AZ-900 Practice Questions

What are the differences between virtual machines and Azure Container Instances? (Select two.) **A.** Cost **B.** Resource allocation **C.** Disk type **D.** Operating system

**A, B.** By default, disk type and operating systems are two resource types that are allocatable. Therefore, cost and resource allocation are the correct answers.

Which of the following are reasons to have multiple subscriptions? (Select two.) **A.** Different organizational structure **B.** Manage resource allocation **C.** Better manage security **D.** Better discounting options

**A, B.** Users prefer multiple subscriptions when many organizations exist, cause a variety of resources to be billed to an account. Instead of billing resources to a master account, differentiating the organization structure and better managing the resources against an individual bill will help each team, project, or cost center fully realize their spending. Since cloud computing spend is based on consumption, multiple subscriptions will help to mitigate billing concerns in an organization.

Which of the following are open source relational database platforms that Microsoft Azure supports as managed service offerings? (Select two.) **A.** Azure Database for PostgreSQL **B.** Azure Cosmos DB **C.** Azure SQL DB **D.** Azure Database for MySQL

**A, D.** Azure Database for PostgreSQL and Azure Database for MySQL are both open source relational databases that Microsoft has enabled as a Platform as a Service offering in Azure.

Review the following scenario and replace the word you believe is inaccurate with one of the following choices. Azure CLI incorporates both Bash and PowerShell using the browser-based experience. **A.** Azure Cloud Shell **B.** ARM Templates **C.** Azure PowerShell **D.** The statement is accurate.

**A.** A user can access both PowerShell and Bash command-line tools from Cloud Shell only.

Review the following scenario and select the most appropriate response. A virtual machine, which is a _Platform as a Service_ offering, requires end-user maintenance and support for specific operating system features and functions. **A.** Infrastructure as a Service **B.** Platform as a Service **C.** Software as a Service **D.** No correction required

**A.** A virtual machine is an Infrastructure as a Service offering. End-user maintenance and system support are required to continue to provide end-user support.

Which tool allows for collaboration for users who need to connect from outside an organization to access specific resources, specifically guest enterprise users? **A.** Azure Active Directory B2B **B.** Azure Active Directory B2C **C.** Azure Active Directory B2G **D.** None of the above

**A.** Azure Active Directory B2B is meant for enterprise businesses, while B2C is for consumers.

Which of the following solutions is used to help model data from sources such as data warehouses and data lakes to train machine learning models? **A.** Azure Databricks **B.** HDInsight **C.** Azure Synapse Analytics **D.** Cognitive Services

**A.** Azure Databricks is the correct response, since the solution helps model data from data warehouses and data lakes to train machine learning models.

Which of the following is not a sovereign region? **A.** Azure Public Cloud **B.** Azure Government Cloud **C.** Azure Germany Cloud **D.** Azure China Cloud

**A.** Azure Public Cloud is the only cloud listed that is not part of an Azure Sovereign Region.

Correct the following statement, should it be needed. You can use _Azure Cost Management_ to send e-mail alerts when the current billing period's cost reaches 50 percent of the given monthly budget. **A.** Budget Alerts **B.** Azure Recommendations **C.** Health Checks **D.** The statement is accurate.

**A.** Budget Alerts is a feature within Azure Cost Management that is the most appropriate response to the question.

There are three types of blobs, also referred to as containers. Which of the following is not one of those types? **A.** File blob **B.** Append blob **C.** Page blob **D.** Block blob

**A.** File blob is not an actual file type.

Where can a cloud administrator go to find pre-built solutions to expedite virtual machines online? **A.** Azure Marketplace **B.** Azure App Store **C.** Microsoft Partner Portal **D.** Microsoft Learn

**A.** Marketplace is a location where prebuilt Microsoft and partner solutions are available for rapid deployment, already hosted on Azure. A user can download the template onto their environment for consumption based on the solution provider's terms and conditions.

What is meant by multi-tenancy in describing a public cloud deployment model? **A.** Many organizations share the same set of resources within a cloud infrastructure across one or more geo-distributed locations. **B.** A single organization has exclusive access to resources within a cloud infrastructure across one or more geo-distributed locations. **C.** A single organization shares the same set of resources within a cloud infrastructure across one or more geo-distributed locations. **D.** Many organizations are restricted to a specific set of cloud infrastructure resources in a bound geographic region.

**A.** Multi-tenancy is when many organizations share the same set of resources within a cloud infrastructure across one or more geo-distributed locations.

Correct the following statement, should it be needed. _Public Preview_ is limited to select Azure users who can beta-test a product during development, as they are given access by Microsoft. Such users must actively provide feedback to Product Development. **A.** Private Preview **B.** General Availability **C.** Service Lifecycle **D.** The current term is correct.

**A.** Private Previews are limited to select Microsoft users who beta-test a product during development.

An organization has decided to host its website on Microsoft Azure using WordPress. The CFO would like to know what the best delivery model is for all customers. The CFO wants to be assured the website is publicly accessible. What would you recommend? **A.** Public cloud **B.** Private cloud **C.** Hybrid cloud **D.** Serverless cloud

**A.** Public cloud is intended for user consumption over the Internet. Private cloud is intended for internal consumption exclusively. Hybrid cloud allows for a mixture of internal and external resource utilization. Since there is no mention of requiring resource from within the organization, hybrid is not necessary. Serverless cloud is not necessarily a deployment model as much as it is an approach to deliver applications that are event-driven based on a function or trigger.

What contains web apps, databases, and storage accounts that are deployable and managed in Azure? **A.** Resource groups **B.** Resource pairs **C.** Availability Zones **D.** Management groups

**A.** Resource groups bring together resources in a single group. A resource group acts as a container for like-kind Azure resources such as web apps, databases, and storage accounts that are deployable and managed.

If a user cannot run PowerShell as an Admin or Superuser, which command line should they execute? **A.** `Install-Module -Name Az -AllowClobber -Scope CurrentUser` **B.** `Install-Module -Name Az -AllowClobber -Scope Superuser` **C.** `Install-Module -Name Az -AllowClobber -Scope Administrator` **D.** `Install-Module -Name Az -AllowClobber -Scope None`

**A.** Setting the scope for the current user as Administrator or Superuser is not supported. In this case, you still need to set the scope.

Your organization is experiencing an outage on all its virtual machine instances. Where should you check first to determine the cause of this issue? **A.** Azure Status page **B.** Azure Resource Health page **C.** Azure Service Health page **D.** Azure Advisor

**A.** The best practice is to check on global system performance first before focusing on individual resources and services.

This question requires you to evaluate the use case. Select the condition that makes the following statements correct. You have an application made up of an Azure web app with a service-level agreement (SLA) of 99.95 percent and an Azure Cosmos DB with an SLA of 99.99 percent. The composite SLA for the application is the product of both SLAs, which equals 99.94 percent. **A.** No change is necessary. **B.** 99.95 percent **C.** 99.99 percent **D.** 0.04 percent

**A.** The formula 0.9999 × 0.9995 = 0.999405. That translates to 99.94 percent. A composite SLA does not take the lowest or highest SLA value and accept those terms.

Your organization has recently instituted a 100 percent telework policy in order to reduce expenses. As part of the planning, the IT operations team is looking for ways to utilize as many enterprise vendors' pre-built software solutions so that there is no need to install custom applications and maintain a dedicated helpdesk. Which cloud architecture should you include in your suggestion to leadership? **A.** Software as a Service (SaaS) **B.** Platform as a Service (PaaS) **C.** Infrastructure as a Service (IaaS) **D.** Desktop as a Service (DaaS)

**A.** The organization is looking to reduce as many internal functions as possible, and they are aiming to use enterprise vendor commercial off-the-shelf (COTS) solutions. SaaS aligns best with that model. An organization may have some custom applications; however, in this use case, the goal is to shift away from custom and move toward pre-built offerings. The organization may need to procure some IaaS services; however, for this use case, this is not the main objective. Desktop as a Service is not a deployment model.

Complete the following statement: Network security groups have a priority between ____________. Rules with _____________ numbers are given greater attention. **A.** 100 to 4,096, lower priority **B.** 1,000 to 4,096, lower priority **C.** 100 to 4,096, higher priority **D.** 1,000 to 4,069, lower priority

**A.** The range is bound from 100 to 4,096, and lower ranking order gets preference.

Which of the following is not true about Secure Score? **A.** Secure Score is based on weighting, usage, importance, geographic location, and criticality. **B.** Secure Score evaluates all the resources across your subscriptions. **C.** There is a maximum score of 100 percent. **D.** A score is not an average as it weights the posture of resources across subscriptions.

**A.** The reason why this statement is inaccurate is because of one element, geographic location. Geography has no influence on Secure Score.

A customer with a BASIC account can still submit a support ticket for an Azure Cloud issue? **A.** True **B.** False **C.** It depends on the type of Microsoft license you subscribe to. **D.** There is no such thing as a BASIC Account.

**A.** Users can still submit a support ticket, even with a basic account. There may be a requirement to increase account limits or inform Microsoft of performance issues for a service. Therefore, submitting a ticket is still a feature enabled for all users. It does not matter what type of account you have, the support type listed is offered to all customers. A basic account is the most fundamental account offered by Microsoft.

Is the following statement true or false with regards to a hybrid cloud offering? A company can extend its internal network capacity using the public cloud when using cloud bursting. **A.** True **B.** False

**A.** When a private cloud (internal network) needs additional capacity during a peak period of IT demand, it will require the use of public cloud resources. Therefore, the use of a special configuration known as _cloud bursting_ is a great option for scaling a private cloud when necessitated.

You need to deploy an Azure virtual machine running Windows 2019. You need to ensure that the services running on the virtual machine are available if one of the assigned data centers fails. You deploy the virtual machines to two Availability Zones. Does that meet the goal? **A.** Yes **B.** No

**A.** Yes. There is redundancy from one data center to the next, given system protection, should one data center fail. The use case presented provides ample assurances.

When an administrator shuts off a virtual machine instance, which of the following statements regarding operational costs is accurate? **A.** Even though you are shutting off the virtual machine, you are still charged to keep the instance, including the storage operational. **B.** While you may not pay for operating the virtual machine, you will still be charged for the storage in use until deleted. **C.** Once a virtual machine is turned off, you do not pay for any additional fees. **D.** If the virtual machine is inactive, you are charged a subscription fee for inactivity use per virtual instance of $5.00 per day per VM.

**B** is the best choice. You will still need to pay for storage regardless of a VM being active or inactive when managing an IaaS Instance.

Which of the following conditions can heavily influence the pricing of a product or service in Azure Marketplace? **A.** Service provider **B.** Licensing requirements **C.** Storage requirements **D.** All of the the above

**B, C.** Service providers are irrelevant. The pricing of the product posted by the service provider can make a difference, but not the provider themselves.

Which of the following statements regarding a private cloud delivery model are inaccurate? (Select two.) **A.** A private cloud only delivers services over the public Internet. **B.** A reason to consider private cloud options over a public cloud is when your organization requires customization to meet business needs, looks to gain control over resources that may be shared in a public setting, and is aware that the environment has the potential for a significant increase in activity. **C.** A reason to consider a private cloud option over a public cloud is when your organization requires strict enforcement of technical standards to streamline business needs, looks to lock down controls to ensure users are unable to modify settings, and recognizes that system scalability is limited. **D.** Private cloud supports only two service architectures, Infrastructure as a Service (IaaS) and Platform as a Service (PaaS).

**B, D.** Private cloud is an appropriate deployment option when an organization requires customization to meet business needs, looks to gain control over resources that may be shared in a public setting, and is aware that the environment has the potential for a significant increase in activity. In addition, only IaaS and PaaS are supported for private cloud.

Which of the following describes a virtual machine that can be deployed across multiple update and fault domains to maximize availability, which also ensures resiliency due to data center outages and unplanned maintenance events. **A.** Availability Zone **B.** Scale sets **C.** Virtual networks **D.** Virtual network gateways

**B.** A scale set is a virtual machine that can be deployed across multiple update and fault domains to maximize availability, which also ensures resiliency due to data center outages and unplanned maintenance events.

Your organization requires a managed solution that can support its massive online transactional processing database solution. To ensure optimal performance, your team requires a solution that supports applications with high volume activities and low input/output rates. Autoscaling and fluid storage capacity are desired. Which service tier should you select? **A.** General **B.** Business Critical **C.** Hyperscale **D.** Free

**B.** Although you might expect the answer to be Hyperscale (C), based on the massive OLTP requirement, Hyperscale support does not align with managed instance support at this time. Business Critical/Premium Support does offer OLTP benefits for massive data processing.

Which of the following management tools is a command-line interface that is browser-based and machine- and OS-independent? **A.** Azure CLI **B.** Azure Cloud Shell **C.** Azure Portal **D.** Azure PowerShell

**B.** Azure Cloud Shell is a web-based management tool accessible from virtually any device. Users can utilize the command-line interface in either Bash or Power Shell mode.

What is an alternate utility integrated within the Azure Portal a user can access to complete cloud-based support actions? **A.** Windows PowerShell **B.** Azure Cloud Shell **C.** Azure Sentinel **D.** Azure ExpressRoute

**B.** Azure Cloud Shell is an integrated utility in the Azure Portal.

Which of the following best describes a deployment and management service allowing Azure cloud administrators to create, update, and delete resources in a provisioned account? **A.** Azure Resource Monitor **B.** Azure Resource Manager **C.** Azure Region Manager **D.** Azure Region Monitor

**B.** Azure Resource Manager is a deployment and management service that allows cloud administrators to create, update, and delete resources in a provisioned account. One might use features such as access controls, locks, and tags to secure and organizatize resources after deployment with Azure Resource Manager. Keep in mind that within the Resource Manager, you'll find numerous templates that define one or more resource to deploy to resource groups, subscriptions, management groups, or tenants. The template might be used as a way to deploy resources using a schedule or incidentally.

Azure SQL and Azure Cosmos DB are considered what type of service in an Availability Zone. **A.** Mainstream **B.** Foundational **C.** Specialized **D.** These services cannot operate in an availability zone.

**B.** Azure SQL Database and Azure Cosmos DB are Foundational Services. These core database resources do not fall in any other category.

Defense in Depth is analogous to what type of building? **A.** House **B.** Castle **C.** Apartment building **D.** Boat

**B.** Defense in Depth is analogous to a castle. As stated earlier in the chapter, if your castle didn't have any locks on it, any individual could simply go to a door, open it, and grab some data. If you add defensive layers, though, there are moats to act as protective casings that help create a set of checks and balances for those coming in and out of the castle.

Which of the following are not best practices as part of Azure Policy processes? **A.** A policy is often initiated against an assigned scope. **B.** A policy may delete unnecessary resources every 24 hours. **C.** A policy that is already assigned may be updated. **D.** During a compliance evaluation cycle, activity may occur over 24 hours.

**B.** Deleting unnecessary resources every 24 hours is the only process that is not the best fit, although it could happen.

What is the difference between fault tolerance and disaster recovery? **A.** A cloud service that scales horizontally is defined as fault tolerance, whereas disaster recovery is when a cloud service supports recovery after an outage or catastrophic event occurs. **B.** A cloud service that is available after an event occurs is defined as fault tolerance, whereas disaster recovery is when a cloud service supports recovery after an outage or catastrophic event occurs. **C.** A cloud service that offers rapid development, testing, and launching of a technical capability is referred to as fault tolerance, whereas disaster recovery is when a cloud service becomes available after an event occurs. **D.** A cloud service that is available after an event occurs is defined as disaster recovery, whereas fault tolerance is when a cloud service supports recovery after an outage or catastrophic event occurs.

**B.** Fault tolerance is defined as a cloud service that is available after a disrupting event occurs. Disaster recovery describes a cloud service that supports recovery after an outage or catastrophic event occurs.

Review the following statement. Look at the italicized text. Indicate if the statement requires any corrective actions. The only category where all services are available in both recommended and alternate regions is _Mainstream_. **A.** Specialized **B.** Foundational **C.** Basic **D.** The current answer is accurate.

**B.** Foundational is defined as services that are available across all recommended and alternate regions. The services are deemed generally available or will be available within 12 months of new foundational services availability. On the other hand, mainstream indicates that services are available in a recommended region within 12 months and considered generally available. All these services are delivered in a demand-driven capacity only in alternate regions only.

Which of the following solutions is like a Hadoop cluster for processing big data? **A.** Azure Databricks **B.** HDInsight **C.** Azure Synapse Analytics **D.** Cognitive Services

**B.** HDInsight is a clustered Hadoop product for the processing of big data.

In order to assure that an organization has a commitment from its cloud service provider for guaranteed uptime, service reliability, and continuous operations, a service-level agreement is signed to ensure what? **A.** Principle of economic scale **B.** High availability **C.** Disaster recovery **D.** Agility

**B.** High availability is the best selection, because it ensures that systems depending on a service provider can operate continuously without failing.

Your company has decided it is time to move its data and resources off an old Microsoft Access database. It would like to use the Microsoft Azure SQL migration wizard to move the records. The database administrator indicates that that Microsoft Azure SQL is a Software as a Service (SaaS) delivery offering. Is that statement accurate? **A.** Yes **B.** No

**B.** Microsoft Azure SQL is a Platform as a Service, not a Software as a Service, delivery offering given it is a data service that supports one or more applications.

Which of the following supplies information or metadata about a resource when trying to classify and codify resource management, cost management, optimization, operations management, security, governance and regulatory compliance, workloads such as virtual machines, and automated solutions? **A.** Resource Lock **B.** Resource Tag **C.** Azure Policy **D.** Azure Blueprints

**B.** Resource Tags are organization mechanisms.

What is the purpose of single sign-on? **A.** To prevent users from removing resources. **B.** To allow users to access resources across many applications without having to re-enter credentials several times. **C.** To define rules that apply to Azure resources that can be replicated in a template. **D.** To act as an identity service in Azure.

**B.** Single sign-on is best defined as allowing users to access resources across many applications without re-entering credentials several times.

Which of the following is a guarantee for Azure SQL Server? **A.** Location **B.** Uptime **C.** Capacity **D.** Memory and compute performance

**B.** The only guarantee listed that applies to Azure SQL Server is uptime.

Review the following scenario and replace the word you believe is inaccurate with one of the following choices. Azure Functions are intended for use when applications require advanced connectors, triggers, and actions delivered using serverless orchestration. **A.** Cognitive Services **B.** Azure Logic Apps **C.** Azure Bots **D.** The answer is accurate.

**B.** The statement is inaccurate, as Azure Logic Apps is intended for serverless orchestration.

Which Microsoft document repository centrally houses all the security, privacy, and compliance information about Azure? **A.** Azure Blueprints **B.** Trust Center **C.** Cloud Adoption Framework **D.** Azure Sovereign Regions

**B.** Trust Center handles all the security, privacy, and compliance information for Microsoft Azure.

Under what circumstances would you configure your Synapse Analytics environment to be always available? **A.** Synapse Analytics must always be available regardless of circumstances **B.** During unpredictable, burst-based workloads **C.** To ensure reserved processing power and optimized savings **D.** During predictable batch jobs

**B.** Unpredictable, burst-based workloads is the only condition that meets all the criteria described in the question.

Select the regulatory and compliance measure that does not appear as part of the Secure Center dashboard. **A.** ISO-27001 **B.** ISO-9001 **C.** PCI DSS 3.2.1 **D.** SOC TSP

**B.** While ISO-9001 may somehow be evaluated by an organization as part of their quality management systems process, which is what ISO-9001:2015 measures, this is not one of the regulatory and compliance measures within the scope of Azure's evaluation.

Which of the following statements is not true about Infrastructure as a Service (IaaS)? (Select one.) **A.** An IaaS security posture is often more robust than those in an on-premises data center due to regulatory and compliance mandates the provider's customers must adhere to. **B.** The cloud service provider is responsible for all facets of infrastructure and application support given there are assurances in place for increased stability and supportability using a mandatory service-level agreement (SLA). **C.** Elimination of one-time business costs that are never fully recognized when procured on-premises. **D.** Delivery of any service offering is quicker, at scale, and can be done globally with greater ease.

**B.** While a cloud service provider is responsible for maintaining the infrastructure (hardware and installation of the operating system for an organization), they are not responsible for application level support. An SLA is put in place to ensure increased stability and reliability within the infrastructure, but not for applications unless they are specific to the operating system or maintaining the infrastructure itself.

When managing NSG traffic, what is the available traffic range allowed at the uppermost limit? **A.** 1,000 **B.** 4,096 **C.** 65,535 **D.** There is not bound range.

**C.** 65,535 is the uppermost limit for traffic when managing NSG groups.

Your organization, a health care practice, is required by law to maintain patient records for seven years. Recently, the organization invested in an electronic health records (EHR) system. The business has been in practice for 18 years and still maintains 5,000+ previous patient files from the past. By law, all these records must be digitized. What type of cloud solution deployment model should the EHR company suggest the health practice implement? **A.** Private cloud **B.** Public cloud **C.** Hybrid cloud **D.** Serverless cloud

**C.** A hybrid cloud is the optimal solution given the health care practice must maintain a public-facing EHR that patients access. However, the practice also maintains internal clinical records and system storage that is being updated as part of the digital modernization project to preserve the paper copies of all 5,000+ patients specific to the practices private cloud instance. Connecting the public and private cloud instances together offer the best implementation alternative. Selecting a private cloud exclusively does not allow patients to access their data, a requirement by law for those offering EHR systems. By selecting public cloud, the health data is being exposed to unnecessary parties, violating policies such as protection of PII and HIPAA. Serverless computing is not applicable in this case.

Complete the following statement by selecting the correct term. _____________are documents that do not exist natively in Azure. They are stored either locally or in source control. Templates are used for deployments for one or more Azure resources. **A.** Azure Policy **B.** Resource Tags **C.** ARM Templates **D.** Azure Blueprints

**C.** ARM Templates are document based, not Azure Blueprints. With Azure Blueprints, they are stored in Azure Cosmos D.

Review the following scenario and select the most appropriate response. You must store data in storage for three years. Each year, you may need to access the data from _cool storage_ from the previous year. **A.** No changes are necessary **B.** Hot storage **C.** Archive storage **D.** Database storage

**C.** Archive is appropriate under these conditions because the storage access will be limited to yearly. This is the cheapest access, given that the user will not access the data for a minimum of 180 days to maintain pricing.

Which of the following is a PaaS-based nonrelational Azure Database offering? **A.** Azure Database for PostgreSQL **B.** Azure Database for MySQL **C.** Azure Cosmos DB **D.** Azure SQL Server Managed Instances

**C.** Azure Cosmos DB is a NoSQL, nonrelational, PaaS-based Azure Database offering.

Which of the following Microsoft network security products utilize IP addresses and domains data to protect victims of attacks? The data collected becomes part of the Microsoft Threat Intelligence Feed. **A.** Azure DDoS Basic **B.** Azure Security Center **C.** Azure Firewall **D.** Azure Dedicated Hosts

**C.** Azure Firewall includes all of the features described. Azure Firewall is a service that can be accessed from Azure Secure Center, but it does not directly integrate such features.

The most efficient way to distribute Azure Resource Management (ARM) templates is using which tool? **A.** Azure Cloud Shell **B.** Azure Resource Groups **C.** Azure Resource Manager **D.** Azure PowerShell

**C.** Azure Resource Manager is a container to hold templates.

Resource Hygiene quality is determined by two factors. What are they? **A.** The severity of issues and recency of the issue **B.** The severity of issues and number of resources in a subscription **C.** The severity of issues and the number of issues **D.** The severity of issues only.

**C.** Both the number of resources and recency contribute to the number of issues.

Correct the following statement, should it be needed. The _Total Cost of Ownership Calculator_ can help Azure users estimate their current charges accumulated when using Azure for a given month. **A.** Pricing Calculator **B.** Cost Alerts **C.** Cost Analysis **D.** The current term is correct.

**C.** Cost analysis provides near real-time estimates of current costs and forecasted costs based on a user's accumulated Azure usage.

Fill in the following statement with the correct response. _______________ enables you to protect your Azure resources from denial of service (DoS) attacks with always-on monitoring and automatic network attack mitigation. **A.** Azure Firewall **B.** Azure Security Center **C.** Azure DDoS Standard **D.** Azure Defender

**C.** DDoS Standard is the only service offering that offers 365/24/7 monitoring for attacks with always-on monitoring and automatic network attack mitigation.

How long does a user have access to a Free Azure account features before one must pay for services under a Pay-As-You-Go plan? **A.** 30 Days **B.** Free Forever **C.** 1 Year **D.** Until the $200 credit is spent

**C.** In contrast, Microsoft gives users the first 30 days to spend $200.00 toward Azure cloud premium features. All Free account features are available for up to one year before an account is automatically converted to a Pay-as-You-Go account.

How does a user access the Azure portal? **A.** [http://portal.microsoft.com/azure](http://portal.microsoft.com/azure) **B.** [http://portal.office.com](http://portal.office.com/) **C.** [http://portal.azure.com](http://portal.azure.com/) **D.** [http://cloud.microsoft.com](http://cloud.microsoft.com/)

**C.** It is the only address that directly takes a user to the Azure portal. While a user will be directed to an Azure website by going to [http://portal.microsoft.com/azure](http://portal.microsoft.com/azure) and [http://cloud.microsoft.com](http://cloud.microsoft.com/), which is reflected in answers A and C, answer B takes a user to the Microsoft 365 login.

This type of authenticating requires a secondary device such as an e-mail, SMS message, or voice-based call to generate a random number for authentication. **A.** Role-based access control **B.** Azure Active Directory **C.** Multi-factor authentication **D.** Resource Lock

**C.** Multi-factor authentication is two-factor authentication that requires you to enter a secondary form of identification in addition to a username and password.

Which of the following as a service types are best aligned with serverless computing? **A.** Infrastructure **B.** Software **C.** Platform **D.** Database

**C.** Platform as a Service is associated with the development and design of applications. Serverless computing, like PaaS, focuses on the creation of lightweight applications that are event-based functions, set off by a trigger. Serverless applications are fully supported by the cloud service provider except for the application development functionality. IaaS is incorrect as infrastructure alone is not enough to support a serverless environment. It is the underpinning of the serverless capabilities though. SaaS is software delivered by another vendor, a third party; it is not applicable to serverless computing. Database as a service is not a formal architectural option to consider.

Which of the following service lifecycle states offer products and services SLA support? **A.** Private Preview **B.** Public Preview **C.** General Availability **D.** All of the above

**C.** Since Private and Public Preview do not require Microsoft to provide an SLA since it is still in beta and cannot guarantee 100 percent working conditions, only General Availability is accurate.

Complete the following statement: ____________________ and _________________________ provide information on how a Microsoft Azure customer may use services and how data will be shared in the platform. **A.** Microsoft Privacy Statement, Online Service Terms (OST) **B.** Online Service Terms (OST), Microsoft Privacy Statement **C.** Online Service Terms (OST), Data Protection Addendum (DPA) **D.** The Microsoft Privacy Statement, Data Protection Addendum (DPA)

**C.** This is the only condition that meets both criteria based on the two document types referenced in the statement.

You have a website with light traffic. Which type of disk storage is appropriate? **A.** Ultra Disk **B.** Premium SSD **C.** Standard SSD **D.** Standard HDD

**C.** While all storage types can be used for web storage, the most appropriate is Standard SSD. Standard SSD is appropriate for backup, recovery, and noncritical storage and is also useful for web servers, lightly used applications, and web-based applications.

You recently received an invoice from Microsoft indicating 720 hours of virtual machine usage. You were surprised, considering you only accessed the virtual machine twice the entire month. To avoid being charged for unnecessary usage, what must you do? **A.** Delete the VM each time you no longer need to use it. **B.** This must be an error. Request a refund. **C.** Stop the virtual machine instance. **D.** Select a different image from the Azure Marketplace.

**C.** You will always pay for storage, as it is an underlying condition for managing a virtual infrastructure. That said, you kept the virtual infrastructure running, hence the excess operational costs.

Service-level agreements typically include all the following, except: **A.** Product expectations **B.** General conditions to meet the SLA for a product **C.** Specific terms, including uptime conditions **D.** Product pricing

**D.** All features are inclusive of an SLA except for explicit product pricing.

Azure Blueprint may contain which of the following governance assets? (Select all that apply.) **A.** Resource Locks **B.** Azure Policy **C.** Tags **D.** All the above

**D.** An Azure Blueprints are a repeatable CD/CI deployable asset containing all of the asset types.

When you are looking to implement a development virtual machine instance with excess storage in a particular region at a significantly reduced rate, what would you need to select during the configuration process of your virtual machine instances? **A.** Snapshots **B.** Images **C.** Scale sets **D.** Spot instances

**D.** An Azure spot instance allows you to run a cost-optimized virtual machine in Azure when excess capacity is available in a particular region. Once capacity is no longer available, the instance is deallocated.

Complete the following statement. _______________ is when you want to ensure users should and should not access resources in Azure. **A.** Authentication **B.** Conditional access **C.** Role-based access **D.** Authorization

**D.** Authorization is when you want to ensure users should and should not access resources in Azure.

Which of the following is not a type of Azure Firewall rule? **A.** NAT rules **B.** Network rules **C.** Application rules **D.** DDoS rule

**D.** DDoS is not a type of rule. It is a type of attack.

Review the following scenario and replace the word you believe is inaccurate with one of the following choices. Microsoft DevOps is a Software as a Service cloud solution for managing the build, deployment, delivery, and operational activities in Azure. **A.** Infrastructure as a Service **B.** Platform as a Service **C.** Hybrid computing **D.** The answer is accurate.

**D.** DevOps is a collection of a cloud-based web applications that connect to each Azure IaaS or PaaS source.

You are the member of a large accounting firm that works with large corporations. By law, the corporations are required to file quarterly tax reports. Traffic is extremely light to the applications except during specific filing periods, usually one week per quarter. Which of the Azure Cloud Service benefits best reflects the usage behavior that should be addressed? **A.** Scalability **B.** Agility **C.** High availability **D.** Elasticity

**D.** Elasticity is the most appropriate choice since it allows for one to increase or decrease compute capacity quickly and at scale. While other options may seem reasonable, D is the best choice. Scalability measures a system's ability to increase or decrease performance and cost in response to operational changes with an application or system. Agility refers to the rapid development, testing, and launching of a technical capability, whether it is a software application or infrastructure component that drives a business. High availability ensures that systems depending on if a service provider can operate continuously without failing.

Which of the following is not a configuration you must identify when setting up an app service plan? **A.** Region **B.** Number of virtual machines **C.** Size of instance **D.** SDK support

**D.** Except for SDK support, which is not a legitimate feature, all other choices are prerequisites for configuring an app service plan.

The Microsoft Privacy Statement incorporates all of the business terms except: **A.** services **B.** websites **C.** apps **D.** consulting agreement terms

**D.** Microsoft Professional Services are not covered under any Privacy Statement. All other selections are amply covered under the Privacy Statement.

Review the following scenario and replace the word you believe is inaccurate with one of the following choices. Azure Portal allows for either the use of the Home page or custom dashboards as a way for users to interact with cloud resources throughout the platform. **A.** Azure Monitor **B.** Azure IoT Central **C.** Azure Machine Learning **D.** The statement is accurate.

**D.** Only this option offers users two ways to expose all features in Microsoft Azure.

Review the following statement. Look at the italicized text. Indicate if the statement requires any corrective actions. A _Free Account is a consumption-based_ account whereby you are billed for the resources utilized. At the end of each billing cycle, you or your organization will receive an invoice for one or more subscription based on the resources consumed during a given period. **A.** No changes are required. **B.** Reseller account is a reservation-based account. **C.** Enterprise account is a consumption-based account. **D.** Pay-As-You-Go is a consumption-based account.

**D.** The only logical account is Pay-As-You-Go, as this is the only consumption-based account listed.

Which of the following best describes the concept of geography? **A.** A regional parameter that is bound to another region within a 300-mile distance. **B.** A location within a region made up of one or more independent data centers equipped with power, cooling, and networking capabilities. **C.** A set of data centers deployed within a defined perimeter connected through a dedicated regional low-latency network. **D.** An area of the world containing at least one Azure region.

**D.** This describes geography.

A company requires 24/7 support for their custom applications running on Microsoft Azure. Besides, they may want to speak to an architect by phone or Microsoft Teams to review their new Platform as a Service deployment. Which service plan must the company purchase to retain these services? **A.** Basic **B.** Developer **C.** Standard **D.** Professional Direct

**D.** This is the only support option where Microsoft will offer a company architectural support and 24/7 Severity A/B/C support.

The only way to ensure FIPS 140-2-compliant security for keys, certificates, or secrets using Azure Key Vault is to: **A.** Create an encrypted key. **B.** Create an encrypted certificate. **C.** Create an encrypted secret. **D.** Utilize a Hardware Security Module.

**D.** You can create an encrypted certificate, key, or secret, and it will still not be FIPS 140-2 compliant. The only way to meet compliance is when any of the above are placed on separate hardware using the Hardware Security Module.

Which of the following is not a capability that one can complete with the Azure Mobile App? **A.** Monitor the health and status of Azure resources **B.** Diagnose and fix issues using the Azure Portal or one of the command-line interfaces **C.** Run command-line operations to manage Azure-specific resources **D.** Create machine learning models

**D.** You can only review the state of Machine Learning services; you cannot create any using the Azure mobile app at this time.