Cloud Exam
Azure Security Center
Azure Advisor integrates with ______ to help to prevent, detect, and respond to threats to Azure resources. The tool analyzes resource configuration and usage telemetry to provide recommendations for high availability, security, performance, and cost.
Yes
Azure DDoS Protection Standard provides protection aainst volumetric, protocol, and application layer attacks
as soon as you add a resource to a new Azure subscription.
Azure Monitor begins collecting data _______
Azure Service Health
Azure component providing information about planned maintenance and advisories such as deprecated offerings
Azure Monitor
Azure service that uses autoscale to add/remove resources as appropriate to minimize costs and ensure optimum performance levels
Yes
Both Azure Functions and Logic Apps can act as a web hook.
Yes
Both Azure Functions and Logic Apps can run on a schedule.
Azure Sentinel
Build a baseline behavioural profile of organizational entities to identify anomalous activity.
Azure Functions
Build an event-driven solution and pay only for the time spent running your code
Azure Virtual Machine
An example of an Infrastructure as a Service (Iaas)
Yes
An initiative can only contain policies that are located in the same subscription
Azure HDInsight
An open-source enterprise-level analytics service that provides for fast and cost-effective processing of massive amounts of data
organize similar servers so you can easily define and implement security policies based on those groups.
Application Security Groups (ASGs) let you ___
No
(Y/N) - A user can be given access to only one subscription, and resources can belong to only one subscription.
No
(Y/N) - Azure DDoS Protection Standard is enabled automatically
Yes
(Y/N) - Azure PowerShell can be run in a browser in the Azure Cloud Shell
Yes
(Y/N) - Azure PowerShell can be used to create scripts to automate Azure management tasks
No
(Y/N) - Azure PowerShell virtual machine (VM) management is limited to Windows VMs only.
No - it uses JSON
(Y/N) - Azure Resource Manager Templates use Azure PowerShell syntax
Yes
(Y/N) - The customer always retains responsibility for the data
No
(Y/N) - The responsibility for accounts is transferred to the cloud provider
Yes
(Y/N) - When a blueprint is unassigned, all resources assigned by the blueprint remain in place, but blueprint resource locking is removed
No
(Y/N) - When a blueprint is updated and the updated version is published, any assignment of the blueprint are updated automatically
Yes
(Y/N) - When multiple locks are applied at different scopes, the most restrictive inherited lock applies
Yes
(Y/N) - When you delete a core blueprint, any assigned versions of the blueprint remain in place
Yes
(Y/N) - You can increase the composite SLA by having the web app access as a fallback queue
No
(Y/N) - You use Azure Functions to implement serverless computing through a graphical user interface.
No
(Y/N) - You use Logic Apps to implement serverless computing through code
No
(Y/N) An initiative is limited to being assigned to only one scope
Dashboard
A collection of customizable tiles displayed in the portal
Yes
A lock applies to all resources contained in a scope and any new resources added to the scope
Blade
A panel that slides out in a navigation sequence
Azure IoT Hub
A service that provides for bi-directional connections between your Internet of Things (IoT) devices and an IoT application.
Azure Advisor
A service that provides recommendations on high availability
Plan
Align actionable adoption plans with business outcomes.
Function App
Allows you to write code that executes on a trigger or a schedule
Container descriptions
Can be accessed over the internet by IP address or domain name, can run on windows or linux, represents a single app and its dependencies, can scale out as needed
Machine Learning Studio
Data Science Solution without the need to write a code
Azure Firewall
Deny traffic to your Azure Virtual Network resources from known malicious IP addresses. Can identify and deny traffic to/from malicious IP addresses and domains.
1. Self-service password change for cloud users 2. User and group management
Features available to the company with Azure Active Directory (AD) Free Edition
Purpose of a resource group
It serves as a container for Azure resources like virtual machines (VMs) and web apps
Azure Pricing Calculator
Lets you deploy your virtual machines. Allows you to estimate the monthly cost of a cloud solution
Read-Only Lock
Lock that prevents a resource from being modified
No
Locks can be applied in the context of specific users and roles
Azure Cost Management
Makes use a free SaaS solution that lets your company monitor, allocate, and optimize cloud spend in a multi-cloud environment
Azure Virtual Machine (VM)
Migrate a workload from an on-premises Hyper-V Host to Azure, still retaining full control over the operating system
Github + Azure Pipelines
Need to deploy a solution that would allow your developers to automatically build, test, release, and deploy code
The product of the SLAs of each of the services used in the application
On what is the composite SLA based?
PostgreSQL Hyperscale (CITUS)
Option if supporting horizontally scaled queries across multiple machines using sharding.
Azure Advisor
Personal Cloud consultant that provides the information you need to follow best practices and optimize Azure deployments. It can provide recommendations for proactive, actionable, and personalized best practices.
Premium
Premium or Free? You want on-premises users to be able to reset their own passwords
Resource Lock
Prevents the VM from being deleted
Private Model
Private, Public, or Hybrid? A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physically deployed offsite.
Hybrid Model
Private, Public, or Hybrid? A company plans to use a custom Software-as-a-Service (SaaS) application and wants to minimize costs. The company is legally required to maintain and secure all data onsite.
Security Center
Provides general security recommendations and suggests remediations to better secure your resources
Microsoft Marketplace
Provides purchase and subscription links to certified cloud applications and solutions from Microsoft and it's technology partners
Yes
Quotas for resources in Azure Resource Groups are per region rather than per subscription.
Contributor
Role that give all users in a group the ability to create and manage all types of Azure resources in a subscription.
No
Role-based access control (RBAC) roles take precedence over locks
Azure iOT Central
SaaS solutions, let's you create solutions without code
Azure Key Vault
Securely store a database connection string to avoid its accidental exposure in a web site's source code
Logic Apps
Serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprises organizations
Functions
Solution for building highly reliable and secure serverless apps that support multiple programming languages
NIST (National Institute and Technology)
Standards-based, non-regulatory agency based in the United States.
PostgreSQL Single Server Basic Tier
Storage is limited to 1TB and is limited to Azure Standard Storage
- You want to be notified if your App Service exceeds the usage quota (health advisory) - You want to respond to planned service outages in VA - You want to implement a webhook on your website to display health incidents
The following are good use cases for Service Health:
# of Webjobs, Type of Application Framework
The following factors DON'T affect cost of an App Service:
1. Instance Type 2. Number of Instances 3. Operating System 4. Region 5. Tier
The following factors affect cost of an App Service:
No
The responsibility for the operating system in Platform-as-a-service (PaaS) is retained by the customer
Online Services Terms
The terms for how you can use subscribed, public, and generally available Microsoft online service are defined in the ______ document.
Key Vault
The tool helps provision, manage, and deploy certificates: used to store cryptographic keys and other secrets.
1. User and group management 2. Self-service password change for cloud users
Two features supported by Azure Free Edition:
Azure Database for PostgreSQL Single Server General Purpose Tier
Up to 10 TB Storage, Azure Premium Storage, point-in-time restore for up to 35 days
Yes
Virtual networks from multiple subscriptions in your organization can link to the same Azure DDoS Protection Plan
Access to preview features
What can be configured at the organization or user level?
Azure Policy
What is the recommended solution? Your company wants to ensure that it meets its internal compliance goals and that Azure resources are compliant with company standards. This will include ongoing evaluation for compliance and identification of non-compliant resources
Azure App Service
What is the tool used to deploy a web application using Platform-as-a-Service (PaaS) for scalability and security?
Strategy
What is the word to define the business justification and the expected outcomes of adoption?
Yes
When an initiative assignment is evaluated, all policies in that initiative are evaluated
Service Health
Which Azure Monitor feature sends an email to an administrator when a virtual machine (VM) is about to exceed its usage quote for the month?
Storage Account
Which resource is required to use Azure Cloud Shell?
Serverless computing
With ____, developers deploy code and pay for its run time only, without worrying about the provisioning, configuration, and management of the underlying infrastructure
Region Pairs
You need to ensure that your resources are replicated and hosted at least 200 miles away within the same geographic area, to minimize impact on your solution's availability in case of disaster. Which configuration option should you use?
Network Security Groups (NSGs) and Application Security Groups (ASGs)
You need to implement detailed controls over the types of connections supported between the web servers and database servers. You want to minimize the effort necessary to implement and maintain your solution. Which two technologies should you include in your solution?
Azure CLI
You need to log in to Azure with the following: az login
Azure PowerShell
You need to log into Azure with the following cmdlet from your laptop without manually opening a web browser: Connect-AzAccount. A module that you can install on your computer. It allows you to use cmdlets locally to administer Azure resources.
Azure Application Insights
You want to allow developers to send telemetry data to Azure. What tool will you use?
Azure Cognitive Services
You want to build an app that can guess the age of people in provided photos. You need to choose an Azure service that can provide you with access to advance computer vision algorithms for face detection and analysis. Which Azure service should you use?
Azure Pricing Calculator
You want to estimate the cost of of deploying four virtual machines (VMs) and two SQL database instances to Azure
Premium
You want to publish on-premises web apps using Azure AD (Premium or Free?)
Azure Cloud Shell
You want to run the following cmdlet in a scripting environment inside the browser: New-AzVm.
TCO (Total Cost of Ownership)
You want to see how much you can save over five years by moving your company's infrastructure to the cloud.
Cost Management
You want to set up an alert to send you and your coworker text messages when your Azure resources use 90 percent of your company's monthly Azure budget
Free
You want to use on-premises directory synchronization (Premium or Free?)
Resource Health
You want to view the number of virtual machines (VMs) that are currently down. What tool will you use?
Azure DDoS Protection Standard
Your Azure tenant includes an Azure Virtual Network (VNet) with several internet-facing web servers. The web servers experience attacks that exhaust server resources and make the servers unavailable to legitimate users. You determine that the attacks are being launched from multiple locations. What Azure tool do you need to use?
Azure Files
Your company is considering using Linux-based Azure Container Instances (ACIs) to deploy a simple application. The application runs as a stateful application. You need to provide storage to retrieve and persist state. What type of storage should you use?
Yes
Your company is reorganizing after acquiring a new company. Both your company and the new company have its own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of a subscription from an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. All users and groups with role-based access to manage the subscription lose their access
Azure Reservations
Your company wants to commit to a three-year plan for virtual machines (VMs) and storage resources to receive a reduction in pay-as-you-go prices
Azure Resource Manager (ARM)
Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure Region.