AZ

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

You can enable just in time (JIT) VM access by using _______________ -AZ Bastion -AZ Firewall -AZ Front Door -AZ Security Center

-AZ Security Center The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

What is used to build, deploy, and scale web apps? -Azure Functions -Azure App Service -Azure VMs -Azure Container Instances

-Azure App Service

What provides a portable environment for virtualized applications? -Azure Functions -Azure App Service -Azure VMs -Azure Container Instances

-Azure Container Instances

What provides a platform for serverless code? -Azure Functions -Azure App Service -Azure VMs -Azure Container Instances

-Azure Functions

Azure Functions: (select those that apply) -Executes code -Is always stateful -Runs online in the cloud

-Executes code -Is always stateful Azure Functions allows you to implement your system's logic into readily available blocks of code called "functions". Different functions can run anytime you need to respond to critical events.

Azure Logic Apps: (select those that apply) -Executes code -Is always stateful -Runs online in the cloud

-Runs online in the cloud Azure Logic Apps is a cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems. Azure Logic Apps can have multiple stateful and stateless workflows.

When you are implementing a SaaS solution, you are responsible for: -configuring high availability -defining scalability rules -installing the SaaS solution -configuring the SaaS solution

-configuring the SaaS solution

Autoscaling is an example of _____________ -agility -elasticity -geo-distribution -predictability

-elasticity

Azure China _____________. -is operated by MSFT -has feature parity with AZ global -services can be accessed from China only -is a distinct separate instance of MSFT AZ.

-has feature parity with AZ global

A azure web app that queries an on-premises Microsoft SQL server is an example of a ______ cloud. -hybrid -multi-vendor -private -public

-hybrid

An Availability Zone in Azure has physically separate locations: -across two continents -within a single azure region -within multiple azure regions -within a single azure data center

-within a single azure region

You have an Azure environment that contains multiple Azure virtual machines. You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines. You need to recommend which Azure resources must be created for the planned solution. Which two Azure resources should you include in the recommendation? A. a virtual network gateway B. a load balancer C. an application gateway D. a virtual network E. a gateway subnet

A&E - Virtual network gateway & gateway subnet To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network. The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named 'GatewaySubnet'. Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.

What can you use to identify underutilized or unused Azure virtual machines? A. Azure Advisor B. Azure Cost Management + Billing C. Azure reservations D. Azure Policy

A. Azure Advisor

You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI. You need to recommend a storage solution for the data. Which two solutions should you recommend? A. Azure Data Lake B. Azure Cosmos DB C. Azure SQL Data Warehouse D. Azure SQL Database E. Azure Database for PostgreSQL

A. Azure Data Lake C. Azure SQL Data Warehouse

Your company plans to deploy several million sensors that will upload data to Azure. You need to identify which Azure resources must be created to support the planned solution. Which two Azure resources should you identify? A. Azure Data Lake B. Azure Queue storage C. Azure File Storage D. Azure IoT Hub E. Azure Notification Hubs

A. Azure Data Lake (could also used Blob with IoT Hub) D. Azure IoT Hub

Which Azure service should you use to collect events from multiple resources into a centralized repository? A. Azure Event Hubs B. Azure Analysis Services C. Azure Monitor D. Azure Stream Analytics

A. Azure Event Hubs

Which service provides network traffic filtering across multiple Azure subscriptions and virtual networks? A. Azure Firewall B. an application security group C. Azure DDoS protection D. a network security group (NSG)

A. Azure Firewall

Your company plans to automate the deployment of servers to Azure. Your manager is concerned that you may expose administrative credentials during the deployment. You need to recommend an Azure solution that encrypts the administrative credentials during the deployment. What should you include in the recommendation? A. Azure Key Vault B. Azure Information Protection C. Azure Security Center D. Azure Multi-Factor Authentication (MFA)

A. Azure Key Vault

Your company plans to automate the deployment of servers to Azure. Your manager is concerned that you may expose administrative credentials during the deployment. You need to recommend an Azure solution that encrypts the administrative credentials during the deployment. What should you include in the recommendation? A. Azure Key Vault B. Azure Information Protection C. Microsoft Defender for Cloud D. Azure Multi-Factor Authentication (MFA)

A. Azure Key Vault

Which Azure service provides a set of version control tools to manage code? A. Azure Repos B. Azure DevTest Labs C. Azure Storage D. Azure Cosmos DB

A. Azure Repos Azure Repos is a set of version control tools that you can use to manage your code.

You need to collect and automatically analyze security events from Azure Active Directory (Azure AD). What should you use? A. Azure Sentinel B. Azure Synapse Analytics C. Azure AD Connect D. Azure Key Vault

A. Azure Sentinel

A support engineer plans to perform several Azure management tasks by using the Azure CLI. You install the CLI on a computer. You need to tell the support engineer which tools to use to run the CLI. Which two tools should you instruct the support engineer to use? A. Command Prompt B. Azure Resource Explorer C. Windows PowerShell D. Windows Defender Firewall E. Network and Sharing Center

A. Command Prompt C. Windows PowerShell

You plan to deploy several Azure virtual machines. You need to ensure that the services running on the virtual machines remain available if a single data center fails. What are two possible solutions? Each correct answer presents a complete solution. A. Deploy the virtual machines to two or more availability zones. B. Deploy the virtual machines to two or more resource groups. C. Deploy the virtual machines to a scale set. D. Deploy the virtual machines to two or more regions.

A. Deploy the virtual machines to two or more availability zones. D. Deploy the virtual machines to two or more regions.

You need to collect and automatically analyze security events from Azure Active Directory (Azure AD). What should you use? A. Microsoft Sentinel B. Azure Synapse Analytics C. Azure AD Connect D. Azure Key Vault

A. Microsoft Sentinel

Your company plans to request an architectural review of an Azure environment from Microsoft. The company currently has a Basic support plan. You need to recommend a new support plan for the company. The solution must minimize costs. Which support plan should you recommend? A. Premier B. Developer Most C. Professional Direct D. Standard

A. Premier

The company plans to reduce the following administrative responsibilities: ✑ Backing up application data ✑ Replacing failed server hardware ✑ Managing physical server security ✑ Updating server operating systems ✑ Managing permissions to shared documents The company plans to migrate servers to Azure virtual machines. You need to identify which administrative responsibilities will be eliminated after the planned migration. Which two responsibilities should you identify? A. Replacing failed server hardware B. Backing up application data C. Managing physical server security D. Updating server operating systems E. Managing permissions to shared documents

A. Replacing failed server hardware C. Managing physical server security

You need to create a new Azure virtual machine from a tablet that runs the Android operating system. What are three possible solutions? A. Use Bash in Azure Cloud Shell. B. Use PowerShell in Azure Cloud Shell. C. Use the PowerApps portal. D. Use the Security & Compliance admin center. E. Use the Azure portal.

A. Use Bash in Azure Cloud Shell. B. Use PowerShell in Azure Cloud Shell. E. Use the Azure portal.

An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Which three computers can run the script? A. a computer that runs macOS and has PowerShell Core 6.0 installed. B. a computer that runs Windows 10 and has the Azure PowerShell module installed. C. a computer that runs Linux and has the Azure PowerShell module installed. D. a computer that runs Linux and has the Azure CLI tools installed. E. a computer that runs Chrome OS and uses Azure Cloud Shell.

A. a computer that runs macOS and has PowerShell Core 6.0 installed. B. a computer that runs Windows 10 and has the Azure PowerShell module installed. E. a computer that runs Chrome OS and uses Azure Cloud Shell.

You have an Azure subscription and 100 Windows 10 devices. You need to ensure that only users whose devices have the latest security patches installed can access Azure Active Directory (Azure AD)-integrated applications. What should you implement? A. a conditional access policy B. Azure Bastion C. Azure Firewall D. Azure Policy

A. a conditional access policy

You plan to deploy several Azure virtual machines. You need to control the ports that devices on the Internet can use to access the virtual machines. What should you use? A. a network security group (NSG) B. an Azure Active Directory (Azure AD) role C. an Azure Active Directory group D. an Azure key vault

A. a network security group (NSG) A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.

Your company plans to start using Azure and will migrate all its network resources to Azure. You need to start the planning process by exploring Azure. What should you create first? A. a subscription B. a resource group C. a virtual network D. a management group

A. a subscription

What does a customer provide in a software as a service (SaaS) model? A. application data B. data storage C. compute resources D. application software

A. application data

You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must A. be deployed to a separate virtual network B. run a different operating system than the other virtual machines C. be deployed to a separate resource group D. have two network interfaces

A. be deployed to a separate virtual network

What are two benefits of cloud computing? A. enables the rapid provisioning of resources B. has increased administrative complexity C. has the same configuration options as on-premises D. shifts capital expenditures (CAPEX) to operating expenditures (OPEX)

A. enables the rapid provisioning of resources D. shifts capital expenditures (CAPEX) to operating expenditures (OPEX)

You have an on-premises network that contains several servers. You plan to migrate all the servers to Azure. You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period. What should you include in the recommendation? A. fault tolerance B. elasticity C. scalability D. low latency

A. fault tolerance Ability of a system to continue to function in the event of a failure of some of its components.

Which cloud computing model includes on-premises and cloud-based resources? A. hybrid B. public C. private

A. hybrid

You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The on-premises virtual machines and the Azure virtual machines connect to each other. Which type of cloud model is this? A. hybrid B. private C. public

A. hybrid

Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator. What are two possible techniques to segment Azure for the departments? A. multiple subscriptions B. multiple Azure Active Directory (Azure AD) directories C. multiple regions D. multiple resource groups

A. multiple subscriptions D. multiple resource groups

Your company plans to deploy several web servers and several database servers to Azure. You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers. What should you include in the recommendation? A. network security groups (NSGs) B. Azure Service Bus C. a local network gateway D. a route filter

A. network security groups (NSGs)

You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center. You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription. You need to identify which expenditure model to use for the planned Azure solution. Which expenditure model should you identify? A. operational B. elastic C. capital D. scalable

A. operational

To which cloud models can you deploy physical servers? A. private cloud and hybrid cloud only B. private cloud only C. private cloud, hybrid cloud and public cloud D. hybrid cloud only

A. private cloud and hybrid cloud only

What is guaranteed in an Azure Service Level Agreement (SLA) for virtual machines? A. uptime B. feature availability C. bandwidth D. performance

A. uptime

What service is a globally distributed database that supports NoSQL?

AZ Cosmos DB

What service stores passwords for use by AZ Function applications?

AZ Key Vault

What provides a common platform for deploying objects to a cloud infra and for implementing consistency across the AZ environment?

AZ Resource Management templates

What service displays the secure score for an AZ subscription?

AZ Security Center

What service analyzes security log files from AZ VMs?

AZ Sentinel

What service is a fully managed data warehouse that has integral security at every level of scale at no extra cost?

AZ Synapse Analytics

You need to identify which blades in the Azure portal must be used to perform the following task: ✑ View security recommendations. -Monitor, subscriptions, marketplace, advisor

Advisor

Applications can be developed, tested, and launched rapidly.

Agility

You plan to use Azure to host two apps named App1 and App2. The apps must meet the following requirements: ✑ You must be able to modify the code of App1. ✑ Administrative effort to manage the operating system of App1 must be minimized. ✑ App2 must run interactively with the operating system of the server. Which type of cloud service should you use for each app? App1: App2:

App1: PaaS App2: SaaS

Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet. You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords. What is the best solution?

Azure AD Identity Protection

Which Azure services must be used to meet the following security requirement: ✑ Enforce Azure Multi-Factor Authentication (MFA) based on a condition

Azure Active Directory (Azure AD) Identity Protection

What tool would allow you to view which user turned off a specific virtual machine during the last 14 days?

Azure Activity Log

Which Azure services must be used to meet the following security requirement: ✑ Monitor threats by using sensors

Azure Advanced Threat Protection (ATP)

What is a tool that provides guidance and recommendations to improve an Azure environment?

Azure Advisor

What service hosts web apps?

Azure App Service

What Azure service monitors web applications?

Azure Application Insights

What service detects and diagnoses anomalies in web apps?

Azure Application Insights

How do you manage on-prem Windows server as an Azure resource? AD connect Azure Arc Azure Pipelines agent Azure VPN Gateway

Azure Arc

What is a storage service optimized for very large objects, such as video files and bitmaps?

Azure Blob Storage

What can deploy complete Azure application environments including resources configuration and role assignments? -Azure Blueprints -Azure resource locks -Azure tags -Azure Policy

Azure Blueprints

What service provides a digital online assistant that provides speech support?

Azure Bot Services

Which Azure management tools can be used from which OS? Windows 10 Ubuntu MacOS Mojave

Azure CLI, Azure Portal, and Azure PowerShell can be used on all 3 of those OS

What is a simplified tool to build intelligent AI applications?

Azure Cognitive Services

What service can run massively parallel data transformation and processing programs across petabytes of data?

Azure Data Lake Analytics

What is a big data analysis service for machine learning?

Azure Databricks

What service is an Apache Spark-based analytics service?

Azure Databricks

What is an integrated solution for the deployment of code?

Azure DevOps

Your company's developers intend to deploy a large number of custom virtual machines on a weekly basis. They will also be removing these virtual machines during the same week it was deployed. Sixty percent of the virtual machines have Windows Server 2016 installed, while the other forty percent has Ubuntu Linux installed. You are required to make sure that the administrative effort, needed for this process, is reduced by employing a suitable Azure service. What is the best solution?

Azure DevTest Labs

What service provides serverless computing functionalities?

Azure Functions

What service is a managed Apache Hadoop clusters in the cloud that enables you to process massive amounts of data?

Azure HDInsight

What service is an open-source framework for the distributed processing and analysis of big data sets in clusters?

Azure HDInsight

What service processes data from millions of sensors?

Azure IoT Hub

What service uses past trainings to provide predictions that have high probability?

Azure Machine Learning

Application insights is a feature of...

Azure Monitor

What can restrict which VM types can be created in a subscription? -Azure Blueprints -Azure resource locks -Azure tags -Azure Policy

Azure Policy

What service is a managed relational cloud database service?

Azure SQL Database

What is a cloud-based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database?

Azure SQL Synapse Analytics

What service uses playbooks to automatically respond to threats?

Azure Sentinel

What is a highly secure IoT solution that includes a microcontroller unit and a customized Linux operating system?

Azure Sphere

What service provides a cloud-based enterprise data warehouse?

Azure Synapse Analytics

What tool can calculate the cost savings due to reduced electricity consumption as a result of migrating on-premises Microsoft SQL servers to Azure?

Azure Total Cost of Ownership Calculator

What provides operating system virtualization? -Azure Functions -Azure App Service -Azure VMs -Azure Container Instances

Azure VM

What can identify Azure resources that are associated with specific cost centers? -Azure Blueprints -Azure resource locks -Azure tags -Azure Policy

Azure tags

Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? VM: SQL DB:

Azure virtual machines are Infrastructure as a Service (IaaS). Azure SQL databases are Platform as a Service (Paas). Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring without user involvement. Azure SQL Database is always running on the latest stable version of SQL Server Database Engine and patched OS with 99.99% availability. PaaS capabilities that are built-in into Azure SQL database enable you to focus on the domain specific database administration and optimization activities that are critical for your business.

A team of developers at your company plans to deploy, and then remove, 50 virtual machines each week. All the virtual machines are configured by using Azure Resource Manager templates. You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines. What should you recommend? A. Azure Reserved Virtual Machine (VM) Instances B. Azure DevTest Labs C. Azure virtual machine scale sets D. Azure Virtual Desktop

B. Azure DevTest Labs

Your company plans to deploy an Artificial Intelligence (AI) solution in Azure. What should the company use to build, test, and deploy predictive analytics solutions? A. Azure Logic Apps B. Azure Machine Learning Designer C. Azure Batch D. Azure Cosmos DB

B. Azure Machine Learning Designer

Which Azure service can you use as a security information and event management (SIEM) solution? A. Azure Analysis Services B. Azure Sentinel C. Azure Information Protection D. Azure Cognitive Services

B. Azure Sentinel

You need to be notified when Microsoft plans to perform maintenance that can affect the resources deployed to an Azure subscription. What should you use? A. Azure Monitor B. Azure Service Health C. Azure Advisor D. Microsoft Trust Center

B. Azure Service Health

Which resources can be used as a source for a Network security group inbound security rule? A. Service Tags only B. IP Addresses, Service tags and Application security groups C. Application security groups only D. IP Addresses only

B. IP Addresses, Service tags and Application security groups

At which OSI layer does ExpressRoute operate? A. Layer 2 B. Layer 3 C. Layer 5 D. Layer 7

B. Layer 3

Which Azure service can you use as a security information and event management (SIEM) solution? A. Azure Analysis Services B. Microsoft Sentinel C. Azure Information Protection D. Azure Cognitive Services

B. Microsoft Sentinel

Which statement accurately describes the Modern Lifecycle Policy for Azure services? A. Microsoft provides mainstream support for a service for five years. B. Microsoft provides a minimum of 12 months' notice before ending support for a service. C. After a service is made generally available, Microsoft provides support for the service for a minimum of four years. D. When a service is retired, you can purchase extended support for the service for up to five years.

B. Microsoft provides a minimum of 12 months' notice before ending support for a service.

You plan to migrate a web application to Azure. The web application is accessed by external users. You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application. What should you include in the recommendation? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (IaaS) D. Database as a Service (DaaS)

B. Platform as a Service (PaaS) Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services.

Your company has datacenters in Los Angeles and New York. The company has a Microsoft Azure subscription. You are configuring the two datacenters as geo-clustered sites for site resiliency. You need to recommend an Azure storage redundancy option. You have the following data storage requirements: ✑ Data must be stored on multiple nodes. ✑ Data must be stored on nodes in separate geographic locations. ✑ Data can be read from the secondary location as well as from the primary location Which of the following Azure stored redundancy options should you recommend? A. Geo-redundant storage B. Read-only geo-redundant storage C. Zone-redundant storage D. Locally redundant storage

B. Read-only geo-redundant storage

Your company plans to move several servers to Azure. The company's compliance policy states that a server named FinServer must be on a separate network segment. You are evaluating which Azure services can be used to meet the compliance policy requirements. Which Azure solution should you recommend? A. a resource group for FinServer and another resource group for all the other servers B. a virtual network for FinServer and another virtual network for all the other servers C. a VPN for FinServer and a virtual network gateway for each other server D. one resource group for all the servers and a resource lock for FinServer

B. a virtual network for FinServer and another virtual network for all the other servers Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network. The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.

You have an Azure virtual machine named VM1. You plan to encrypt VM1 by using Azure Disk Encryption. Which Azure resource must you create first? A. an Azure Storage account B. an Azure Key Vault C. an Azure Information Protection policy D. an Encryption key

B. an Azure Key Vault Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets.

Your company has an Azure subscription that contains resources in several regions. You need to ensure that administrators can only create resources in those regions. What should you use? A. a read-only lock B. an Azure policy C. a management group D. a reservation

B. an Azure policy

You plan to provision Infrastructure as a Service (IaaS) resources in Azure. Which resource is an example of IaaS? A. an Azure web app B. an Azure virtual machine C. an Azure logic app D. an Azure SQL database

B. an Azure virtual machine

What can Azure Information Protection encrypt? A. network traffic B. documents and email messages C. an Azure Storage account D. an Azure SQL database

B. documents and email messages

You have an accounting application named App1 that uses a legacy database. You plan to move App1 to the cloud. Which service model should you use? A. platform as a service (PaaS) B. infrastructure as a service (IaaS) C. software as a service (SaaS)

B. infrastructure as a service (IaaS)

You have an Azure web app. You need to manage the settings of the web app from an iPhone. What are two Azure management tools that you can use? A. Azure CLI B. the Azure portal C. Azure Cloud Shell D. Windows PowerShell E. Azure Storage Explorer

B. the Azure portal C. Azure Cloud Shell

Which term represents the ability to increase the computing capacity of a virtual machine by adding memory or CPUs? A. agility B. vertical scaling C. horizontal scaling D. elasticity

B. vertical scaling

You need to determine which Azure web tier plan to host the web apps. The web tier plan must meet the following requirements: ✑ The web apps will use custom domains. ✑ The web apps each require 10 GB of storage. ✑ The web apps must each run in dedicated compute instances. ✑ Load balancing between instances must be included. ✑ Costs must be minimized. Which web tier plan should you use?

Basic Standard offers 50 GB of storage and Basic only gives 10 GB.

Which Azure service should you use to store certificates? A. Azure Security Center B. an Azure Storage account C. Azure Key Vault D. Azure Information Protection

C. Azure Key Vault Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates.

You need to purchase a third-party virtual security appliance that you will deploy to an Azure subscription. What should you use? A. Azure subscriptions B. Azure Security Center C. Azure Marketplace D. Microsoft Store

C. Azure Marketplace

You need to purchase a third-party virtual security appliance that you will deploy to an Azure subscription. What should you use? A. Azure subscriptions B. Microsoft Defender for Cloud C. Azure Marketplace D. Microsoft Store

C. Azure Marketplace

What can you use to automatically send an alert if an administrator stops an Azure virtual machine? A. Azure Advisor B. Azure Service Health C. Azure Monitor D. Azure Network Watcher

C. Azure Monitor

You have an Azure Sentinel workspace. You need to automate responses to threats detected by Azure Sentinel. What should you use? A. adaptive network hardening in Azure Security Center B. Azure Service Health C. Azure Monitor workbooks D. adaptive application controls in Azure Security Center

C. Azure Monitor workbooks

What should you use to evaluate whether your company's Azure environment meets regulatory requirements? A. Azure Service Health B. Azure Knowledge Center C. Azure Security Center D. Azure Advisor

C. Azure Security Center

You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region. Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1? A. Azure Service Fabric B. Azure Monitor C. Azure virtual machines D. Azure Advisor

C. Azure virtual machines

What should you use to evaluate whether your company's Azure environment meets regulatory requirements? A. the Knowledge Center website B. the Advisor blade from the Azure portal C. Compliance Manager from the Service Trust Portal D. the Solutions blade from the Azure portal

C. Compliance Manager from the Service Trust Portal

Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual network named VNet1. The company has users that work remotely. The remote workers require access to the VMs on VNet1. You need to provide access for the remote workers. What should you do? A. Configure a Site-to-Site (S2S) VPN. B. Configure a VNet-toVNet VPN. C. Configure a Point-to-Site (P2S) VPN. D. Configure DirectAccess on a Windows Server 2012 server VM. E. Configure a Multi-Site VPN

C. Configure a Point-to-Site (P2S) VPN.

Your company plans to deploy several custom applications to Azure. The applications will provide invoicing services to the customers of the company. Each application will have several prerequisite applications and services installed. You need to recommend a cloud deployment solution for all the applications. What should you recommend? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (laaS)

C. Infrastructure as a Service (laaS)

What should you use to evaluate whether your company's Azure environment meets regulatory requirements? A. Azure Service Health B. Azure Knowledge Center C. Microsoft Defender for Cloud D. Azure Advisor

C. Microsoft Defender for Cloud

In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple tenants? A. private B. hybrid C. public

C. Public

When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines A. To the same Azure region B. By using the same Azure Resource Manager template C. To the same resource group D. To the same availability zone

C. To the same resource group

You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive. What should you create? A. an Azure SQL database B. a virtual machine data disk C. a File service in a storage account D. a Blob service in a storage account

C. a File service in a storage account Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.

Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. a Canadian government contractor B. a European government contractor C. a United States government entity D. a United States government contractor E. a European government entity

C. a United States government entity D. a United States government contractor

You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files. You need to recommend which Azure feature must be used to provide the best video playback experience. What should you recommend? A. an application gateway B. an Azure ExpressRoute circuit C. a content delivery network (CDN) D. an Azure Traffic Manager profile

C. a content delivery network (CDN) A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world.

You have an on-premises application that sends email notifications automatically based on a rule. You plan to migrate the application to Azure. You need to recommend a serverless computing solution for the application. What should you include in the recommendation? A. a web app B. a server image in Azure Marketplace C. a logic app D. an API app

C. a logic app Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.

Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company's migration plan. What should you create? A. Azure virtual machines, Azure SQL databases, and Azure Storage accounts. B. an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed. C. an Azure App Service and Azure SQL databases. D. Azure storage accounts and web server in Azure virtual machines.

C. an Azure App Service and Azure SQL databases.

Your company hosts an accounting application named App1 that is used by all the customers of the company. App1 has low usage during the first three weeks of each month and very high usage during the last week of each month. Which benefit of Azure Cloud Services supports cost management for this type of usage pattern? A. high availability B. high latency C. elasticity D. load balancing

C. elasticity Elasticity in this case is the ability to provide additional compute resource when needed and reduce the compute resource when not needed to reduce costs. Autoscaling is an example of elasticity

What is the function of a Site-to-Site VPN? A. provides a secure connection between a computer on a public network and the corporate network B. provides a dedicated private connection to Azure that does NOT travel over the internet C. provides a connection from an on-premises VPN device to an Azure VPN gateway

C. provides a connection from an on-premises VPN device to an Azure VPN gateway A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it. Example:

You have an Azure subscription. Where will you find details on the personal data collected by Microsoft, how Microsoft uses the data, and what the data is used for? A. the Data Protection Addendum B. the Microsoft Online Services Terms C. the Microsoft Privacy Statement D. Azure Security Center

C. the Microsoft Privacy Statement

You have several VMs in an Azure subscription. You create a new subscription. -The virtual machines cannot be moved to the new subscription. -The vm can be moved to the new sub. -The cm can be moved only if in same resource group -VM can be moved only if on windows server 2016

Can be moved

An Azure container instance is an example of an Azure: -compute service -identify service -networking service -storage service

Compute service The term compute refers to the hosting model for the computing resources that your application runs on. For Azure this include: Azure Container Instances. The fastest and simplest way to run a container in Azure, without having to provision any virtual machines and without having to adopt a higher-level service. Note, and also the following: Azure App Service. A managed service for hosting web apps, mobile app back ends, RESTful APIs, or automated business processes. Azure Spring Cloud. A managed service designed and optimized for hosting Spring Boot apps. Azure Kubernetes Service (AKS). A managed Kubernetes service for running containerized applications. Azure Batch. A managed service for running large-scale parallel and high-performance computing (HPC) applications Azure Functions. A managed FaaS service. Azure Service Fabric. A distributed systems platform that can run in many environments, including Azure or on premises. Azure Virtual machines. Deploy and manage VMs inside an Azure virtual network. Azure Container Apps. Deploy and manage VMs inside an Azure virtual network.

When you are implementing a Software as a Service (SaaS) solution, you are responsible for: -configuring high availability. -defining scalability rules. -installing the SaaS solution. -configuring the SaaS solution.

Configuring the SaaS solution Everything else is managed by the cloud provider.

What storage solution should be used to store the unmanaged disks of an Azure VM? -container -file share -table -queue

Container

An Azure region _________________. -contains 1 or more DCs that are connected using a low-latency network -is found in each country where MSFT has a subsidiary office -can be found in every country in Europe and the Americas only -contains 1 or more DCs that are connected by using a high-latency network

Contains 1 or more DCs that are connected using a low-latency network

You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password. Which Azure service should you use? A. Azure AD Connect Health B. Azure AD Privileged Identity Management C. Azure Advanced Threat Protection (ATP) D. Azure AD Identity Protection

D. Azure AD Identity Protection

You need to manage containers. Which two services can you use? A. Azure Virtual Desktop B. Azure virtual machines C. Azure Functions D. Azure Container Instances E. Azure Kubernetes Service (AKS)

D. Azure Container Instances E. Azure Kubernetes Service (AKS) Run Docker containers on-demand in a managed, serverless Azure environment. Azure Container Instances is a solution for any scenario that can operate in isolated containers, without orchestration. Run event-driven applications, quickly deploy from your container development pipelines, and run data processing and build jobs. You can manage containers at scale with a fully managed Kubernetes container management and orchestration service that integrates with Azure Active Directory. Azure Kubernetes Service is a robust and cost-effective container orchestration service that helps you to deploy and manage containerized applications in seconds where additional resources are assigned automatically without the headache of managing additional servers.

You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits. What should you do to increase the limits? A. Create a service health alert B. Upgrade your support plan C. Modify an Azure policy D. Create a new support request

D. Create a new support request Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota. You can request a quota limit increase by opening a support request. In the support request, select 'Service and subscription limits (quotas)' for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select 'SQL Database Managed Instance' as the quote type.

You need to configure an Azure solution that meets the following requirements: ✑ Secures websites from attacks ✑ Generates reports that contain details of attempted attacks What should you include in the solution? A. Azure Firewall B. a network security group (NSG) C. Azure Information Protection D. DDoS protection

D. DDoS protection

What is the first stage in the Microsoft Cloud Adoption Framework for Azure? A. Adopt the cloud. B. Make a plan. C. Ready your organization. D. Define your strategy.

D. Define your strategy.

You have an Azure subscription. You need to review your secure score. What should you use? A. Azure Monitor B. Azure Advisor C. Help + support D. Microsoft Defender for Cloud

D. Microsoft Defender for Cloud

You plan to migrate several servers from an on-premises network to Azure. What is an advantage of using a public cloud service for the servers over an on-premises network? A. The public cloud is owned by the public, NOT a private corporation B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud C. All public cloud resources can be freely accessed by every member of the public D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

What is required to use Azure Cost Management? A. a Dev/Test subscription B. Software Assurance C. an Enterprise Agreement (EA) D. a pay-as-you-go subscriptio

D. a pay-as-you-go subscriptio

What is the most severe failure from which an Azure Availability Zone can be used to protect access to Azure service? A. a physical server failure B. an Azure region failure C. a storage failure D. an Azure data center failure

D. an Azure data center failure

You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure services. What should you identify? A. a physical server failure B. an Azure region failure C. a storage failure D. an Azure data center failure

D. an Azure data center failure

To what should an application connect to retrieve security tokens? A. an Azure Storage account B. Azure Active Directory (Azure AD) C. a certificate store D. an Azure key vault

D. an Azure key vault

You have a resource group named RG1. You need to prevent the creation of virtual machines in RG1. The solution must ensure that other objects can be created in RG1. What should you use? A. a lock B. an Azure role C. a tag D. an Azure policy

D. an Azure policy Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group. You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.

You plan to deploy a service to Azure virtual machines. You need to ensure that the service will be available if a datacenter fails. What should you use as part of the virtual machine deployment? A. availability sets B. proximity placement groups C. host groups D. availability zones

D. availability zones

Which cloud computing benefit provides continuous user access to a cloud-based application with minimal downtime? A. agility B. scalability C. elasticity D. high availability

D. high availability

What is a feature of an Azure virtual network? A. resource cost analysis B. packet inspection C. geo-redundancy D. isolation and segmentation

D. isolation and segmentation

What are two characteristics of the public cloud? A. dedicated hardware B. unsecured connections C. limited storage D. metered pricing E. self-service management

D. metered pricing E. self-service management

You have an Azure environment that contains 10 virtual networks and 100 virtual machines. You need to limit the amount of inbound traffic to all the Azure virtual networks. What should you create? A. one application security group (ASG) B. 10 virtual network gateways C. 10 Azure ExpressRoute circuits D. one Azure firewall

D. one Azure firewall You can restrict traffic to multiple virtual networks with a single Azure firewall.

Your company intends to subscribe to an Azure support plan. The support plan must allow for new support requests to be opened. Which of the following are support plans that will allow this? Basic, Developer, Standard, Professional Direct, Premier

Developer, Standard, Professional Direct, Premier

A cloud service that can be recovered after a failure occurs: -Disaster recovery -Fault tolerance -Low latency -Dynamic scalability

Disaster recovery

A cloud service that performs quickly when demand increases: -Disaster recovery -Fault tolerance -Low latency -Dynamic scalability

Dynamic scalability

A Windows Virtual Desktop host pool that includes 20 session hosts supports a maximum of 20 simultaneous user connections.

False

A Windows Virtual Desktop session host can run Windows 10 only. (T/F)

False

A network security group (NSG) will encrypt all the network traffic sent from AZ to the internet. (T/F)

False

A platform as a service solution (PaaS) provides additional memory to apps by changing pricing tiers.

False

All AZ Security Center features are free. (T/F)

False

All the Azure resources deployed to a single resource group must share the same Azure region. (T/F)

False

An AZ resource inherits tags from the resource group to which the resource is deployed. (T/F)

False

Availability zones are used to replicate data and applications to multiple regions. (T/F)

False

Azure Advisor provides recommendations on how to configure the network settings on Azure virtual machines. (T/F)

False

Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (Azure AD) environment. (T/F)

False

Azure China is operated by Microsoft. (T/F)

False

Azure Firewall will encrypt all the network traffic sent from Azure to the Internet. (T/F)

False

Azure resources can only access other resources in the same resource group. (T/F)

False

Azure virtual machines that run Windows Server 2016 can encrypt the network traffic sent from the virtual machines to a host on the Internet. (T/F)

False

From Azure Service Health, an admin can prevent a service failure. (T/F)

False

If you assign a tag to a resource group, all the Azure resources in that resource group are assigned to the same tag. (T/F)

False

If you have Azure resources deployed to every region, you can implement availability zones in all the regions. (T/F)

False

Only virtual machines that run Windows Server can be created in availability zones.(T/F)

False

T/F: A company can extend a private could by adding its own physical servers to the public cloud.

False

T/F: A platform as a service (PaaS) solution that hosts web apps in Azure provides full control of the OS that hosts applications

False

T/F: A private cloud must be disconnected from the internet.

False

T/F: In a public cloud model, only guest users at your company can access the resources in the cloud.

False

T/F: To achieve a hybrid cloud model, a company must always migrate from a private cloud model

False

T/F: To implement a hybrid cloud model, a company must have an internal network.

False

The Archive access tier is set at the storage account level. (T/F)

False

The Azure portal can only be accessed from a Windows device. (T/F)

False

The Cool access tier is recommended for long term backups. (T/F)

False

To maintain Microsoft support, you must implement the security recommendations provided by Azure Advisor within a period of 30 days. (T/F)

False

Trust Center can only be accessed by users that have an AZ subscription. (T/F)

False

Trust center is part of the Azure Security Center. (T/F)

False

Two Azure subscriptions can be merged into a single subscription. (T/F)

False

Users in Azure Active Directory (Azure AD) are organized by using resource groups. (T/F)

False

You can assign an Azure blueprint to a resource group. (T/F)

False

You can associate a network security group to a virtual network. (T/F)

False

Platform as a Service solution provides full control of operating systems that host applications.

False A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an environment for you to host your web applications. Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to the virtual machine, the operating system orIIS.

Availability zones are used to replicate data and applications to multiple regions. (T/F)

False Availability Zones are unique physical locations within a single Azure region.

You can use Availability Zones in Azure to protect Azure virtual machines from a region failure. (T/F)

False Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.

Only virtual machines that run Windows Server can be created in availability zones. (T/F)

False Availability zones can be used with many Azure services, not just VMs.

Azure AD requires implementation of domain controllers on Azure VMs. . (T/F)

False Azure Active Directory (Azure AD) is a cloud-based service. It does not require domain controllers on virtual machines.

A network security group will block all network traffic by default. (T/F)

False Azure creates the default rules in each network security group that you create. These rules allow some traffic.

An Azure free account has a limin it 2TB of data that can be uploaded to AZ.

False Azure free account has a 5 GB blob storage limit and a 5 GB file storage limit.

An Azure free account can contain an unlimited number of web apps.

False Azure free account has a limit of 10 web, mobile or API apps

If you implement the security recommendations provided by Azure Advisor, your company's secure score will decrease. (T/F)

False Increase not decrease

To implement an Azure MFA solution, you must sync on-premises identities to the cloud. (T/F)

False It is not true that you must deploy a federation solution or sync on-premises identities to the cloud. You can have a cloud-only environment and use MFA.

Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts. (T/F)

False It is used to store secrets for server apps.

Azure Advisor can generate a list of Azure virtual Machines that are protected by Azure backup. (T/F)

False List of those NOT protected

All data that is copied to an Azure Storage account is backed up automatically to another Azure data center.

False Locally Redundant Storage (LRS) is the default which maintains three copies of the data in the data center. Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.

North America is represented by a single Azure region. (T/F)

False North America has several Azure regions, including West US, Central US, South Central US, East Us, and Canada East.

Availability zones can be implemented in all Azure regions. (T/F)

False Not all Azure regions support availability zones.

Data transfers between Azure services located in different Azure regions are always free. (T/F)

False Outbound data transfer is charged at the normal rate and inbound data transfer is free.

An Azure resource group contains multiple Azure subscriptions

False Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups.

An Azure Storage account can contain up to 2 TB of data and up to one million files

False The limits are much higher than that. The current storage limit is 2 PB for US and Europe, and 500 TB for all other regions (including the UK) with no limit on the number of files.

If you create two Azure VMs that use the B2S size, each CM will always generate the same monthly costs.

False Two virtual machines using the same size could have different disk configurations. Therefore, the monthly costs could be different.

Each user account in Azure Active Directory (Azure AD) can be assigned only one license. (T/F)

False User accounts in Azure Active Directory can be assigned multiple licenses for different Azure or Microsoft 365 services.

Each Azure subscription can contain multiple account administrators.

False You can assign service administrators and co-administrators in the Azure Portal but there can only be one account administrator.

Each Azure subscription can be managed by using a Microsoft account only.

False You need an Azure Active Directory account to manage a subscription, not a Microsoft account. An account is created in the Azure Active Directory when you create the subscription. Further accounts can be created in the Azure Active Directory to manage the subscription.

A cloud service that remains available after a failure occurs: -Disaster recovery -Fault tolerance -Low latency -Dynamic scalability

Fault tolerance

Azure Site Recovery Provides ________ for VMs. -fault tolerance -disaster recovery -elasticity -high availability

Fault tolerance Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location.

You can use the Azure File Sync agent to sync on-premises data to an Azure ____________. -blob container -data lake storage container -file share -queue

File Share

Applications and data can be deployed to multiple regions.

Geo-distribution

_______ enables Azure resources to be deployed close to users.

Geo-distribution

ou need to view a list of planned maintenance events that can affect the availability of an Azure subscription. Which blade should you use from the Azure portal?

Help + Support ---> Service Health

An Azure web app that queries an on-premises Microsoft SQL server is an example of a ____ cloud. -hybrid -multi-vendor -private -public

Hybrid

Which cloud model provides a choice to use on-prem or cloud-based resources? hybrid/private/public

Hybrid

You have an on-premises network that contains 100 servers. You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs. What should you include in the recommendation? A. a complete migration to the public cloud B. an additional data center C. a private cloud D. a hybrid cloud

Hybrid Cloud

You are tasked with deploying Azure virtual machines for your company. You need to make use of the appropriate cloud deployment solution. Should you make use of SaaS, PaaS, or IaSS?

IaSS

A cloud-based file server is an example of: IaaS, PaaS, or SaaS?

IaaS

What is a fully managed software as a service solution to connect, monitor, and manage IoT device at scale?

IoT Central

What is a managed service that provides bidirectional communication between IoT devices and Azure?

IoT Hub

What is a software and hardware solution that provides communication and security features for IoT devices?

IoT Sphere

You plan to extend your company's network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1. You need to create an Azure resource that defines the VPN appliance in Azure. Which Azure resource should you create?

Local Network Gateway A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of the VPN. A 'connection' is what connects the Local Network Gateway and the Virtual Network Gateway to bring up the VPN. The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

Arrange the storage account redundancy options from the least redundant to the most redundant. To answer, move all options from the list of options to the answer area and arrange them in the correct order.

Locally - LRS Zone - ZRS Geo - GRS

A cloud service that can be accessed quickly from the internet: -Disaster recovery -Fault tolerance -Low latency -Dynamic scalability

Low latency

What explains what data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data?

MSFT Online Services Privacy Statement

You need to identify which blades in the Azure portal must be used to perform the following tasks: ✑ Browse available virtual machine images. -Monitor, subscriptions, marketplace, advisor

Marketplace

Where can you view your company's regulatory compliance report?

Microsoft Defender for Cloud

_____________ Provides in-depth information about security, privacy, compliance offerings, policies, and features across Microsoft products.

Microsoft Trust Center

You need to identify which blades in the Azure portal must be used to perform the following tasks: ✑ Monitor the health of Azure services. -Monitor, subscriptions, marketplace, advisor

Monitor

Data that is stored in the Archive access tier of an Azure Storage account _________________. -can be accessed at any time using azcopy.exe. -can only be read by using Azure Backup. -must be restored before the data can be accessed. -must be rehydrated before the data can be accessed.

Must be rehydrated before the data can be accessed.

What in Azure Firewall enables users on the internet to access a server on a virtual network?

Network Address Translation (NAT) rules

You are planning a strategy to deploy numerous web servers and database servers to Azure. This strategy should allow for connection types between the web servers and database servers to be controlled. What solution should be a part of your strategy?

Network Security Groups

After you create a virtual machine, you need to modify the ___________________ to allow connections to TCP port 8080 on the VM.

Network security group

After your Azure trial account expires could you start an existing Azure VM?

No

An Azure virtual machine can be in multiple resource groups. (Y/N)

No

Azure Cosmos DB is an example of software as a service. (Y/N)

No

Azure Pay-As-You-Go pricing is an example of CapEx. A. Yes B. No

No

Azure virtual networks deployed to the same Azure region are connected by default. (Y/N)

No

Building a data center infrastructure is an example of operational expenditure (OpEx) costs. (Y/N)

No

Microsoft SQL Server 2019 installed on an Azure VM is an example of platform as a service. (Y/N)

No

With software as a service, you must apply for software updates. (Y/N)

No

You are planning to migrate a company to Azure. Each of the company's numerous divisions will have an administrator in place to manage the Azure resources used by their respective division. You want to make sure that the Azure deployment you employ allows for Azure to be segmented for the divisions, while keeping administrative effort to a minimum. Solution: You plan to make use of several Azure Active Directory (Azure AD) directories. Does the solution meet the goal?

No

You are required to deploy an Artificial Intelligence (AI) solution in Azure.You want to make sure that you are able to build, test, and deploy predictive analytics for the solution. Solution: You should make use of Azure Cosmos DB. Does the solution meet the goal?

No

You can create a resource group inside of another resource group. (Y/N)

No

You can stop an Azure SQL Database instance to decrease costs. (Yes/No)

No

You must have physical servers to use cloud computing. (Y/N)

No

You plan to deploy several Azure virtual machines. You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more resource groups. Does this meet the goal? A. Yes B. No

No

You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to a scale set.Does this meet the goal? A. Yes B. No

No

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center. You are required make sure that the intended Azure solution uses the correct expenditure model. Solution: You should recommend the use of the scalable expenditure model. Does the solution meet the goal?

No

Your company's infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation. The resources required by each business unit are identical. You are required to sanction a strategy to create Azure resources automatically. Solution: You recommend that management groups be included in the strategy. Does the solution meet the goal? A. Yes B. No

No

Your company's infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation. The resources required by each business unit are identical. You are required to sanction a strategy to create Azure resources automatically. Solution: You recommend that the Azure API Management service be included in the strategy. Does the solution meet the goal? A. Yes B. No

No

An Azure subscription can be associated to multiple Azure Active Directory (Azure AD) tenants. (Y/N)

No An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one Azure AD tenant.

When an Azure subscription expires, the associated Azure Active Directory tenant is deleted automatically. (Y/N)

No If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure subscription.

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center. You are required make sure that the intended Azure solution uses the correct expenditure model. Solution: You should recommend the use of the elastic expenditure model. Does the solution meet the goal?

No Use a op ex model

Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company migration plan. Solution: You create Azure virtual machines, Azure SQL databases, and Azure Storage accounts. Does this meet the goal? A. Yes B. No

No Virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant computing infrastructure, provisioned and managed over the internet.

Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure Storage accounts. Does this meet the goal? A. Yes B. No

No* Storage is IaaS?

Which node in the Azure portal should you use to assign a user the Reader role for a resource group?

Overview + Access Control

A Microsoft SQL Server database that is hosted in the cloud and has software updates managed by Azure is an example of _____________.

PaaS

A cloud-based service for custom apps is an example of: IaaS, PaaS, or SaaS?

PaaS

Azure Cosmos DB is an example of a ___ Offering. PaaS IaaS SaaS

PaaS

Microsoft SQL Server database that is hosted in the cloud and has software updates managed by Azure is an example of ___________.

PaaS

When planning to migrate a public website to Azure, you must plan to _____________. - deploy a VPN. -pay monthly usage costs. -pay to transfer all the website data to azure. -reduce the number of connections to the website.

Pay monthly usage costs

What is the defense in depth strategy?

Physical security ID & Access Perimeter Network Compute Application Data

Which subscription plan offers an option to access support engineers by phone or email?

Premier, Professional Direct and standard.

Which cloud model provides complete control over security? hybrid/private/public

Private

Which cloud model does not require capital expenditure? hybrid/private/public

Public

A cloud-based accounting system is an example of: IaaS, PaaS, or SaaS?

SaaS

Resources can be provisioned dynamically to meet changing demands.

Scalability

Your developers have created a portal web app for users in the Miami branch office. The web app will be publicly accessible and used by the Miami users to retrieve customer and product information. The web app is currently running in an on-premises test environment. You plan to host the web app on Azure. You need to determine which Azure web tier plan to host the web app. The web tier plan must meet the following requirements: ✑ The website will use the miami.weyland.com URL. ✑ The website will be deployed to two instances. ✑ SSL support must be included. ✑ The website requires 12 GB of storage. ✑ Costs must be minimized. Which web tier plan should you use? A. Standard B. Basic C. Free D. Shared

Standard keyword 12 GB Free = 1 GB Shared = 1 GB Basic = 10 GB Standard = 50 GB Premium = 250 GB Isolated = 1 TB

Your company's Azure subscription includes a Basic support plan. They would like to request an assessment of an Azure environment's design from Microsoft. This is, however, not supported by the existing plan. You want to make sure that the company subscribes to a support plan that allows this functionality, while keeping expenses to a minimum. Solution: You recommend that the company subscribes to the Professional Direct support plan. Does the solution meet the goal?

Standard Plan sufficient

Your company's Active Directory forest includes thousands of user accounts. You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data center will be retired. You are required to employ a strategy that reduces the effect on users, once the planned migration has been completed. What solution will help you meet that goal?

Sync all the Active Directory user accounts to Azure Active Directory (Azure AD).

What happens if an existing resource is not compliant with a new policy assignment?

The resource will be marked as non-compliant but it will not be deleted and will continue to function normally.

A company can use resources from multiple subscriptions. (T/F)

True

A resource group can contain resources from multiple Azure regions. (T/F)

True

A single Microsoft account can be used to manage multiple Azure subscriptions. (T/F)

True

An Azure resource can have multiple delete locks.. (T/F)

True

An Azure resource inherits locks from its resource group.. (T/F)

True

Azure AD can be used to manage access to on-prem applications. (T/F)

True

Azure AD provides SSO. (T/F)

True

Azure Active Directory (Azure AD) groups support dynamic membership roles. (T/F)

True

Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines. (T/F)

True

Azure Cloud Shell can be accessed from a web browser on a Linux computer. (T/F)

True

Azure Government is operated by MSFT.. (T/F)

True

Azure MFA can be required for admin and non-admin user accounts.

True

Azure PowerShell can be installed on macOS. (T/F)

True

Azure Security Center can monitor AZ resources and on-prem resources. (T/F)

True

Azure Sentinel: stores collected events in an Azure Storage account can remediate incidents automatically can collect Windows Defender Firewall logs from AZ VMs

True

Azure policies provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions. (T/F)

True

Compliance Manager can be used to track your company's regulatory compliance activities related to MSFT cloud services. (T/F)

True

Data that is stored in an Azure Storage account automatically has at least three copies. (T/F)

True

From AZ Security Center, you can download a regulatory compliance report.

True

From Azure Service Health, an administrator can create a rule to be alerted if an Azure service fails. (T/F)

True

From Azure Service Health, an administrator can view the health of all services in an Azure environment. (T/F)

True

Identities stored in Azure Active Directory (Azure AD), third-party cloud services and on-premises Active Directory can be used to access Azure resources. (T/F)

True

Identities stored in Azure Active Directory, third-party cloud services, and on-prem AD can be used to access AZ resources. (T/F)

True

If an Azure resource has a Read-only lock, you can add a Delete lock to the resource.. (T/F)

True

If you assign permissions for a user to manage a resource group, the user can manage all the Azure resources in that resource group. (T/F)

True

If you delete a resource group, all the resources in the resource group will be deleted. (T/F)

True

Microsoft Service Trust Portal can be accessed by using a Microsoft cloud services account. (T/F)

True

T/F: A company can extend the capacity of its internal network by using the public cloud.

True

T/F: A company can extend the computing resources of its internal network by using a hybrid cloud.

True

T/F: A platform as a service (PaaS) solution that hosts web apps in Azure provides professional development services to continuously add features to custom applications.

True

T/F: A platform as a service (PaaS) solution that hosts web apps in Azure provides the ability to scale the platform automatically.

True

T/F: To build a hybrid cloud, you must deploy resources to the public cloud.

True

The Hot access tier is recommended for data that is accessed and modified frequently. (T/F)

True

The My Library feature can be used to save Service Trust Portal documents and resources in a single location. (T/F)

True

To use Azure Active Directory (Azure AD) credentials to sign in to a computer that runs Windows 10, the computer must be joined to Azure AD. (T/F)

True

Trust center provides information about the AZ compliance offerings. (T/F)

True

Windows Virtual Desktop supports desktop and app virtualization.

True

You can add an Azure resource Manager template to an Azure blueprint. (T/F)

True

You can add multiple tags to the same AZ resource. (T/F)

True

You can associate a network security group (NSG) to a virtual network subnet. (T/F)

True

You can associate a network security group to a network interface. (T/F)

True

You can use AZ Policy to apply tags to resources. ((T/F)

True

You can use Azure Blueprints to grant permissions to a resource. (T/F)

True

iOS devices can be registered in Azure AD. (T/F)

True

A platform as a service solution (PaaS) can automatically scale the number of instances.

True A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling means adding more load balanced virtual machines to host the web apps.

Application security groups can be specified as a part of network security group rules.

True A network security group contains zero, or as many rules as desired. These rules can refer to application security groups.

Every Azure region has multiple datacenters. (T/F)

True A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

An Azure free account has a spending limit.

True An Azure free account has a spending limit. This is currently 200 USD or 150 GBP.

You can use Availability Zones in Azure to protect Azure VMs from a datacenter failure. (T/F)

True Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.

You can use Availability Zones in Azure to protect Azure managed disks from a datacenter failure. (T/F)

True Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.

Azure AD provides authentication for resources hosted in AZ and Microsoft 365. (T/F)

True Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources and Microsoft 365.

Azure Monitor can monitor the performance of on-premises computers. (T/f)

True Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

Azure Monitor can trigger alerts based on data in an Azure Log Analytics workspace. (T/f)

True Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A target can be any Azure resource. Example targets: a virtual machine, a storage account, a virtual machine scale set, a Log Analytics workspace, or an Application Insights resource.

Network security groups always include inbound security rules and outbound security rules.

True Azure creates the Inbound and OutBound default rules in each network security group that you create.

T/F: Azure provides flexibility between capital expenditure and operational expenditure.

True Traditionally, IT expenses have been considered a Capital Expenditure (CapEx). Today, with the move to the cloud and the pay-as-you-go model, organizations have the ability to stretch their budgets and are shifting their IT CapEx costs to Operating Expenditures (OpEx) instead. This flexibility, in accounting terms, is now an option due to the ג€as a Serviceג€ model of purchasing software, cloud storage and other IT related resources.

When an Azure VM is stopped, you continue to pay storage costs associated to the VM.

True When an Azure virtual machine is stopped, you don't pay for the virtual machine. However, you do still pay for the storage costs associated to the virtual machine. The most common storage costs are for the disks attached to the virtual machines. There are also other storage costs associated with a virtual machine such as storage for diagnostic data and virtual machine backups.

Azure Monitor can send alerts to Azure Active Directory security groups. (T/f)

True Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action.

You are tasked with deploying a critical LOB application, which will be installed on a virtual machine, to Azure. You are informed that the application deployment strategy should allow for a guaranteed availability of 99.99 percent. You need to make sure that the strategy requires as little virtual machines and availability zones as possible. What is the best solution?

Two virtual machines and two availability zones

The company would like to develop a cloud solution by making use of Azure Government. Azure Government can only be used by certain types of clients to develop cloud solutions. Which of the following are the types of customers that can make use of Azure Government in this situation? Government contractor from any country Government entity from any country European government contractor European government entity US government contractor US government entity

US government contractor US government entity

A DNS server that runs on an Azure VM is an example of PaaS. (Y/N)

Yes

A resource group can contain resource from multiple Azure regions. (Y/N)

Yes

Azure Backup is an example of platform as a service (PaaS). (Y/N)

Yes

Azure Files is an example of IaaS. (Y/N)

Yes

Azure SQL DB is an example of platform as a service. (Y/N)

Yes

Cloud computing leverages virtualization to provide services to multiple customers simultaneously. (Y/N)

Yes

Cloud computing provides elastic scalability. (Y/N)

Yes

Customers can minimize capital expenditure by using a public cloud. (Y/N)

Yes

Deploying your own datacenter is an example of CapEx. A. Yes B. No

Yes

Each Azure virtual network in a single resource group must have a unique name. (Y/N)

Yes

Leasing software is an example of operational expenditure costs. (Y/N)

Yes

Microsoft Intune is an example of SaaS. (Y/N)

Yes

Monthly salaries for technical personnel are an example of operational expenditure costs. (Y/N)

Yes

Paying electricity for your datacenter is an example of OpEx. (Yes/No)

Yes

The Azure virtual network's address space must be unique within a subscription. (Y/N)

Yes

The cost to increase cloud computing capacity are less than the costs to increase the computing capacity of an on-premises datacenter. (Y/N)

Yes

With infrastructure as a service you must install the software that you want to use. (Y/N)

Yes

You are required to deploy an Artificial Intelligence (AI) solution in Azure. You want to make sure that you are able to build, test, and deploy predictive analytics for the solution. Solution: You should make use of Azure Machine Learning Studio. Does the solution meet the goal? A. Yes B. No

Yes

You can change the Azure Active Directory tenant to which an Azure subscription s associated. (Y/N)

Yes

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system. Solution: You use Bash in Azure Cloud Shell. Does this meet the goal?

Yes

You must have internet connectivity to use cloud computing.(Y/N)

Yes

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a network security group (NSG). Does this meet the goal?

Yes

Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual machines are currently hosted on the Hyper-V hosts in a data center. You are required make sure that the intended Azure solution uses the correct expenditure model. Solution: You should recommend the use of the operational expenditure model. Does the solution meet the goal?

Yes

Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure SQL databases. Does this meet the goal? A. Yes B. No

Yes

Your company's infrastructure includes a number of business units that each need a large number of various Azure resources for everyday operation. The resources required by each business unit are identical. You are required to sanction a strategy to create Azure resources automatically. Solution: You recommend that the Azure Resource Manager templates be included in the strategy. Does the solution meet the goal? A. Yes B. No

Yes

Your company plans to migrate all its data and resources to Azure. The company's migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure. You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed. Does this meet the goal? A. Yes B. No

Yes Azure App Service is a PaaS (Platform as a Service) service. Azure virtual machines are an IaaS (Infrastructure as a Service) service, and a Paas service. Therefore, this solution does meet the goal.

Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall. Does this meet the goal? A. Yes B. No

Yes Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Azure Germany can be used by ______________________

any user or enterprise that requires its data to reside in Germany

You have an Azure environment that contains 10 web apps. To which URL should you connect to manage all the Azure resources?

https://portal.azure.com

An organization that hosts its infrastructure ___________ no longer required a data center. -in a private cloud -in a hybrid cloud -in the public cloud -on a Hyper-V host

in the public cloud

Azure Distributed Denial of Service (DDoS) Protection is an example of protections that is implemented at the ____________ layer. -application -compute -networking -perimeter

networking


Set pelajaran terkait

PrepU: Ch. 27 Safety, Security and Emergency Preparedness

View Set

Accounting Ethics Chapter 3 HW PROBLEMS

View Set

ECON 2302_Chpt 9 MC Practice Test

View Set

PREP U Chapter 72: Emergency Nursing

View Set

Smartbook: Chapter 13: Building the Price Foundation

View Set