Exam AZ-900: Microsoft Azure Fundamentals
If you need any of the following types of connectivity: Connections between virtual networks Point-to-site connections Multisite connections Coexistence with an Azure ExpressRoute gateway You should use ___.
a route-based VPN gateway
Resources can only be associated with ___.
a single subscription
Which Azure resource is a software emulation of a physical computer that includes a virtual processor, memory, storage, and networking resources?
a virtual machine
Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for ___. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.
an Azure resource
Low storage costs and unlimited file formats make ___ a good location to store backups and archives. ___ can be reached from anywhere by using an internet connection.
blob storage
In Azure, ___ use a pre-shared key as the only method of authentication.
both types of VPN gateways
All cloud providers provide
compute and storage services
Which scenario is a use case for a VPN gateway?
connecting an on-premises datacenter to an Azure virtual network.
Subscriptions may be grouped into ___.
management groups
Which resource can you use to manage access, policies, and compliance across multiple subscriptions?
management groups
Point-to-site virtual private network connections, Site-to-site virtual private networks, and Azure ExpressRoute are ___.
mechanisms to link resources together in your on-premises environment and within your Azure subscription
An account may be associated with ___.
multiple subscriptions.
Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but ___ do not help with this.
resource tags
What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?
service endpoints
___ are used to expose Azure services to a virtual network, providing communication between the two.
service endpoints
For which resource does Azure generate separate billing reports and invoices by default so that you can organize and manage costs?
subscriptions
What is high availability in a public cloud environment dependent on?
the service-level agreement (SLA) that you choose
Policy-based and In Route-based are ___.
types of VPN gateways
A VPN gateway is a type of ___.
virtual network gateway
What are two services that allow you to run applications in containers?
- Azure Container Instances - Azure Kubernetes Service (AKS)
Which two services can you use to establish network connectivity between an on-premises network and Azure resources?
- ExpressRoute - Azure VPN Gateway
With shared responsibility model, you'll always be responsible for:
- The information and data stored in the cloud - Devices that are allowed to connect to your cloud (cell phones, computers, and so on) - The accounts and identities of the people, services, and devices within your organization
The cloud provider is always responsible for:
- The physical datacenter - The physical network - The physical hosts
Which two scenarios are common billing use cases for resource tags?
- categorizing costs by department, such as human resources, marketing, or finance - associating costs with different environments, such as test or production
What are two characteristics of a consumption-based model?
- no upfront costs - the ability to stop paying for resources that are no longer needed
Which two factors affect Azure costs?
- resource usage - resource location
Which two components are created in an Azure subscription?
- resources - resources groups
Which two scenarios are common use cases for Azure Blob storage?
- storing data for backup and restore - serving images or documents directly to a browser
___ are used to provide access to resources.
Accounts
___ are used to delegate the administration of Azure AD resources, such as users and groups.
Administrative units
Refers to the ability to deploy new applications and services quickly. It means that you can deploy and configure cloud-based resources quickly as app/business requirements change.
Agility
___ is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.
Application Insights
___ is the responsibility of the customer and is typically done either in-house or through a third party.
Application development
What provides recommendations to reduce the cost of Azure resources?
Azure Advisor
Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, achieve operational excellence, and cost reduction?
Azure Advisor
___ analyzes the account usage and makes recommendations based on its set and configured rules.
Azure Advisor
What can you use to automatically detect performance anomalies for web apps?
Azure Application Insights
What can you use to manage servers across cloud platforms and on-premises environments?
Azure Arc
___ simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
Azure Arc
___ provides a web interface to remotely administer Azure virtual machines by using SSH/RDP.
Azure Bastion
___ provides disks for Azure virtual machines.
Azure Disk Storage
___ provides a dedicated private connectivity to Azure that doesn't travel over the internet. ExpressRoute is useful for environments where you need greater bandwidth and even higher levels of security.
Azure ExpressRoute
___ supports mounting files storage shares.
Azure Files
___ is a stateful firewall service used to protect virtual networks.
Azure Firewall
You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand. What should you include in the solution?
Azure Monitor
___ is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.
Azure Monitor
What can you use to ensure the new and existing Azure resources stay in compliance with corporate standards?
Azure Policy
___ is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.
Azure Policy
By using ___, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.
Azure Policy and role-based access control (RBAC) assignments
You plan to build a new solution in Azure that will use PaaS products. What should you use to estimate the monthly costs?
Azure Pricing calculator (It allows you to estimate and configure according to your specific requirements. You'll then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.)
Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?
Azure Reservations
___ offers discounted prices on certain Azure services. It can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance. Spending limits can suspend a subscription when the spend limit is reached.
Azure Reservations
___ is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.
Azure Resource Manager (ARM)
What can you use to find information about planned maintenance for Azure services that are critical to your organization?
Azure Service Health
You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, ___ allows you to choose when to perform the maintenance to minimize the downtime.
Azure Service Health
___ instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPM connection.
Azure VPN Gateway
What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications?
Azure Virtual Desktop
___ is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location.
Azure Virtual Desktop
___ works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access ___-hosted experiences.
Azure Virtual Desktop
___ will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery.
Azure policies
What uses the infrastructure as a service (IaaS) cloud service model?
Azure virtual machines
___ enable you to link resources together in your on-premises environment and within your Azure subscription. In effect, you can create a network that spans both your local and cloud environments.
Azure virtual networks
___ is when a business rents space in a shared physical datacenter.
Colocation
___ are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple ___ on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a ___.
Containers
___ can be used in environments that have multiple subscriptions to streamline the application of governance conditions.
Management groups
___ allow you to configure inbound and outbound rules for virtual networks and virtual machines.
NSGs
___ is focused on increasing or decreasing the capabilities of resources like adding RAM or CPUs to a virtual machine.
Vertical scaling
___ host an operating system, and you can install and run software just like on a physical computer.
Virtual machines
Azure App Services and Azure Cosmos DB are ___ offerings.
PaaS
Users do not control the operating system and do not configure the underlying servers in ___.
PaaS
With ____, users can focus on application development because the cloud provider handles all the platform management.
PaaS
The operating systems are not accessible in ____ and ____ deployments.
PaaS and SaaS
___ allows you to connect virtual networks together.
Peering
Your organization is building a custom application. You need to focus on application development rather than configuration and management of servers. Which cloud service model should you use?
Platform as a Service (PaaS)
___ are from a computer outside your organization back into your corporate network. In this case, the client computer initiates an encrypted VPN connection to connect to the Azure virtual network.
Point-to-site virtual private network connections
___ specify statically the IP address of packets that should be encrypted through each tunnel. This type of device evaluates every data packet against those sets of IP addresses to choose the tunnel where that packet is going to be sent through.
Policy-based VPN gateways
- Organizations have complete control over resources and security - Data is not collected with other organizations' data - Hardware must be purchased for startup and maintenance - Organizations are responsible for hardware maintenance and updates
Private cloud
- No capital expenditures to scale up - Applications can be quickly provisioned and deprovisioned - Organizations pay only for what they use - Organizations don't have complete control over resources and security
Public cloud
___ can be used to organize Azure resources.
Resource groups
___ can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.
Resource tags
Azure billing
Resources groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.
___ are the preferred connection method for on-premises devices. They're more resilient to topology changes such as the creation of new subnets.
Route-based VPNs
In ____, the cloud provider manager all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications.
SaaS
Microsoft Office is a ____ offering.
SaaS
Shared Responsibility Model
SaaS - Responsibilities always retained by the customer: Information and data, Devices (Mobile and PCs), Accounts and identities, and 1/2 Identity and directory infrastructure. PaaS - Responsibilities always retained by the customer: Information and data, Devices (Mobile and PCs), Accounts and identities, 1/2 Identity and directory infrastructure, 1/2 Applications, and 1/2 Network controls. IaaS - Responsibilities always retained by the customer: Information and data, Devices (Mobile and PCs), Accounts and identities, Identity and directory infrastructure, Applications, Network controls, Operating system. On-premises - Responsibilities always retained by the customer: Information and data, Devices (Mobile and PCs), Accounts and identities, Identity and directory infrastructure, Applications, Network controls, Operating system, Physical hosts, Physical network, and Physical datacenter.
___ link your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network. In effect, the devices in Azure can appear as being on the local network. The connection is encrypted and works over the internet.
Site-to-site virtual private networks
Different services have different SLAs
Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.
Keeps data and other assets safe in the event of a disaster. It uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.
Disaster recovery
___ is used to connect an on-premises network to Azure.
ExpressRoute
Minimizes downtime when things go wrong. It means cloud-based apps can provide a continuous user experience with no apparent downtime.
High availability
___ is adding or subtracting the number of resources such as adding additional virtual machines to the configuration.
Horizontal scaling
Which Azure Blob storage service tier has the highest storage costs and the fastest access times for reading and writing data?
Hot
- Provides the most flexibility - Organizations determine where to run their applications - Organizations control security, compliance, or legal requirements
Hybrid cloud
Azure virtual machines is an ____ offering. The customer is responsible for the configuration of the virtual machine and all operating system configurations.
IaaS
Which cloud service model provides you with the most control over the hardware that runs applications?
IaaS
With ___, you are using as-is software hosted in the cloud, instead of creating a platform to host a software yourself.
IaaS
___ is the closest service model to managing physical servers.
IaaS
___ is the most flexible category of cloud services. It aims to give complete control over the hardware that runs applications.
IaaS
In which two deployment models are customers responsible for managing operating systems that host applications?
IaaS and on-premises
___, IPSec tunnels are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet.
In Route-based gateways
