to assign roles? Select one. Owner Contributor Reader

Contributor. Grants full access to manage all resources, but does not allow you to assign roles.

Your company financial comptroller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. What should you do? Select one: Create an Azure reservation. Create a budget and a spending threshold. Create a management group. Enter workloads in the Total Cost of Ownership calculator.

Create a budget and a spending threshold.

The company financial controller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which of the following is the best approach to meeting this requirement? Create an Azure reservation. Create a budget and a spending threshold. Create a management group.

Create a budget and a spending threshold. Billing Alerts will help monitor and manage billing activity for your Azure accounts. Budget thresholds can be evaluated and will be reset automatically at the end of a period.

You work for an open source development company. You use Microsoft Azure for a variety of storage needs. Up to now, all the storage was used for internal purposes only. It is organized in block blobs. Each block blob is in its own container. Each container is set to default settings. In total, you have 50 block blobs. The company has decided to provide read access to the data in the block blobs, as part of releasing more information about their open source development efforts. You need to reconfigure the storage to meet the following requirements: ● All block blobs must be readable by anonymous internet users. You need to configure the storage to meet the requirements. What should you do? Select one: Create a new container, move all the blobs to the new container, and then set the public access level to Blob. Set the public access level to Blob on all the existing containers. Create a new shared access signature for the storage account and then set the allowed permissions to Read, set the allowed resource types to Object, and set the allowed services to Blob. Create a new access key for the storage account and then provide the connection string in the storage connectivity information to the public.

Create a new container, move all the blobs to the new container, and then set the public access level to Blob. In this scenario, you need to reconfigure 50 containers. While you can do that, it goes against the requirement to reduce the administrative overhead of future access changes. A shared access signature could work here, but not with the settings outlined in the answer choice. An access key is meant for use by your apps when communicating internally in Azure to the storage. In this scenario, you should create a new container, move the existing blobs, and then set the public access level to Blob. In the future, when access changes are required, you can configure the single container (which would contain all blobs).

Your organization has several Azure policies that they would like to create and enforce for a new branch office. What should you do? Select one: Create a policy initiative Create a management group Create a resource group Create a new subscriptions

Create a policy initiative

You would like to categorize resources and billing for different departments like IT and HR. The billing needs to be consolidated across multiple resource groups and you need to ensure everyone complies with the solution. What should you do? Choose two to complete a solution Create tags for each department. Create a billing group for each department. Create an Azure policy. Add the groups into a single resource group. Create a subscription account rule.

Create an Azure policy. Create tags for each department.

You need to target policies and review spend budgets across several subscriptions you manage. What should you do? Select one: Create resource groups Create management groups Create billing groups Create Azure policies

Create management groups

What is meant by cloud computing?

Delivery of computing services over the internet.

Which of the following options isn't a type of cloud computing? Distributed cloud Hybrid cloud Private cloud Public cloud

Distributed cloud

True or false: You need to purchase an Azure account before you can use any Azure resources.

False

Which of the following choices isn't a benefit of using cloud services? Scalability Disaster recovery High availability Geographic isolation

Geographic isolation

Which Active Directory role will allow a user to manage all the groups in your Teams tenants and be able to assign other administrator roles? Global administrator Security administrator User administrator Check your answers

Global Administrator manages all aspects of Azure AD and Microsoft services that use Azure AD identities. This includes managing groups across tenants and assigning other administrator roles.

You would like to add a user who has a Microsoft account to your subscription. Which type of user account is this? Select one. Cloud identity Directory-Synchronized identity Guest User

Guest user. Guest users are users added to Azure AD from a third party like Microsoft or Google.

Which blob access storage tier would you use when dealing with a large amount of data that is actively used? Cold Archive Hot

Hot The hot access tier is used for data that is accessed frequently. The cool access tier is typically used for infrequently access data. The Archive access tier can only be set at the Blob level and not on the actual storage account level.

The _____ Device Management option can automatically register devices. Azure AD Join Hybrid Azure AD Join Administrator Join Remote Administration

Hybrid Azure AD Join

Your company has a file server named FS01. The server has a single shared folder that users' access to shared files. The company wants to make the same files available from Microsoft Azure. The company has the following requirements: Microsoft Azure should maintain the exact same data as the shared folder on FS01. Files deleted on either side (on-premises or cloud) shall be subsequently and automatically deleted from the other side (on-premises or cloud). You need to implement a solution to meet the requirements. What should you do? Select one: Deploy DFS Namespaces. Install and use AZCopy. Deploy Azure File Sync. Install and use Azure Storage Explorer. Deploy storage tiering.

In this scenario, only Azure File sync can keep FS01 and Azure synced up and maintaining the same data. While AZCopy can copy data, it isn't a sync solution to have both sources maintain the exact same files. Storage tiering is used for internal tiering (SSD and HDD, for example). While DFS Replication could fit here, DFS Namespace doesn't offer the replication component. Storage Explorer is a tool for managing different storage platforms.

When using a CSV template to create multiple users, which field is required? Initial password Job title Department Block sign

Initial password

Which of the following is not an element in the template schema? Select one: Functions Inputs Outputs Parameters

Inputs

Which of the following is not an element in the template schema? Select one. Functions Inputs Outputs

Inputs. Inputs is not a part of the template schema. The elements of an Azure Resource Manager template are schema, contentVersion, apiProfile, parameters, variables, functions, resources, and output.

What is required in order to allow users to register their devices in Azure AD? Blueprints Intune Advanced Threat Protection Rights Management

Intune

Your users want to sign-in to devices, apps, and services from anywhere. They want to sign-in using an organizational work or school account instead of a personal account. You must ensure corporate assets are protected and that devices meet standards for security and compliance. Specifically, you need to be able to enable or disable a device. What should you do? Select one. Enable the device in Azure AD. Join the device to Azure AD. Register the device with Azure AD.

Join the device to Azure AD. Joining a device is an extension to registering a device. This means, it provides you with all the benefits of registering a device, like being able to enable or disable the device. In addition, it also changes the local state of a device. Changing the local state enables your users to sign-in to a device using an organizational work or school account instead of a personal account.

You are creating a new resource group to use for testing. Which two of the following parameters are required when you create a resource group with PowerShell or the CLI? Select two: Location Name Region Subscription Tag

Location Name

Which of the following can be used to manage governance across multiple Azure subscriptions? Azure initiatives Management groups Resource groups

Management groups

Which of the following choices isn't a cloud computing category? Networking-as-a-Service (NaaS) Platform-as-a-Service (PaaS) Infrastructure-as-a-Service (IaaS) Software-as-a-Service (SaaS)

Networking-as-a-Service (NaaS)

When managing password reset, which section contains the option to let the user know when a password is reset? Customization Notifications Properties Authentication methods

Notifications

Which user property is needed to add a user to a group with PowerShell? ObjectID AzureADUser DisplayName UserName

ObjectID

What Access is Required to create or delete resource management locks?

Only the Owner and User Access Administrator roles can create or delete management locks.

You are assigning Azure AD roles. Which role will allow the user to manage all the groups in your Teams tenants and be able to assign other administrator roles? Select one. Password administrator Security administrator Global administrator

Only the global administrator can manage groups across tenants and assign other administrator roles.

What is included in a custom Azure role definition? Operations allowed for Azure resources and the scope of permissions The assignment of a custom role Actions and DataActions operations scoped to the tenant level

Operations allowed for Azure resources and the scope of permissions

Your boss wants you to create a list of all guest users in Azure. Which section of the portal will quickly show you a list of all guest users? Groups Organizational relationships Licenses Users

Organizational relationships

Identity Protection, Privileged Identity Management, and Access Reviews are included in which edition of Azure AD? Office 365 P2 Free P1

P2

What are the Two types of Resource Locks?

Read-Only locks, which prevent any changes to the resource. Delete locks, which prevent deletion.

Which of the following replicates your data to a secondary region, maintains six copies of your data, and is the default replication option. Select one: Locally-redundant storage Geo-redundant storage Read-access geo-redundant storage Zone-redundant storage

Read-access geo-redundant storage (GRS) is the default replication option

Which of the following preserves data residency and offers comprehensive compliance and resiliency options? Azure Active Directory Account Regions Subscriptions

Regions

You are reviewing your virtual machine usage. You notice that you have reached the limit for virtual machines in the US East region. Which of the following provides the easiest solution? Select one: Add another resource group Change your subscription plan Request support increase your limit Resize your virtual machines to handle larger workloads

Request support increase your limit

You are reviewing your virtual machine usage. You notice that you have reached the limit for virtual machines in the US East region. Which of the following provides the easiest solution? Select one. Add another resource group Change your subscription plan Request support increase your limit

Request support increase your limit

Which of the following features does not apply to resource groups? Resources can be in only one resource group. Role-based access control can be applied to the resource group. Resource groups can be nested.

Resource groups can be nested.

Your manager asks you to explain how Azure uses resource groups. You provide all of the following information, except? Select one: Resources can be in only one resource group. Resources can be moved from one resource group to another resource group. Resource groups can be nested. Role-based access control can be applied to the resource group.

Resource groups can be nested.

Which type of group can be nested within another group? Office 365 Dynamic Security Automatic

Security

You are planning a delegation model for your Azure storage. The company has issued the following requirements for Azure storage access: ● Apps in the non-production environment must have automated time-limited access ● Apps in the production environment must have unrestricted access to storage resources You need to configure storage access to meet the requirements. What should you do? (Each answer presents part of the solution. Select two: Use shared access signatures for the non-production apps. Use shared access signatures for the production apps. Use access keys for the non-production apps. Use access keys for the production apps. Use Stored Access Policies for the production apps. Use Cross Origin Resource Sharing for the non-production apps.

Shared access signatures provide a way to provide more granular storage access than access keys. For example, you can limit access to "read only" and you can limit the services and types of resources. Shared access signatures can be configured for a specified amount of time, which meets the scenario's requirements. Access keys provide unrestricted access to the storage resources, which is the requirement for production apps in this scenario.

You have a new Azure subscription and need to move resources to that subscription. Which of the following resources cannot be moved? Select one: Key vault Storage account Tenant Virtual machine

Tenant

You have a new Azure subscription and need to move resources to that subscription. Which of the following resources cannot be moved? Select one. Key vault Storage account Tenant

Tenant

You have an existing storage account in Microsoft Azure. It stores unstructured data. You create a new storage account. You need to move half of the data from the existing storage account to the new storage account. What tool should you use? Select one: Use the Azure portal Use File Server Resource Manager Use the Robocopy command-line tool Use the AzCopy command-line tool

The key in this scenario is that you need to move data between storage accounts. The AzCopy tool can work with two different storage accounts. The other tools do not copy data between storage accounts. Alternatively, although not one of the answer choices, you can use Storage Explorer to copy data between storage accounts.

Why does a resource group need a location if the resources can have different locations than the resource group?

The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

Which Microsoft Defender for Cloud resource hygiene dashboard displays what type of resource information? The resource hygiene dashboard displays how compliant resource configurations are with account policies. The resource hygiene dashboard displays how secure resources are based on Azure security best practices. The resource hygiene dashboard displays actual resources' performance trends compared to related Azure service license agreements. The resource hygiene dashboard displays resource metric data compared to defined thresholds that would trigger performance monitoring alerts.

The resource hygiene dashboard displays how secure resources are based on Azure security best practices. Microsoft Defender for Cloud's Resource security hygiene dashboard provides an assessment of how secure your Azure resources are. You can click on it to see a list of recommendations to improve the security of your compute, storage, networking, and identity resources. It also gives you an Overall Secure Score to give you an idea of how secure all of your resources are. Each recommendation shows you how much your secure score would be improved if you were to implement the recommendation.

If you delete a user account by mistake, can it be restored? Select one. When a user account is deleted, it's gone forever and can't be restored. The user account can be restored, but only when it's created within the last 30 days. The user account can be restored, but only when it's deleted within the last 30 days.

The user account can be restored, but only when it's deleted within the last 30 days.

What is the easiest way to create five users in the Azure AD portal? Change the default number of users created from one to five. Use the Bulk add feature. Create one user and copy it four times. Create one user and clone four more users.

Use the Bulk add feature.

Which field is required when creating a user through the Azure portal? Email Address User Name Last Name First Name

User Name

When Self-Service Password Reset is enabled it means? Users can change their password when they're signed in. Administrators can reset their password by using one authentication method. Users can reset their password if they can't sign in.

Users can reset their password if they can't sign in. If the user passes the authentication tests, then they can reset their password.

Which Azure compute resource can be deployed to manage a set of identical virtual machines? Virtual machine scale sets Virtual machine availability sets Virtual machine availability zones

Virtual machine scale sets Virtual machine scale sets let you deploy and manage a set of identical virtual machines.

Which of the following statements is true? With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use. With Capital Expenses (CapEx), you are only responsible for the computing resources that you use.

With Operating Expenses (OpEx), you are only responsible for the computing resources that you use.

You are using blob storage. Which of the following is true? Select one; The cool access tier is for frequent access of objects in the storage account. The hot access tier is for storing large amounts of data that is infrequently accessed. The performance tier you select does not affect pricing. You can switch between hot and cool performance tiers at any time.

You can switch between performance tiers at any time. Changing the account storage tier from cool to hot incurs a charge equal to reading all the data existing in the storage account. However, changing the account storage tier from hot to cool incurs a charge equal to writing all the data into the cool tier (GPv2 accounts only).

You need to provide a contingent staff employee temporary read-only access to the contents of an Azure storage account container named media. It is important that you grant access while adhering to the security principle of least-privilege. What should you do? Select one: Set the public access level to Container. Generate a shared access signature (SAS) token for the container. Share the container entity tag (Etag) with the contingent staff member. Configure a Cross-Origin Resource Sharing (CORS) rule for the storage account.

You should generate a SAS token for the container which provides access either to entire containers or blobs. You should not share the Etag with the contingent staff member. Azure uses Etags to control concurrent access to resources and do not deliver the appropriate security controls. Setting the public access level to Container would not conform to the principle of least privilege as the container now becomes open to public connections with no time limitation. CORS is a Hypertest Transfer Protocol (HTTP) mechanism that enables cross-domain resource access but does not provide security-based resource access control.

You use a Microsoft Azure storage account for storing large numbers of video and audio files. You create containers to store each type of file and want to limit access to those files for specific periods. Additionally, the files can only be accessed through shared access signatures (SAS). You need the ability to revoke access to the files and to change the period for which users can access the files. What should you do in order to accomplish this in the most simple and effective way? Select one: Create an SAS for each user and delete the SAS when you want to prevent access. Use Azure Rights Management Services (RMS) to control access to each file. Implement stored access policies for each container to enable revocation of access or change of duration. Periodically regenerate the account key to control access to the files.

You should implement stored access policies which will let you change access based on permissions or duration by replacing the policy with a new one or deleting it altogether to revoke access. While Azure RMS would protect the files, there would be administrative complexity involved whereas stored access policies achieves the goal in the simplest way. Creating a SAS for each user would also involve a great amount of administrative overhead. Regenerating keys would prevent all users from accessing all files at the same time.

To add or delete multiple users at once, you need to download and use the template from the Azure portal. Which type of file is the template? Microsoft Excel workbook text comma-separated values Microsoft Access database

comma-separated values

You must set a new user's Usage location before you assign any _____ to the user. applications licenses permissions groups

licenses

Enterprise State Roaming provides which feature? opening a corporate document when using the personal version of a device synchronizing settings and app data across devices the ability to recover deleted data by an administrator the retention of data for 180 days before it is considered stale

synchronizing settings and app data across devices