AZ-900 - Azure Fundamentals
Application Gateway contains what additional optional security feature over a regular Load Balancer?
Explanation Application Gateways also comes with an optional Web Application Firewall (or WAF) as a security benefit
What is the concept of Availability?
Explanation Availability - what percentage of time does a system respond properly to requests, expressed as a percentage over time
What are Azure Availability Zones?
Explanation Availability Zones - Unique physical locations within an Azure region, made up of one or more datacenters; there is a minimum of three zones in each region; you can manually place your resources in an availability zone for highest availability
Which of the following methods of deploying a virtual machine provides the highest availability SLA?
Explanation Availability Zones offer 99.99% availability when configured correctly.
Which Azure service is the recommended Identity-as-a-Service offering inside Azure?
Explanation Azure AD is the identity service designed for web protocols, that you can use for your applications.
What is Azure's preferred Identity/authentication service?
Explanation Azure Active Directory (Azure AD) - Microsoft's preferred Identity as a Service solution
What feature within Azure will make recommendations to you about reducing cost on your account?
Explanation Azure Advisor analyzes your account usage and makes recommendations for you based on its set rules
What service does Azure provide as an optional upgrade to protect against DDoS attacks?
Explanation Azure DDoS Protection Standard
What two types of DDoS protection services does Azure provide? Select two.
Explanation Azure DDos Protection Basic is free, while you can upgrade to Standard for a fee.
What is a benefit of economies of scale?
Explanation Economies of Scale - the more of an item that you buy, the cheaper it is per unit
What feature of a system makes it elastic?
Explanation Elasticity - The ability of a system to automatically grow when maximum capacity is reached, and automatically shrink to minimize waste.
True or false: there are no service level guarantees (SLA) when a service is in General Availability (GA)
Explanation False, most Azure GA services do have service level agreements
Which of the following elements is considered part of the "perimeter" layer of security?
Explanation Firewall is part of the perimeter security For more information on the layered approach to network security:
Which of the following is not a feature of Azure Functions?
Explanation Functions are designed for short pieces of code that start and end quickly.
What is the name of the group of services inside Azure that hosts the Apache Hadoop big data analysis tools?
Explanation HDInsight is a collection of open-source Apache Hadoop tools
What is the benefit of using a command line tool like Powershell or CLI as opposed to the Azure portal?
Explanation The real benefit is automation. Being able to write a script to do something is better than having to do it manually each time.
Besides Azure Service Health, where else can you find out any issues that affect the Azure global network that affect you?
Explanation Each Virtual Machine has a Resource Health blade
In which US state is the East US 2 region?
Explanation East US 2 is in the Eastern state of Virginia, close to Washington DC
What is the Azure SLA for two or more Virtual Machines in an Availability Set?
Explanation 99.95%
What is the service level agreement for two or more Azure Virtual Machines that have been manually placed into different Availability Zones in the same region?
Explanation 99.99%
What hardware device is required to exist or be installed on your company network in order to set up a site-to-site VPN?
Explanation A VPN Gateway needs to be configured to connect to Azure for a private network to be established
What is the maximum amount of Azure Storage space a single subscription can store?
Explanation A single Azure subscription can have up to 250 storage accounts per region, and each storage account can store up to 5 Petabytes. That is 31 million Terabytes. This is probably 15-20 times what Google, Amazon, Microsoft and Facebook use combined. That's a lot.
One of the benefits of the cloud is agility. What does that mean in the context of the cloud?
Explanation Agility - the ability to respond to change "rapidly" based on changes to market or environment; ensuring fast time to market
What types of files can a Content Delivery Network speed up the delivery of?
Explanation All of them. Any static file that doesn't change.
Select the way(s) to increase the security of a traditional user id and password system?
Explanation All of these are ways to increase the security on an account.
Which ways does the Azure Resource Manager model provide to deploy resources?
Explanation All of those ways can be used to deploy or manage resources using ARM
What is the minimum charge for having an Azure Account each month, even if you don't use any resources?
Explanation An Azure account can cost nothing if you don't use any resources or only use free resources
What does it mean if a service is in General Availability (GA) mode?
Explanation Anyone can use a GA service. It is fully supported and can be used for production.
Which Azure feature is specifically designed to help companies get their in-house developed code from the code repository, through automated unit testing, and onto Azure using a service called Pipelines?
Explanation Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to build an automation that moves code (and all related dependencies) through various stages from the development environment into deployment.
Where do you go within the Azure Portal to find all of the third-party virtual machine and other offers?
Explanation Azure Marketplace contains thousands of services you can rent within the cloud
Which feature within Azure collects all of the logs from various resources into a central dashboard, where you can run queries, view graphs, and create alerts on certain events?
Explanation Azure Monitor - a centralized dashboard that collects all the logs, metrics and events from your resources
Which of the following scenarios would Azure Policy be a recommended method for enforcement?
Explanation Azure Policy can add restrictions on storage account SKUs, virtual machine instance types, and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if they are sure.
What is the MAIN management tool used for managing Azure resources with a graphical user interface?
Explanation Azure Portal is the website used to manage your resources in Azure
Which Azure website tool is available for you to estimate the future costs of your Azure products and services by adding products to a shopping basket and helping you calculate the costs?
Explanation Azure Pricing Calculator lets you attempt to calculate your future bill based on resources you select and your estimates of usage
What does ARM stand for in Azure?
Explanation Azure Resource Manager (ARM) - this is the common resource deployment model that underlies all resource creation or modification; no matter whether you use the portal, powershell or the SDK, the Azure Resource Manager takes those commands and executes them
Which Azure service is meant to be a security dashboard that contains all the security and threat protection in one place?
Explanation Azure Security Center - unified security management and threat protection; a security dashboard inside Azure Portal
Which tool within Azure is comprised of : Azure Status, Service Health and Resource Health?
Explanation Azure Service Health - lets you know about any Azure-related service issues including region-wide downtime
Which of the following is something that Azure Cognitive Services API can currently do?
Explanation Azure can do all of them, of course.
Which major cloud provider offers the most international locations for customers to provision virtual machines and other servers?
Explanation Azure has the most regions of any major cloud provider - 60+ global regions.
Who is responsible for the security of the physical servers in an Azure data center?
Explanation Azure is responsible for physical security
What is the concept of Big Data?
Explanation Big Data - a set of open source (Apache Hadoop) products that can do analysis on millions and billions of rows of data; current tools like SQL Server are not good for this scale
True or false: Azure Cloud Shell allows access to the Bash and Powershell consoles in the Azure Portal
Explanation Cloud Shell - allows access to the Bash and Powershell consoles in the Azure Portal
Which Azure Service contains pre-built machine learning models that you can use in your own code, using an API?
Explanation Cognitive Services is an API that Azure provides, that gives access to a set of pre-built machine learning models including vision services, speech services, knowledge management and chat bots.
Which tool within Azure helps you to track your compliance with various international standards and government laws?
Explanation Compliance Manager will track your own compliance with various standards and laws.
What types of resources are defined as "compute resources"?
Explanation Compute Services - a category of services in Azure that provides CPU cycles for rent. Virtual Machines are only one type of compute resource. The Marketplace contains many types of resources, not just compute.
Why would someone prefer a Consumption-based pricing model as opposed to a Time-based pricing model?
Explanation Consumption-Based Model - paying for something based on how much you used, as opposed to paying for something no matter if you use it or not.
What benefit does a Content Delivery Network (CDN) provide its users?
Explanation Content Delivery Network - allows you to improve performance by removing the burden of serving static, unchanging files from the main server to a network of servers around the globe; a CDN can reduce traffic to a server by 50% or more, which means you can serve more users or serve the same users faster; SaaS
Which of the following is a feature of the cool access tier for Azure Storage?
Explanation Cool access tier offers cost savings when you expect to store your files and not need to access them often
What database service is specifically designed to be extremely fast in responding to requests for small amounts of data (called low latency)?
Explanation Cosmos DB - extremely low latency (fast) storage designed for smaller pieces of data quickly; SaaS
Who is responsible for the security of your Azure Storage account access keys?
Explanation Customers are responsible to secure the access keys they are given and regenerate them if they are exposed.
What is the concept of being able to get your applications and data running in another environment quickly?
Explanation Disaster Recovery - the ability to recover from a big failure within an acceptable period of time, with an acceptable amount of data lost
What is a DDoS attack?
Explanation Distributed Denial of Service attacks (DDoS) -a type of attack that originates from the Internet that attempts to overwhelm a network with millions of packets of bad traffic that aims to prevent legitimate traffic from getting through
What would be a good reason to have multiple Azure subscriptions?
Explanation Having multiple subscriptions can technically be done for any reason, but it only makes sense if you have to separate billing directly, or have actual clients logging into the Portal to manage their resources.
What makes a system highly available?
Explanation High Availability - a system specifically designed to be resilient when some component of the system fails
If you are a US federal, state, local, or tribal government entities and their solution providers, which Azure option should you be looking to register for?
Explanation Hopefully, it's clear that US Federal, State, Local and Tribal governments can use the US Government portal
Which of the following is a good example of a Hybrid cloud?
Explanation Hybrid Cloud - A mixture between your own private networks and servers, and using the public cloud for some things. Typically used to take advantage of the unlimited, inexpensive growth benefits of the public cloud.
Within the context of privacy and compliance, what does the acronym ISO stand for, in English?
Explanation ISO is a standards body, International Organization for Standardization
Which of the following cloud computing models requires the highest level of involvement in maintaining the operating system and file system by the customer?
Explanation IaaS or Infrastructure as a service requires you to keep your OS patched, close ports, and generally protect your own server
True or false: Azure charges for bandwidth used "inbound" to Azure
Explanation Ingress bandwidth is free. You pay for egress (outbound).
What type of container is used to collect log and metric data from various Azure Resources?
Explanation Log Analytics Workspace is required to collect logs and metrics
In what way does Multi-Factor Authentication increase the security of a user account?
Explanation MFA requires that the user have access to their mobile phone for using SMS or an app.
What Azure tool gives you the ability to manage multiple subscriptions into nested hierarchies?
Explanation Management Groups - a hierarchy of subscriptions; can have many subscriptions, and group them, and put those groups into other groups
Which feature of Azure Active Directory will require users to have their mobile phone in order to be able to log in?
Explanation Multi-Factor Authentication (MFA) - the concept of having something additional to a "password" that is required to log in; passwords are find-able or guessable; but having your mobile phone on you to receive a phone call, text or run an app to get a code is harder for an unknown hacker to get
Which free Azure security service checks all traffic travelling over a subnet against a set of rules before allowing it in, or out.
Explanation Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations and ports are allowed to travel through from outside the virtual network to inside the virtual network
What is the basic way of protecting an Azure Virtual Network subnet?
Explanation Network Security Group (NSG) - a fairly basic set of rules that you can apply to both inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports are allowed to travel through from outside the virtual network to inside the virtual network
Which of the following is considered a downside to using Capital Expenditure (CapEx)?
Explanation One of the downsides of CapEx is that the money invested cannot be deducted immediately from your taxes
Outlook 365 is what type of hosting model?
Explanation Outlook 365 is Software as a Service (SaaS).
What is the concept of paired regions?
Explanation Paired regions are usually in the same geo (not always) but are the most logical place to store backups because they have a high speed connection and Azure staggers the service updates to those regions.
How do you get access to services in Private Preview mode?
Explanation Private Preview means you must apply to use them.
Azure Services can go through several phases in a Service Lifecycle. What are the three phases called?
Explanation Private Preview, Public Preview, and General Availability
What does it mean if a service is in Public Preview mode?
Explanation Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be available
Which of the following Azure features is most likely to deliver the most immediate savings when it comes to reducing Azure costs?
Explanation Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual machines
What is the name of Azure's hosted SQL database service?
Explanation SQL Database is a SQL Server compatible option in Azure, a database as a service
What is Single Sign-On?
Explanation Single Sign-On - the ability to use the same user id and password to log into every application that your company has; enabled by Azure AD
True or False: Azure is a public cloud, and has no private cloud offerings
Explanation Some aspects of Azure are not open to the public and require a private agreement with Microsoft such as Azure Government and DoD services
What is the new data privacy and information protection regulation that took effect across Europe in May 2018?
Explanation The General Data Protection Regulation (GDPR) took effect in Europe in May 2018.
Select all features part of Azure AD?
Explanation The Log Alert Rule is not a feature of Azure AD.
If you wanted to simply use Azure as an extension of your own datacenter, not primarily hosting anything there but using it for extra storage or taking advantage of some services, what hosting model is that called?
Explanation The hybrid cloud is a mixture between private services (like your self-hosted applications) and public ones (like extra storage)
Logic apps, functions, and service fabric are all examples of what model of compute within Azure?
Explanation The serverless model of compute removes all responsibility to selecting or even managing the server and makes Azure responsible for running your code including scaling
Why is a user id and password sometimes not enough to prove someone is who they say they are?
Explanation The truth is that someone can find a way to get a user id and password, even guess it, and that can be used by another person.
Approximately how many regions does Azure have around the world?
Explanation There are 60+ Azure regions currently, in 10+ geographies
What is the default amount of credits that you are given when you first create an Azure Free account?
Explanation There are some other benefits to a free account, but you get US$200 to spend in the first month.
How many regions does Azure have in Brazil?
Explanation There is 1 region in Brazil.
What makes estimating the cost of an unmanaged storage account difficult?
Explanation There is a cost for egress (bandwidth out) and it's hard to estimate how many bytes will be counted leaving an Azure network
What is the benefit of using Powershell over CLI?
Explanation There is no benefit, only a matter of personal choice.
Each person has their own user id and password to log into Azure. But how many subscriptions can a single account be associated with?
Explanation There is not a limit to the number of subscriptions a single user can be included on.
What Azure resource allows you to evenly split traffic coming in and direct it to several identical virtual machines to do the work and respond to the request?
Explanation This is the core feature of either a Load Balancer or Application Gateway
True or false: you can create your own policies if built-in Azure Policy is not sufficient to your needs
Explanation True, you can create custom policies using JSON
True or false: Formal support is not included in private preview mode.
Explanation True. Preview features are not fully ready and this phase does not include formal support.
True or False: Azure has the responsibility to manage the hardware in the Infrastructure as a Service model
Explanation True: Yes, Azure still manages the hardware itself, the hypervisor and all of the physical elements behind the scenes
What is the most number of virtual machines that can me managed under a single Virtual Machine Scale Set?
Explanation Up to 1000 virtual machines can be managed under a single VMSS
What Azure product allows you to autoscale virtual machines from 1 to 1000 instances, and also provides load balancing services built in?
Explanation Virtual Machine Scale Sets - these are a set of identical virtual machines (from 1 to 1000 instances) that are designed to auto-scale up and down based on user demand; IaaS
A virtual machine is called what type of hosting model?
Explanation Virtual Machines are Infrastructure as a Service (IaaS)
Which of the following is not an example of Infrastructure as a Service?
Explanation With Azure SQL Database, the infrastructure is not in your control
Can you give someone else access to your Azure subscription without giving them your user name and password?
Explanation Yes, anyone can create their own Azure account and you can give them access to your subscription with granular control as to permissions
True or false: You cannot have more than one Azure subscription per company
Explanation You can have multiple subscriptions, as a way to separate out resources between billing units, business groups, or for any reason you wish.
An IT administrator has the requirement to control access to a specific app resource using multi-factor authentication. What Azure service satisfies this requirement?
Explanation You can use Azure AD to control access to your apps and your app resources, based on your business requirements. In addition, you can use Azure AD to require multi-factor authentication when accessing important organizational resources.
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine instances you can use. How can you create a VM that is blocked by the policy?
Explanation You cannot perform a task that violates policy, so you have to remove the policy in order to perform the task.
Why is Azure App Services considered Platform as a Service?
Explanation You give Azure the code and configuration, and you have no access to the underlying hardware
Windows servers use "remote desktop protocol" (RDP) in order for administrators to get access to manage the server. Linux servers use SSH. What is the recommendation for ensuring the security of these protocols?
Explanation You need to either control access to the RDP and SSH ports to a very specific range of IPs, enable the ports only when you are using it, or use a Bastion server/jump box to protect those servers.