AZ-900

Ace your homework & exams now with Quizwiz!

Authentication vs Authorization

The identification card represents credentials that the user has to prove their identity (you'll learn more about the types of credentials later in this module.) Once authenticated, authorization defines what kinds of applications, resources, and data that user can access.

Management Groups

These groups help you manage access, policy, and compliance for multiple subscriptions. All subscriptions in a management group automatically inherit the conditions applied to the management group. Each management group and subscription can only support one parent Each mgmt group can support many children All subscriptions and management groups are w/in a single hierarchy in each directory

Azure CLI

executable program with which a developer, DevOps professional, or IT professional can execute commands in Bash. The commands call the Azure Rest API to perform every possible management task in Azure. You can run the commands independently or combined into a script and executed together for the routine setup, teardown, and maintenance of a single resource or an entire environment. In many respects, the Azure CLI is almost identical to Azure PowerShell in what you can do with it. Key difference is Syntax between Shell and CLI Azure CLI better for people with Linux background

Azure files

fully managed file shares in the cloud that are accessible via the industry standard Server Message Block and Network File System (preview) protocols. Azure file shares can be mounted concurrently by cloud or on-premises deployments of Windows, Linux, and macOS Typical usage scenarios would be to share files anywhere in the world, diagnostic data, or application data sharing. access the files from anywhere in the world, by using a URL that points to the file. You can also use Shared Access Signature (SAS) tokens to allow access to a private asset for a specific amount of time.

Azure Functions (serverless computing)

host a single method or function by using a popular programming language in the cloud that runs in response to an event. An example of an event might be an HTTP request, a new message on a queue, or a message on a timer. scales automatically, and charges accrue only when a function is triggered. ideal when you're concerned only with the code that's running your service and not the underlying platform or infrastructure. You use Functions most commonly when you need to perform work in response to an event. You do this often via a REST request, timer, or message from another Azure service, and when that work can be completed quickly, within seconds or less.

Azure IoT Hub

managed service that's hosted in the cloud and that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution back end. You can connect virtually any device to your IoT hub.

Azure Firewall

managed, cloud-based network security service that helps protect resources in your Azure virtual networks stateful firewall. A stateful firewall analyzes the complete context of a network connection, not just an individual packet of network traffic. Azure Firewall features high availability and unrestricted cloud scalability. network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. You can create firewall rules that specify ranges of IP addresses. Only clients granted IP addresses from within those ranges are allowed to access the destination server. Firewall rules can also include specific network protocol and port information.

Secure Score

measurement of an organization's security posture. Secure score is based on security controls, or groups of related security recommendations. Your score is based on the percentage of security controls that you satisfy. The more security controls you satisfy, the higher the score you receive. Your score improves when you remediate all of the recommendations for a single resource within a control.

Azure Compute Services

on-demand computing service for running cloud-based applications. It provides computing resources such as disks, processors, memory, networking, and operating systems. The resources are available on-demand and can typically be made available in minutes or even seconds. You pay only for the resources you use, and only for as long as you're using them. Azure Virtual Machines Azure Container Instances Azure App Service Azure Functions (or serverless computing)

Azure App Service

quickly build, deploy, and scale enterprise-grade web, mobile, and API apps running on any platform. You can meet rigorous performance, scalability, security, and compliance requirements while using a fully managed platform to perform infrastructure maintenance. App Service is a platform as a service (PaaS) offering. Functions PaaS Host: Web apps API apps WebJobs Mobile apps

Provide a platform for serverless code A. Azure Functions B. Azure App Service C. Azure VMs D. Azure Container Instances

A

A big data analysis service for machine learning A. Azure Databricks B. Azure Functions C. Azure App Service D. Azure App Insights

A Azure Databricks is a big analysis service for machine learning.Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components including "˜MLib"™. Mlib is a Machine Learning library consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.

Hybrid Cloud

A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Availability Zone

A unique physical location within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. These zones use different schedules for maintenance, so if one zone is affected, your virtual machine instance in the other zone is unaffected.

Your company has several business units.Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.You need to recommend a solution to automate the creation of the Azure resources.What should you include in the recommendations? A. Azure Resource Manager templates B. virtual machine scale sets C. the Azure API Management service D. management groups

A. ARM templates (infrastructure as code) You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resource through templates is known as "˜Infrastructure as code"™.To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.

A tool that provides guidance and recommendations to improve an Azure environment A. Azure Advisor B. Azure Cognitive Services C. Azure App Insights D. Azure DevOps

A. Azure Advisor Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.

Which Azure service should you use to collect events from multiple resources into a centralized repository? A. Azure Event Hubs B. Azure Analysis Services C. Azure Monitor D. Azure Stream Analytics

A. Azure Event Hubs Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters.Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to get actionable insights. Event Hubs uses a partitioned consumer model, enabling multiple applications to process the stream concurrently and letting you control the speed of processing.Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or Azure Data Lake Storage"‰for long-term retention or micro-batch processing.

Which service provides network traffic filtering across multiple Azure subscriptions and virtual networks? A. Azure Firewall B. an application security group C. Azure DDoS protection D. a network security group (NSG)

A. Azure Firewall You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall.Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.

A dedicated public cloud for federal and state agencies in the US A. Azure Government B. GDPR C. ISO D. NIST

A. Azure Govt US government agencies or their partners interested in cloud services that meet government security and compliance requirements, can be confident thatMicrosoft Azure Government provides world-class security, protection, and compliance services. Azure Government delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. Azure Government services handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and compliance, Azure Government uses physically isolated datacenters and networks (located in U.S. only).

An open source framework for the distributed processing and analysis of big data sets in clusters A. Azure HD Insight B. Azure Data Lake Analytics C. Azure SQL Synapse Analytics D. Azure SQL Database

A. Azure HD Insight

Your company plans to automate the deployment of servers to Azure.Your manager is concerned that you may expose administrative credentials during the deployment.You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.What should you include in the recommendation? A. Azure Key Vault B. Azure Information Protection C. Azure Security Center D. Azure Multi-Factor Authentication (MFA)

A. Azure Key Vault Azure Key Vault is a secure store for storage various types of sensitive information. In this question, we would store the administrative credentials in the Key Vault.With this solution, there is no need to store the administrative credentials as plain text in the deployment scripts.All information stored in the Key Vault is encrypted.Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used areFederal Information Processing Standards (FIPS) 140-2 Level 2 validated.Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.

Which Azure service provides a set of version control tools to manage code? A. Azure Repos B. Azure DevTest Labs C. Azure Storage D. Azure Cosmos DB

A. Azure Repos Azure Repos is a set of version control tools that you can use to manage your code.Incorrect Answers:B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments.D: Azure Cosmos DB is Microsoft's globally distributed, multi-model database service.

You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine.What should you identify? A. Containers B. File Shares C. Tables D. Queues

A. Containers Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS and data disks are implemented as virtual disks where data is durably persisted in the Azure Storage platform and then delivered to the virtual machines for maximum performance. Azure Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.

An integrated solution for the deployment of code A. Azure Advisor B. Azure Cognitive Services C. Azure App Insights D. Azure DevOps

A. DevOps Azure DevOps is Microsoft"™s primary software development and deployment platform.DevOps influences the application lifecycle throughout its plan, develop, deliver and operate phases.

You have an on-premises network that contains several servers.You plan to migrate all the servers to Azure.You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period.What should you include in the recommendation? A. fault tolerance B. elasticity C. scalability D. low latency

A. Fault Tolerance Fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components.In this question, you could have servers that are replicated across datacenters.Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs.

Azure Site Recovery provides ______ for VMs A. fault tolerance B. disaster recovery C. elasticity D. high availability

A. Fault tolerance Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines (VMs) from a primary site to a secondary location.

You plan to deploy several Azure virtual machines.You need to control the ports that devices on the Internet can use to access the virtual machines.What should you use? A. a network security group (NSG) B. an Azure Active Directory (Azure AD) role C. an Azure Active Directory group D. an Azure key vault

A. NSG A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Your company plans to deploy several web servers and several database servers to Azure.You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.What should you include in the recommendation? A. network security groups (NSGs) B. Azure Service Bus C. a local network gateway D. a route filter

A. NSG A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

After you create a VM you need to modify the ___ to allow connections to the TCP port 8080 on the VM A. NSG B. Virtual Network Gateway C. Virtual Network D. Route Table

A. NSG When you create a virtual machine, the default setting is to create a Network Security Group attached to the network interface assigned to a virtual machine.A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 8080.

One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. automatic scaling C. data compression D. versioning

A. No Change Needed Azure Data Warehouse (now known as Azure Synapse Analytics) is a PaaS offering from Microsoft. As with all PaaS services from Microsoft, SQL DataWarehouse offers an availability SLA of 99.9%. Microsoft can offer 99.9% availability because it has high availability features built into the platform.

The Azure Standard support plan is the lowest cost option to receive 24x7 access to support engineers by phone. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Developer C. Basic D. Professional Direct

A. No change The Basic support plan is free so is therefore the cheapest. The Developer support plan is the cheapest paid-for support plan. The order of support plans in terms of cost ranging from the cheapest to most expensive is: Basic, Developer, Standard, Professional Direct, Premier. However, 24/7 access to technical support by email and phone is only available for Standard, Professional Direct, Premier plans.

If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will provide notification at least 12 months before. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. 6 months C. 90 days D. 30 days

A. No change The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. For products governed by the Modern Lifecycle Policy,Microsoft will provide a minimum of 12 months' notification prior to ending support if no successor product or service is offered""excluding free services or preview releases.

Azure Databricks is an Apache Spark-based analytics service.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. Azure Data Factory C. Azure DevOps D. Azure HDInsight

A. No change needed

An Azure region contains one or more data centers that are connected by using a low-latency network.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Is found in each country where Microsoft has a subsidiary office C. Can be found in every country in Europe and the Americas only D. Contains one or more data centers that are connected by using a high-latency network

A. No change needed A region is a set of data centres deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.Microsoft Azure currently has 55 regions worldwide.Regions are divided into Availability Zones. Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.You need to identify which expenditure model to use for the planned Azure solution.Which expenditure model should you identify? A. operational B. elastic C. capital D. scalable

A. Operational One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it). This switch also requires more careful management of your costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it's not needed.

Your company plans to request an architectural review of an Azure environment from Microsoft. The company currently has a Basic support plan. You need to recommend a new support plan for the company. The solution must minimize costs.Which support plan should you recommend? A. Premier B. Developer C. Professional Direct D. Standard

A. Premier The Premier support plan provides customer specific architectural support such as design reviews, performance tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists.

An azure service is available to all azure customers when it is in A. Public Preview B. Private Preview C. Development D. An Enterprise Agreement Subscription

A. Public Preview Public Preview means that the service is in public beta and can be tried out by anyone with an Azure subscription. Services in public preview are often offered at a discount price.Public previews are excluded from SLAs and in some cases, no support is offered.

Your company plans to migrate all its network resources to Azure.You need to start the planning process by exploring Azure.What should you create first? A. a subscription B. a resource group C. a virtual network D. a management group

A. Subscription The first thing you create in Azure is a subscription. You can think of an Azure subscription as an "˜Azure account"™. You get billed per subscription.A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which charges accrue based on either a per-user license fee or on cloud-based resource consumption.Microsoft's Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and Dynamics 365) charge per-user license fees.Microsoft's Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge based on cloud resource consumption.

Your company plans to purchase an Azure subscription.The company"™s support policy states that the Azure environment must provide an option to access support engineers by phone or email.You need to recommend which support plan meets the support policy requirement.Solution: Recommend a Standard support plan.Does this meet the goal? A. Yes B. No

A. Yes

An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed. Does this meet the goal? A. Yes B. No

A. Yes A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.In this question, the computer has PowerShell Core 6.0 installed. Therefore, this solution does meet the goal.Note: To create Azure resources using PowerShell, you would need to import the Azure PowerShell module which includes the PowerShell cmdlets required to create the resources.

An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs Windows 10 and has the Azure PowerShell module installed. Does this meet the goal? A. Yes B. No

A. Yes A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.In this question, the computer has the Azure PowerShell module installed. Therefore, this solution does meet the goal.

An Azure administrator plans to run a PowerShell script that creates Azure resources.You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.Does this meet the goal? A. Yes B. No

A. Yes A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You log in to the Azure Portal and select the Azure Cloud Shell option.This will open a PowerShell session in the Web browser. The Azure Cloud Shell has the necessary Azure PowerShell module installed.Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory where the PowerShell script is stored.

Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.Solution: You modify a network security group (NSG).Does this meet the goal? A. Yes B. No

A. Yes A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).

You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more availability zones.Does this meet the goal?

A. Yes Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall.Does this meet the goal? A. Yes B. No

A. Yes Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual machine on port 80 (HTTP).

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.Solution: You use the Azure portal.Does this meet the goal? A. Yes B. No

A. Yes The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments. Create custom dashboards for an organized view of resources. Configure accessibility options for an optimal experience.Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android operating system.

You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keysYou need to create VM1 in Subscription1 by using the command.Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in Cloud Shell. Does this meet the goal? A. Yes B. No

A. Yes The command can be run in the Azure Cloud Shell.The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with your account.To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.Solution: You use Bash in Azure Cloud Shell.Does this meet the goal? A. Yes B. No

A. Yes With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell. Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfaces You need to reduce the Azure costs for the company.Solution: You remove the unused public IP addresses.Does this meet the goal? A. Yes B. No

A. Yes You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.

Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.Which Azure Resource Manager feature should you use before you generate the reports? A. tags B. templates C. locks D. policies

A. tags You can use resource tags to "˜label"™ Azure resources. Tags are metadata elements attached to resources. Tags consist of pairs of key/value strings. In this question, we would tag each resource with a tag to identify each office. For example: Location = Office1. When all Azure resources are tagged, you can generate reports to list all resources based on the value of the tag. For example: All resources used by Office1.

You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more regions.Does this meet the goal?

A. yes By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple datacenters. This will ensure that the services running on the virtual machines are available if a single data center fails.Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions, giving you flexibility in choosing where to build your applications.You create Azure resources in defined geographic regions like 'West US', 'North Europe', or 'Southeast Asia'. You can review the list of regions and their locations.Within each region, multiple datacenters exist to provide for redundancy and availability.

You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keysYou need to create VM1 in Subscription1 by using the command. Solution: From the Azure portal, launch Azure Cloud Shell and select PowerShell. Run the command in Cloud Shell.Does this meet the goal?

A. yes The command can be run in the Azure Cloud Shell. Although this question says you select PowerShell rather than Bash, the Az commands will work inPowerShell. The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with your account. To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.

Your company has an on-premises network that contains multiple servers.The company plans to reduce the following administrative responsibilities of network administrators:✑ Backing up application data✑ Replacing failed server hardware✑ Managing physical server security✑ Updating server operating systems✑ Managing permissions to shared documentsThe company plans to migrate several servers to Azure virtual machines.You need to identify which administrative responsibilities will be eliminated after the planned migration.Which two responsibilities should you identify? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Replacing failed server hardware B. Backing up application data C. Managing physical server security D. Updating server operating systems E. Managing permissions to shared documents

AC Azure virtual machines run on Hyper-V physical servers. The physical servers are owned and managed by Microsoft. As an Azure customer, you have no access to the physical servers. Microsoft manage the replacement of failed server hardware and the security of the physical servers so you don"t need to.

A support engineer plans to perform several Azure management tasks by using the Azure CLI.You install the CLI on a computer. You need to tell the support engineer which tools to use to run the CLI.Which two tools should you instruct the support engineer to use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Command Prompt B. Azure Resource Explorer C. Windows PowerShell D. Windows Defender Firewall E. Network and Sharing Center

AC For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through the Windows Command Prompt (CMD) or PowerShell.

You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.You need to recommend a storage solution for the data.Which two solutions should you recommend? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Azure Data Lake B. Azure Cosmos DB C. Azure SQL Data Warehouse D. Azure SQL Database E. Azure Database for PostgreSQL

AC You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL Data Warehouse. Azure Data Lake includes all of the capabilities required to make it easy for developers, data scientists and analysts to store data of any size and shape and at any speed, and do all types of processing and analytics across platforms and languages. It removes the complexities of ingesting and storing all your data while making it faster to get up and running with batch, streaming and interactive analytics. It also integrates seamlessly with operational stores and data warehouses so that you can extend current data applications.

Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. multiple subscriptions B. multiple Azure Active Directory (Azure AD) directories C. multiple regions D. multiple resource groups

AD An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription

Your company plans to deploy several million sensors that will upload data to Azure.You need to identify which Azure resources must be created to support the planned solution.Which two Azure resources should you identify? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Azure Data Lake B. Azure Queue storage C. Azure File Storage D. Azure IoT Hub E. Azure Notification Hubs

AD IoT Hub (Internet of things Hub) provides data from millions of sensors.IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud- hosted solution backend. You can connect virtually any device to IoT Hub. There are two storage services IoT Hub can route messages to -- Azure Blob Storage and Azure Data Lake Storage Gen2 (ADLS Gen2) accounts. Azure DataLake Storage accounts are hierarchical namespace-enabled storage accounts built on top of blob storage. Both of these use blobs for their storage.

You have an Azure environment that contains multiple Azure virtual machines.You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.You need to recommend which Azure resources must be created for the planned solution.Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. a virtual network gateway B. a load balancer C. an application gateway D. a virtual network E. a gateway subnet

AE To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure aVPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named "˜GatewaySubnet"™.Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.

Scalability

Apps in the cloud can scale vertically and horizontally: Scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding VMs to the configuration.

Azure Advanced Threat Protection (ATP)

Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.Sensors are software packages you install on your servers to upload information to Azure ATP.

What tool should you use to view security recommendations

Azure Advisor Azure Advisor displays security recommendations.Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard.Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the security of your Azure resources. It periodically analyzes the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you through the process of configuring the controls you need.

Azure Bot Service

Azure Bot Service is a bit different from Azure Machine Learning and Azure Cognitive Services in that it has a specific use case. Namely, it creates a virtual agent that can intelligently communicate with humans. Behind the scenes, the bot you build uses other Azure services, such as Azure Cognitive Services, to understand what their human counterparts are asking for.

You plan to implement an Azure database solution.You need to implement a database solution that meets the following requirements: ✑ Can add data concurrently from multiple regions ✑ Can store JSON documents Which database service should you deploy?

Azure Cosmos DB Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure Functions, Cosmos DB makes storing data quick and easy with much less code than required for storing data in a relational database.

You plan to implement an Azure database solution.You need to implement a database solution that meets the following requirements:✑ Can add data concurrently from multiple regions✑ Can store JSON documentsWhich database service should you deploy?

Azure Cosmos DB Microsoft's globally distributed, multi-model database service. With a click of a button, Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure regions worldwide.Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure Functions, Cosmos DB makes storing data quick and easy with much less code than required for storing data in a relational database.

What tool should you use to browse available virtual machine images

Azure Marketplace You can browse available virtual machine images in the Azure Marketplace.Azure Marketplace provides access and information on solutions and services available from Microsoft and their partners. Customers can discover, try, or buy cloud software solutions built on or for Azure. The catalog of 8,000+ listings provides Azure building blocks, such as Virtual Machines (VMs), APIs, Azure apps,Solution Templates and managed applications, SaaS apps, containers, and consulting services.

Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? To answer, select the appropriate options in the answer area.

Azure VMs: IaaS Azure SQL Databases: PaaS

Azure Sovereign Regoins

Azure govt cloud resources & Azure China cloud services)

scale set

Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Used to build, deploy, scale web apps A. Azure Functions B. Azure App Service C. Azure VMs D. Azure Container Instances

B

Provides the platform for serverless code A. Azure Databricks B. Azure Functions C. Azure App Service D. Azure App Insights

B Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.

Your company plans to move several servers to Azure.The company"™s compliance policy states that a server named FinServer must be on a separate network segment.You are evaluating which Azure services can be used to meet the compliance policy requirements.Which Azure solution should you recommend? A. a resource group for FinServer and another resource group for all the other servers B. a virtual network for FinServer and another virtual network for all the other servers C. a VPN for FinServer and a virtual network gateway for each other server D. one resource group for all the servers and a resource lock for FinServer

B. Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.

You have several azure vms in an azure subscription, you create a new subscription A. The VMs cannot be moved to the new subscription B. the VMS can be moved to the new subscription C. the Vms can be moved to the new subscription, onyl if they are all in the same RG D. the VMs can be moved only if they run windows server 2016

B. You can move a VM and its associated resources to a different subscription by using the Azure portal.Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company's subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.

Your company has 10 departments.The company plans to implement an Azure environment.You need to ensure that each department can use a different payment option for the Azure services it consumes.What should you create for each department? A. a reservation B. a subscription C. a resource group D. a container instance

B. A subscription There are different payment options in Azure including pay-as-you-go (PAYG), Enterprise Agreement (EA), and Microsoft Customer Agreement (MCA) accounts.Your Azure costs are "˜per subscription"™. You are charged monthly for all resources in a subscription. Therefore, to use different payment options per department, you will need to create a separate subscription per department. You can create multiple subscriptions in a single Azure Active Directory tenant.

Your company has an Azure subscription that contains resources in several regions.A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.You need to create the Azure resource that must be used to meet the policy requirement.What should you create? A. a read-only lock B. an Azure policy C. a management group D. a reservation

B. An Azure Policy Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non- compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.Azure Policy offers several built-in policies that are available by default. In this question, we would use the "˜Allowed Locations"™ policy to define the locations where resources can be deployed.

To what should an application connect to retrieve security tokens? A. an Azure Storage account B. Azure Active Directory (Azure AD) C. a certificate store D. an Azure key vault

B. Azure AD Azure AD authenticates users and provides access tokens. An access token is a security token that is issued by an authorization server. It contains information about the user and the app for which the token is intended, which can be used to access Web APIs and other protected resources.Instead of creating apps that each maintain their own username and password information, which incurs a high administrative burden when you need to add or remove users across multiple apps, apps can delegate that responsibility to a centralized identity provider.Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating authentication and authorization to it enables scenarios such asConditional Access policies that require a user to be in a specific location, the use of multi-factor authentication, as well as enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This capability is referred to as Single Sign On (SSO).

A simplified tool to build AI apps A. Azure Advisor B. Azure Cognitive Services C. Azure App Insights D. Azure DevOps

B. Cognitive Services Azure Cognitive Services are APIs, SDKs, and services available to help developers build intelligent applications without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily add cognitive features into their applications. The goal of Azure Cognitive Services is to help developers create applications that can see, hear, speak, understand, and even begin to reason. The catalog of services within Azure Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web Search, and Decision.

Can run massively parallel transformation and processing programs across petabytes of data A. Azure HD Insight B. Azure Data Lake Analytics C. Azure SQL Synapse Analytics D. Azure SQL Database

B. Data Lake Analytics

A team of developers at your company plans to deploy, and then remove, 50 virtual machines each week. All the virtual machines are configured by using AzureResource Manager templates.You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.What should you recommend? A. Azure Reserved Virtual Machine (VM) Instances B. Azure DevTest Labs C. Azure virtual machine scale sets D. Microsoft Managed Desktop

B. DevTest labs DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks: ✑ Quickly provision Windows and Linux environments by using reusable templates and artifacts. ✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments. ✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.

Which task can you perform by using Azure Advisor? A. Integrate Active Directory and Azure Active Directory (Azure AD). B. Estimate the costs of an Azure solution. C. Confirm that Azure subscription security follows best practices. D. Evaluate which on-premises resources can be migrated to Azure.

B. Estimate the cost of an azure solution

A European policy that regulates data privacy and data protection A. Azure Government B. GDPR C. ISO D. NIST

B. GDPR GDPR is the General Data Protection Regulations. This standard was adopted across Europe in May 2018 and replaces the now deprecated Data ProtectionDirective.The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the EuropeanEconomic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

If a resource group RG1 has a delete lock, ____ can delete RG1 A. only a member of the global admin group B. the delete lock must be removed before an admin C. an azure policy must be modified before an admin D. an azure tag must be added before an admin

B. Lock must be removed You can configure a lock on a resource group to prevent the accidental deletion of the resource group. The lock applies to everyone, including global administrators. If you want to delete the resource group, the lock must be removed first.As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.

Which statement accurately describes the Modern Lifecycle Policy for Azure services? A. Microsoft provides mainstream support for a service for five years. B. Microsoft provides a minimum of 12 months"™ notice before ending support for a service. C. After a service is made generally available, Microsoft provides support for the service for a minimum of four years. D. When a service is retired, you can purchase extended support for the service for up to five years.

B. Minimum 12 months For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months' notification prior to ending support if no successor product or service is offered""excluding free services or preview releases.

Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.What are two possible solutions? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Modify an Azure Traffic Manager profile B. Modify a network security group (NSG) C. Modify a DDoS protection plan D. Modify an Azure firewall

B. Modify a NSG or D. Modify an Azure Firewall A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network.You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).

You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS--generate-ssh-keysYou need to create VM1 in Subscription1 by using the command.Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt, sign in to Azure and then run the command.Does this meet the goal? A. Yes B. No

B. NO The command can be run from PowerShell or the command prompt if you have the Azure CLI installed. However, it must be run on the Windows 10 computer, not in Azure.

Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfaces You need to reduce the Azure costs for the company.Solution: You remove the unused groups. Does this meet the goal? A. Yes B. No

B. NO You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will not reduce your Azure costs.

Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfaces You need to reduce the Azure costs for the company.Solution: You remove the unused user accounts in Azure AD.Does this meet the goal? A. Yes B. No

B. NO You are not charged for user accounts. Therefore, deleting unused user accounts will not reduce the Azure costs for the company.

Your company plans to move several servers to Azure.The company"™s compliance policy states that a server named FinServer must be on a separate network segment.You are evaluating which Azure services can be used to meet the compliance policy requirements.Which Azure solution should you recommend? A. a resource group for FinServer and another resource group for all the other servers B. a virtual network for FinServer and another virtual network for all the other servers C. a VPN for FinServer and a virtual network gateway for each other server D. one resource group for all the servers and a resource lock for FinServer

B. Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers

An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.Does this meet the goal? A. Yes B. No

B. No A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.PowerShell can now be installed on Linux. However, the question states that the computer has Azure CLI tools, not PowerShell installed. Therefore, this solution does not meet the goal.

You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails.Solution: You deploy the virtual machines to two or more resource groups.Does this meet the goal? A. Yes B. No

B. No A resource group is a logical container for Azure resources. When you create a resource group, you specify which location to create the resource group in.However, when you create a virtual machine and place it in the resource group, the virtual machine can still be in a different location (different datacenter).Therefore, creating multiple resource groups, even if they are in separate datacenters does not ensure that the services running on the virtual machines are available if a single data center fails.

Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure Traffic Manager profile.Does this meet the goal? A. Yes B. No

B. No Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a virtual machine named VM1 is accessible from the Internet overHTTP.To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a network security group or Azure Firewall.In this question, we need to add a rule to a network security group or Azure Firewall to allow the connection to the virtual machine on port 80 (HTTP).

Your Azure environment contains multiple Azure virtual machines.You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a DDoS protection plan.Does this meet the goal? A. Yes B. No

B. No DDoS is a form of attack on a network resource. A DDoS protection plan is used to protect against DDoS attacks; it does not provide connectivity to a virtual machine.To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a network security group or Azure Firewall.

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.Solution: You use the PowerApps portal.Does this meet the goal? A. Yes B. No

B. No PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual machines. Therefore, this solution does not meet the goal.PowerApps Portals allow organizations to create websites which can be shared with users external to their organization either anonymously or through the login provider of their choice like LinkedIn, Microsoft Account, other commercial login providers.

Your company plans to purchase an Azure subscription.The company"™s support policy states that the Azure environment must provide an option to access support engineers by phone or email.You need to recommend which support plan meets the support policy requirement.Solution: Recommend a Basic support plan.Does this meet the goal? A. Yes B. No

B. No The Basic support plan does not have any technical support for engineers.Access to Support Engineers via email or phone is available in the following support plans: Premier, Professional Direct and standard.

You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS--generate-ssh-keysYou need to create VM1 in Subscription1 by using the command. Solution: From a computer that runs Windows 10, install Azure CLI. From PowerShell, sign in to Azure and then run the command. Does this meet the goal? A. Yes B. No

B. No The command can be run from PowerShell or the command prompt if you have the Azure CLI installed. However, it must be run on the Windows 10 computer, not in Azure.

You plan to deploy several Azure virtual machines.You need to ensure that the services running on the virtual machines are available if a single data center fails. Solution: You deploy the virtual machines to two or more scale sets.Does this meet the goal?

B. No This answer does not specify that the scale set will be configured across multiple data centers so this solution does not meet the goal.Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide high availability to your applications, and allow you to centrally manage, configure, and update many VMs.Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.

Your company has an Azure subscription that contains the following unused resources: ✑ 20 user accounts in Azure Active Directory (Azure AD) ✑ Five groups in Azure AD ✑ 10 public IP addresses ✑ 10 network interfaces You need to reduce the Azure costs for the company.Solution: You remove the unused network interfaces.Does this meet the goal? A. Yes B. No

B. No You are not charged for unused network interfaces. Therefore, deleting unused network interfaces will not reduce the Azure costs for the company.

You plan to migrate a web application to Azure. The web application is accessed by external users.You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to manage the web application.What should you include in the recommendation? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (IaaS) D. Database as a Service (DaaS)

B. PaaS Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile

Your Azure trial account expired last week. You are now unable to A. Create additional azure AD accounts B. Start an existing Azure VM C. Access your data stored in Azure D. Access the Azure portal

B. Start an existing Azure VM A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are unable to start a VM after a trial has expired.Incorrect Answers:✑ You are not charged for Azure Active Directory user accounts so you can continue to create accounts.✑ You can access data that is already stored in Azure.✑ You can access the Azure Portal. You can also reactivate and upgrade the expired subscription in the portal.

Your network contains an Active Directory forest. The forest contains 5,000 user accounts.Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.You need to recommend a solution to minimize the impact on users after the planned migration.What should you recommend? A. Implement Azure Multi-Factor Authentication (MFA) B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) C. Instruct all users to change their password D. Create a guest user account in Azure Active Directory (Azure AD) for each user

B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) To migrate to Azure and decommission the on-premises data center, you would need to create the 5,000 user accounts in Azure Active Directory. The easy way to do this is to sync all the Active Directory user accounts to Azure Active Directory (Azure AD). You can even sync their passwords to further minimize the impact on users.The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment andAzure AD.

You can create an Azure support request from support.microsoft.com. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. the Azure portal C. the Knowledge Center D. the Security & Compliance admin center

B. The Azure Portal You can create an Azure support request from the Help and Support blade in the Azure portal or from the context menu of an Azure resource in the Support +Troubleshooting section.

You plan to provision Infrastructure as a Service (IaaS) resources in Azure.Which resource is an example of IaaS? A. an Azure web app B. an Azure virtual machine C. an Azure logic app D. an Azure SQL database

B. VM

What can Azure Information Protection encrypt? A. network traffic B. documents and email messages C. an Azure Storage account D. an Azure SQL database

B. documents and email messages Azure Information Protection can encrypt documents and emails.Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels.Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.The protection technology uses Azure Rights Management (often abbreviated to Azure RMS). This technology is integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory.This protection technology uses encryption, identity, and authorization policies. Similarly to the labels that are applied, protection that is applied by using RightsManagement stays with the documents and emails, independently of the location "" inside or outside your organization, networks, file servers, and applications.

An Availability Zone in Azure has physically separate locations across two continents.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. within a single Azure region C. within multiple Azure regions D. within a single Azure datacenter

B. within a single azure region

You have an Azure web app.You need to manage the settings of the web app from an iPhone.What are two Azure management tools that you can use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Azure CLI B. the Azure portal C. Azure Cloud Shell D. Windows PowerShell E. Azure Storage Explorer

BC The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the Azure portal on an iPhone.Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure Cloud Shell from the Azure portal. Being web-based, you can use theAzure Cloud Shell on an iPhone.

Hosts web apps A. Azure Databricks B. Azure Functions C. Azure App Service D. Azure App Insights

C Azure App Service hosts web apps.Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it.NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.

Provide operating system virtualization A. Azure Functions B. Azure App Service C. Azure VMs D. Azure Container Instances

C.

What is required to use Azure Cost Management? A. a Dev/Test subscription B. Software Assurance C. an Enterprise Agreement (EA) D. a pay-as-you-go subscription

C. Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), or Microsoft Partner Agreement (MPA) can use Azure CostManagement. Cost management is the process of effectively planning and controlling costs involved in your business. Cost management tasks are normally performed by finance, management, and app teams. Azure Cost Management + Billing helps organizations plan with cost in mind. It also helps to analyze costs effectively and take action to optimize cloud spending.

_____ a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the azure environment A. Azure policies provide B. Resource groups provide C. ARM templates provide D. Mgmt groups provide

C. ARM templates Azure Resource Manager templates provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across theAzure environment.Azure policies are used to define rules for what can be deployed and how it should be deployed. Whilst this can help in ensuring consistency, Azure policies do not provide the common platform for deploying objects to a cloud infrastructure.

From ________ you can view which user turned off a specific virtual machine during the last 14 days A. Azure Access Control IAM B. Azure Event Hubs C. Azure Activity Log D. Azure Service Health

C. Azure Activity Log You would use the Azure Activity Log, not Access Control to view which user turned off a specific virtual machine during the last 14 days.Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than 90 days in the past.In this question, we would create a filter to display shutdown operations on the virtual machine in the last 14 days.

Monitors web apps A. Azure Advisor B. Azure Cognitive Services C. Azure App Insights D. Azure DevOps

C. Azure App Insights Azure Application Insights detects and diagnoses anomalies in web apps.Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals.Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

Your co implements ___ to automatically ad a watermark to microsoft word docs that contain credit card info A. Azure policies B. DDoS protection C. Azure Information Protection D. Azure AD Identity Protection

C. Azure Info Protection Azure Information Protection is used to automatically add a watermark to Microsoft Word documents that contain credit card information.You use Azure Information Protection labels to apply classification to documents and emails. When you do this, the classification is identifiable regardless of where the data is stored or with whom it"™s shared. The labels can include visual markings such as a header, footer, or watermark.Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. In this question, we would configure a label to be automatically applied to Microsoft Word documents that contain credit card information. The label would then add the watermark to the documents.

Which Azure service should you use to store certificates? A. Azure Security Center B. an Azure Storage account C. Azure Key Vault D. Azure Information Protection

C. Azure Key Vault Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates.Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used areFederal Information Processing Standards (FIPS) 140-2 Level 2 validated.Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.

You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1? A. Azure Service Fabric B. Azure Monitor C. Azure virtual machines D. Azure Advisor

C. Azure VMs In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status. This column will display service issues that could affect your virtual machine. A service failure is rare but host server maintenance that could affect your virtual machines is more common.Azure periodically updates its platform to improve the reliability, performance, and security of the host infrastructure for virtual machines. The purpose of these updates ranges from patching software components in the hosting environment to upgrading networking components or decommissioning hardware.

Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Management groups C. Azure policies D. Azure App Service plans

C. Azure policies Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non- compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.

A support plan solution that gives you best practice information, health status and notifications, and 24/7 access to billing information at the lowest possible cost is a Standard support plan.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Developer C. Basic D. Premier

C. Basic A basic support plan provides:✑ 24x7 access to billing and subscription support, online self-help, documentation, whitepapers, and support forums✑ Best practices: Access to full set of Azure Advisor recommendations✑ Health Status and Notifications: Access to personalized Service Health Dashboard & Health API

You can use Advisor recommendations in Azure to send email alerts when the cost of the current billing period for an Azure subscription exceeds a specified limit. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. Access control (IAM) C. Budget alerts D. Compliance

C. Budget Alerts Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the alert condition of the budget. Cost Management budgets are created using the Azure portal or the Azure Consumption API.

What should you use to evaluate whether your company"™s Azure environment meets regulatory requirements? A. the Knowledge Center website B. the Advisor blade from the Azure portal C. Compliance Manager from the Service Trust Portal D. the Solutions blade from the Azure portal

C. Compliance Manager Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.

From Azure Cloud Shell, you can track your company"™s regulatory standards and regulations, such as ISO 27001.Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed. B. the Microsoft Cloud Partner Portal C. Compliance Manager D. the Trust Center

C. Compliance Manager Microsoft Compliance Manager (Preview) is a free workflow-based risk assessment tool that lets you track, assign, and verify regulatory compliance activities related to Microsoft cloud services. Azure Cloud Shell, on the other hand, is an interactive, authenticated, browser-accessible shell for managing Azure resources.

You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video files.You need to recommend which Azure feature must be used to provide the best video playback experience.What should you recommend? A. an application gateway B. an Azure ExpressRoute circuit C. a content delivery network (CDN) D. an Azure Traffic Manager profile

C. Content Delivery Network

You have an Azure Virtual Network named VNET1 in a resource group named RG1. You assign the Azure Policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 is A. Automatically deleted B. Moved automatically to another resource group C. continues to function normally D. Is now a read-only object

C. Continues to function normally The VNet will be marked as "˜Non-compliant"™ when the policy is assigned. However, it will not be deleted and will continue to function normally.Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.If there are any existing resources that aren't compliant with a new policy assignment, they appear under Non-compliant resources.

A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each week. Thirty of the virtual machines run WindowsServer 2016 and 20 of the virtual machines run Ubuntu Linux.You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.What should you recommend? A. Azure Reserved Virtual Machines (VM) Instances B. Azure virtual machine scale sets C. Azure DevTest Labs D. Microsoft Managed Desktop

C. DevTest Labs DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:✑ Quickly provision Windows and Linux environments by using reusable templates and artifacts.✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.

Your company hosts an accounting application named App1 that is used by all the customers of the company.App1 has low usage during the first three weeks of each month and very high usage during the last week of each month.Which benefit of Azure Cloud Services supports cost management for this type of usage pattern? A. high availability B. high latency C. elasticity D. load balancing

C. Elasticity

You plan to map a network drive from several computers that run Windows 10 to Azure Storage.You need to create a storage solution in Azure for the planned mapped drive.What should you create? A. an Azure SQL database B. a virtual machine data disk C. a Files service in a storage account D. a Blobs service in a storage account

C. Files service Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on.Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.

An organization that defines international standards across all industries A. Azure Government B. GDPR C. ISO D. NIST

C. ISO ISO is the International Organization for Standardization. Companies can be certified to ISO standards, for example ISO 9001 or 27001 are commonly used in IT companies.

Your company plans to deploy several custom applications to Azure. The applications will provide invoicing services to the customers of the company. Each application will have several prerequisite applications and services installed.You need to recommend a cloud deployment solution for all the applications.What should you recommend? A. Software as a Service (SaaS) B. Platform as a Service (PaaS) C. Infrastructure as a Service (laaS)

C. IaaS Key differences between the three: Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the internet. The IaaS service provider manages the infrastructure, while you purchase, install, configure, and manage your own softwareIncorrect Answers:A: Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools. In this scenario, you need to run your own apps, and therefore require an infrastructure.B:Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure""servers, storage, and networking""but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

You have an on-premises application that sends email notifications automatically based on a rule.You plan to migrate the application to Azure.You need to recommend a serverless computing solution for the application.What should you include in the recommendation? A. a web app B. a server image in Azure Marketplace C. a logic app D. an API app

C. Logic App Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on premises, or both.

Cloud based service that leverages massively parallel processing (MPP) to quickly run complex queries across petabytes of data in a relational database A. Azure HD Insight B. Azure Data Lake Analytics C. Azure SQL Synapse Analytics D. Azure SQL Database

C. SQL Synapse Analytics Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel processing) relational database technology in the same class of competitors as Amazon Redshift or Snowflake. Azure SQL

when you need to delegate permissions to several azure vms simultaneously, you must deploy the azure vms a. to the same azure region b. by using the ARM template c. to the same resource group d. to the same availability zone

C. Same RG With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group.

In which Azure support plans can you open a new support request? A. Premier and Professional Direct only B. Premier, Professional Direct, and Standard only C. Premier, Professional Direct, Standard, and Developer only D. Premier, Professional Direct, Standard, Developer, and Basic

C. You can open support cases in the following plans: Premier, Professional Direct, Standard, and Developer only. You cannot open support cases in the Basic support plan.

You plan to map a network drive from several computers that run Windows 10 to Azure Storage.You need to create a storage solution in Azure for the planned mapped drive.What should you create? A. an Azure SQL database B. a virtual machine data disk C. a Files service in a storage account D. a Blobs service in a storage account

C. files service Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on.Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you're accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.

Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. a Canadian government contractor B. a European government contractor C. a United States government entity D. a United States government contractor E. a European government entity

CD Azure Government is a cloud environment specifically built to meet compliance and security requirements for US government. This mission-critical cloud delivers breakthrough innovation to U.S. government customers and their partners. Azure Government applies to government at any level "" from state and local governments to federal agencies including Department of Defense agencies.The key difference between Microsoft Azure and Microsoft Azure Government is that Azure Government is a sovereign cloud. It's a physically separated instance of Azure, dedicated to U.S. government workloads only. It's built exclusively for government agencies and their solution providers.

The Azure Policy Initiative is a ____

Collection of policy definitions

You plan to create an Azure virtual machine.You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine.What should you identify? A. Containers B. File shares C. Tables D. Queues

Containers Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS and data disks are implemented as virtual disks where data is durably persisted in the Azure Storage platform and then delivered to the virtual machines for maximum performance. Azure Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.

A managed relational cloud database A. Azure HD Insight B. Azure Data Lake Analytics C. Azure SQL Synapse Analytics D. Azure SQL Database

D

You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure services. What should you identify? A. a physical server failure B. an Azure region failure C. a storage failure D. an Azure data center failure

D Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability Zones per supported Azure region.Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

Detects and diagnoses anomalies in web apps A. Azure Databricks B. Azure Functions C. Azure App Service D. Azure App Insights

D Azure Application Insights detects and diagnoses anomalies in web apps.Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals.Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.

Provide portable env for virtualized apps A. Azure Functions B. Azure App Service C. Azure VMs D. Azure Container Instances

D Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service.

You need to identify which Azure management tools can be used from each computer. For a Computer Running MacOS Mojave A. Azure CLI and Azure Portal B. Azure Portal and Azure PowerShell C. Azure CLI and Azure Powershell D. Azure CLI, Azure Portal, Azure PowerShell

D Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions and resources from the command-line on Linux and macOS. Now with the open source and cross-platform release of PowerShell, you"™ll be able to manage all your Azure resources from Windows, Linux and macOS using your tool of choice, either the Azure CLI or Azure PowerShell cmdlets.The Azure portal runs in a web browser so can be used in either operating system.

You need to identify which Azure management tools can be used from each computer. For a Computer Running Ubuntu A. Azure CLI and Azure Portal B. Azure Portal and Azure PowerShell C. Azure CLI and Azure Powershell D. Azure CLI, Azure Portal, Azure PowerShell

D Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions and resources from the command-line on Linux and macOS. Now with the open source and cross-platform release of PowerShell, you"™ll be able to manage all your Azure resources from Windows, Linux and macOS using your tool of choice, either the Azure CLI or Azure PowerShell cmdlets.The Azure portal runs in a web browser so can be used in either operating system.

You need to identify which Azure management tools can be used from each computer. For a Computer Running Windows 10 A. Azure CLI and Azure Portal B. Azure Portal and Azure PowerShell C. Azure CLI and Azure Powershell D. Azure CLI, Azure Portal, Azure PowerShell

D Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions and resources from the command-line on Linux and macOS. Now with the open source and cross-platform release of PowerShell, you"™ll be able to manage all your Azure resources from Windows, Linux and macOS using your tool of choice, either the Azure CLI or Azure PowerShell cmdlets.The Azure portal runs in a web browser so can be used in either operating system.

Azure Germany can be used by legal residents of Germany only. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. no change is needed B. only enterprises that are registered in Germany C. only enterprises that purchase their azure licenses from a partner based in Germany D. any user or enterprise that requires its data to reside in Germany

D. Azure Germany is available to eligible customers and partners globally who intend to do business in the EU/EFTA, including the United Kingdom.Azure Germany offers a separate instance of Microsoft Azure services from within German datacenters. The datacenters are in two locations, Frankfurt/Main andMagdeburg. This placement ensures that customer data remains in Germany and that the datacenters connect to each other through a private network. All customer data is exclusively stored in those datacenters. A designated German company--the German data trustee--controls access to customer data and the systems and infrastructure that hold customer data.

You plan to migrate several servers from an on-premises network to Azure.What is an advantage of using a public cloud service for the servers over an on-premises network? A. The public cloud is owned by the public, NOT a private corporation B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud C. All public cloud resources can be freely accessed by every member of the public D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud

D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies create resources such as virtual machines and virtual networks on the hardware resources.

You have a resource group named RG1.You plan to create virtual networks and app services in RG1.You need to prevent the creation of virtual machines only in RG1.What should you use? A. a lock B. an Azure role C. a tag D. an Azure policy

D. An Azure Policy Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.

You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password. Which Azure service should you use? A. Azure AD Connect Health B. Azure AD Privileged Identity Management C. Azure Advanced Threat Protection (ATP) D. Azure AD Identity Protection

D. Azure AD Identity Protection Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy. A sign-in risk represents the probability that a given authentication request isn"™t authorized by the identity owner.There are several types of risk detection. One of them is Anonymous IP Address. This risk detection type indicates sign-ins from an anonymous IP address (for example, Tor browser or anonymous VPN). These IP addresses are typically used by actors who want to hide their login telemetry (IP address, location, device, etc.) for potentially malicious intent.You can configure the sign-in risk policy to require that users change their password.

You can enable Just In Time (JIT) VM access by using A. Azure Bastion B. Azure Firewall C. Azure front door D. Azure Security Center

D. Azure Security Center The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks while providing easy access when you need to connect to a VM.

You need to configure an Azure solution that meets the following requirements: ✑ Secures websites from attacks ✑ Generates reports that contain details of attempted attacks What should you include in the solution? A. Azure Firewall B. a network security group (NSG) C. Azure Information Protection D. DDoS protection

D. DDoS Protection DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application"™s availability and its ability to handle legitimate requests.DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard.DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as required in this question.

You have an on-premises network that contains 100 servers.You need to recommend a solution that provides additional resources to your users. The solution must minimize capital and operational expenditure costs.What should you include in the recommendation? A. a complete migration to the public cloud B. an additional data center C. a private cloud D. a hybrid cloud

D. Hybrid cloud A hybrid cloud is a combination of a private cloud and a public cloud.Capital expenditure is the spending of money up-front for infrastructure such as new servers.With a hybrid cloud, you can continue to use the on-premises servers while adding new servers in the public cloud (Azure for example). Adding new servers inAzure minimizes the capital expenditure costs as you are not paying for new servers as you would if you deployed new server on-premises.Incorrect Answers:A: A complete migration of 100 servers to the public cloud would involve a lot of operational expenditure (the cost of migrating all the servers).B: An additional data center would involve a lot of capital expenditure (the cost of the new infrastructure).C: A private cloud is hosted on on-premises servers to this would involve a lot of capital expenditure (the cost of the new infrastructure to host the private cloud).References:

An organization that defines standards used by the US govt A. Azure Government B. GDPR C. ISO D. NIST

D. NIST The National Institute of Standards and Technology (NIST) is a physical sciences laboratory, and a non-regulatory agency of the United States Department ofCommerce.

You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits.What should you do to increase the limits? A. Create a service health alert B. Upgrade your support plan C. Modify an Azure policy D. Create a new support request

D. New support request Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota.You can request a quota limit increase by opening a support request. In the support request, select "˜Service and subscription limits (quotas)"™ for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select "˜SQL Database Managed Instance"™ as the quote type.

You have an Azure environment that contains 10 virtual networks and 100 virtual machines.You need to limit the amount of inbound traffic to all the Azure virtual networks.What should you create? A. one application security group (ASG) B. 10 virtual network gateways C. 10 Azure ExpressRoute circuits D. one Azure firewall

D. One Azure Firewall You can restrict traffic to multiple virtual networks with a single Azure firewall.Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.

Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts. Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. Azure Active Directory (Azure AD) administrative accounts C. Personally Identifiable Information (PII) D. server applications

D. Server applications Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked. When using Key Vault, application developers no longer need to store security information in their application. Not having to store security information in applications eliminates the need to make this information part of the code. For example, an application may need to connect to a database. Instead of storing the connection string in the app's code, you can store it securely in Key Vault.

Your company plans to migrate all on-premises data to Azure.You need to identify whether Azure complies with the company"™s regional requirements.What should you use? A. the Knowledge Center B. Azure Marketplace C. the Azure portal D. the Trust Center

D. The trust center Azure has more than 90 compliance certifications, including over 50 specific to global regions and countries, such as the US, the European Union, Germany,Japan, the United Kingdom, India and China.You can view a list of compliance certifications in the Trust Center to determine whether Azure meets your regional requirements.

What are two characteristics of the public cloud? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. dedicated hardware B. unsecured connections C. limited storage D. metered pricing E. self-service management

DE With the public cloud, you get pay-as-you-go pricing "" you pay only for what you use, no CapEx costs.With the public cloud, you have self-service management. You are responsible for the deployment and configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the cloud resources is managed by the cloud provider. Incorrect Answers: A: You don"t have dedicated hardware. The underlying hardware is shared so you could have multiple customers using cloud resources hosted on the same physical hardware. B: Connections to the public cloud are secure. C: Storage is not limited. You can have as much storage as you like.

How does the TCO Calculator work?

Define your workloads. (servers, databases, storage, networking) Adjust assumptions. View the report.

Describe the service lifecycle in Azure

Defines how every Azure service is released for public use. Every Azure service starts in the development phase. In this phase, the Azure team collects and defines its requirements, and begins to build the service. Next, the service is released to the public preview phase. During this phase, the public can access and experiment with it so that it can provide feedback. Your feedback helps Microsoft improve services. More importantly, providing feedback gives you the opportunity to request new or different capabilities so that services better meet your needs. After a new Azure service is validated and tested, it's released to all customers as a production-ready service. This is known as general availability (GA). Dev --> Public Preview --> General Availability

A cloud service that can be recovered after a failure occurs A. Fault Tolerance B. Disaster Recovery C. Low Latency D. Dynamic Scalability

Disaster Recovery Disaster recovery is the recovery of a service after a failure. For example, restoring a virtual machine from backup after a virtual machine failure.

A cloud service that performs quickly when demand increases A. Fault Tolerance B. Disaster Recovery C. Low Latency D. Dynamic Scalability

Dynamic Scalability Dynamic scalability is the ability for compute resources to be added to a service when the service is under heavy load. For example, in a virtual machine scale set, additional instances of the virtual machine are added when the existing virtual machines are under heavy load.

Azure policy initiatives ex

Ex: Enable Monitoring in Azure Security Center Under this initiative, the following policy definitions are included: Monitor unencrypted SQL Database in Security Center This policy monitors for unencrypted SQL databases and servers. Monitor OS vulnerabilities in Security Center This policy monitors servers that don't satisfy the configured OS vulnerability baseline. Monitor missing Endpoint Protection in Security Center This policy monitors for servers that don't have an installed endpoint protection agent.

IN a public cloud model, only guest users at your company can access the resources in the cloud

False

T/F You can join Android devices to Azure AD

False

T/F azure services in public preview are subject to a SLA

False

T/F copying 10 GB of data TO Azure FROM an on prem network over a VPN generates additional azure data transfer costs

False

T/F A PaaS solution that hosts web apps in azure provides full control of the operating systems that host applications

False A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an environment for you to host your web applications. Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to the virtual machine, the operating system or IIS.

T/F A NSG will encrypt all the traffic sent from Azure to the Internet

False A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/ destination IP address, source/destination ports and protocol.

T/F Azure Reserved VM instances are an ex of OpEx

False A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance. However, as this is an upfront payment, it will be classed as CapEx, not OpEx.

T/F Azure resources can only access other resources in the same RG

False A resource can interact with resources in other resource groups.

T/F Azure subscription can be associated to multiple Azure AD tenants

False An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one Azure AD tenant.

T/F a standard support plan is included in a free azure account

False An Azure free account comes with a "˜basic"™ support plan, not a "˜standard"™ support plan.

T/F authorization to access azure resources can be provided only to azure AD users

False Authorization to access Azure resources can be provided by other identity providers by using federation. A commonly used example of this is to federate your on- premises Active Directory environment with Azure AD and use this federation for authentication and authorization.

T/F availability zones are used to replicate data and apps to multiple regions

False Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there"™s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With AvailabilityZones, Azure offers industry best 99.99% VM uptime SLA.

T/F Azure Advisor can generate a list of azure VMs that are protected by Azure backup

False Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup. Azure Advisor does however, generate a list of virtual that ARENOT protected by Azure Backup. You can view a list of virtual machines that are protected by Azure Backup by viewing the Protected Items in the Azure RecoveryServices Vault.

Azure advisor provides recs on how to improve the security of an azure active directory environment

False Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard. Examples of recommendations include restricting access to virtual machines by configuring Network Security Groups, enabling storage encryption, installing vulnerability assessment solutions. However, Azure Advisor does not provide recommendations on how to improve the security of an Azure AD environment.

T/F Azure Firewall will encrypt all the network traffic sent from Azure to the Internet

False Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol.

T/F an azure free account can contain an unlimited number of web apps

False Azure free account has a limit of 10 web, mobile or API apps

True or False: All the Azure resources deployed to a resource group must use the same Azure Region

False Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location?And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.

T/F Azure services in public preview can be manged only by using the Azure CLI

False Azure services in public preview can be managed using the regular management tools: Azure Portal, Azure CLI and PowerShell.

T/F by copying several gigs of data to Azure from an on-prem network over a VPN, additional data transfer costs are incurred

False Data ingress over a VPN is data "˜coming in"™ to Azure over the VPN. You are not charged data transfer costs for data ingress.

T/F All data copied to azure storage account is backed up automatically to another azure data center

False Data is not backed up automatically to another Azure Data Center although it can be depending on the replication option configured for the account. LocallyRedundant Storage (LRS) is the default which maintains three copies of the data in the data center.Geo-redundant storage (GRS) has cross-regional replication to protect against regional outages. Data is replicated synchronously three times in the primary region, then replicated asynchronously to the secondary region.

T/F If you implement the security recs provided by Azure Advisor your company's secure score will decrease

False If you implement the security recommendations, you company"™s score will increase, not decrease.

T/F when an azure subscription expires the associated Azure AD tenant is deleted automatically

False If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure subscription.

T/F to implement a hybrid cloud model, a company must first have a private cloud

False It is not true that a company must always migrate from a private cloud model or must first have a private cloud to implement a hybrid cloud. You could start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid cloud.

T/F a private cloud must be disconnected from the internet

False It is not true that a private cloud must be disconnected from the Internet. Private clouds can be and most commonly are connected to the Internet. "Private cloud" means that the physical servers are managed by you. It does not mean that it is disconnected from the Internet.

T/F To implement an Azure MFA solution, you must deploy a federation solution or sync on-premises identities to the cloud

False It is not true that you must deploy a federation solution or sync on-premises identities to the cloud. You can have a cloud-only environment and use MFA.

T/F the SLA for azure ad premium p2 is the same as the SLA for azure AD free

False No SLA is provided for the Free tier of Azure Active Directory.

T/F North America is represented by a single Azure region

False North America has several Azure regions, including West US, Central US, South Central US, East Us, and Canada East.

T/F if you have azure resources deployed to every region, you can implement availability zones in all the regions

False Not all Azure regions support availability zones.

T/F All Azure Security Services are Free

False Only two features: Continuous assessment and security recommendations, and Azure secure score, are free.

Data transfers between Azure services located in different azure regions are always free

False Outbound data transfer is charged at the normal rate and inbound data transfer is free.

T/F Two valid methods for Azure MFA are picture identification and passport number

False Picture identification and passport numbers are not valid MFA authentication methods. Valid methods include: Password, Microsoft Authenticator App, SMS and Voice call.

T/F only VMs that run windows server can be created in availability zones

False Regions that support availability zones support Linux virtual machines.

T/F by creating additional resource groups in an azure subscription, additional costs are incurred

False Resource groups are logical containers for Azure resources. You do not pay for resource groups.

T/F The cost of an azure service in private preview decreases when the service becomes GA

False Services in private or public preview are usually offered at reduced costs. However, the costs increase, not decrease when the services are released to general availability. Next Question

T/F All azure services in private preview must be accessed using a separate azure portal

False Services in private preview can be viewed in the regular Azure portal. However, you need to be signed up for the feature in private preview before you can view it.Access to private preview features is usually by invitation only.

If you assign a tag to a resource group, all the azure resources in that group are assigned to the same tag

False Tags for Resources are not inherited by default from their Resource Group

T/F An azure storage account can contain up to 2 TB of data and up to one million files

False The limits are much higher than that. The current storage limit is 2 PB for US and Europe, and 500 TB for all other regions (including the UK) with no limit on the number of files.

T/F companies can increase the SLA by purchasing multiple subscriptions

False The number of subscriptions is unrelated to uptime SLA"™s. You can deploy resources to multiple regions under a single subscription or you can have multiple subscriptions with resources deployed to the same region.

T/F Azure VMs that run Windows Server 2016 can encrypt network traffic sent to the internet

False The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was configured to require or accept the encryption.However, the VM could not encrypt the traffic to an Internet host that is not configured to require the encryption.

T/F To maintain Microsoft support you must implement the security recs by Azure Advisor w/in a period of 30 days

False There is no requirement to implement the security recommendations provided by Azure Advisor. The recommendations are just that, "˜recommendations"™. They are not "˜requirements"™.

If you create two azure vms that use the B2S size, each virtual machine will generate the same monthly costs

False Two virtual machines using the same size could have different disk configurations. Therefore, the monthly costs could be different.

T/F Each user account in Azure AD can be assigned only one license

False User accounts in Azure Active Directory can be assigned multiple licenses for different Azure or Microsoft 365 services. Next Question

T/F Support from MSDN forums is only provided to companies that have a pay as you go subscription

False Users with any type of Azure subscription (pay-as-you-go, Enterprise Agreement, Microsoft Customer Agreement etc.) can get support from the MSDN forums.

T/F you can create up to 10 azure free accounts using the same microsoft account

False You can only create one free Azure account per Microsoft account.

T/F From Azure service health, an admin can prevent a service failure

False You can use Resource Health to view the health of a virtual machine. However, you cannot use Resource Health to prevent a service failure affecting the virtual machine.Azure resource health provides information about the health of your individual cloud resources such as a specific virtual machine instance.

T/F A company can extend a private cloud by adding its own physical servers to the public cloud

False You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.

T/F two azure subscriptions can be merged into one

False You cannot merge two subscriptions into a single subscription. However, you can move some Azure resources from one subscription to another. You can also transfer ownership of a subscription and change the billing type for a subscription.

T/F A user who is assigned the owner role can transfer ownership of an azure subscription

False You need to be an administrator of the billing account that has the subscription to be able to transfer the subscription. This could be a Billing Administrator orGlobal Administrator. A subscription owner can manage all resources and permissions within the subscription but cannot transfer ownership of the subscription.

T/F Azure AD requires the implementation of domain controllers on Azure VMs

False Azure Active Directory (Azure AD) is a cloud-based service. It does not require domain controllers on virtual machines.

Your company plans to migrate all its data and resources to Azure.The company"™s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure Storage accounts.Does this meet the goal?

False: Azure App Service is a PaaS (Platform as a Service) service. However, Azure Storage accounts are an IaaS (Infrastructure as a Service) service. Therefore, this solution does not meet the goal. Next Question

Your company plans to migrate all its data and resources to Azure.The company"™s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.Does this meet the goal?

False: Azure App Service is a PaaS (Platform as a Service) service. However, Azure virtual machines are an IaaS (Infrastructure as a Service) service. Therefore, this solution does not meet the goal. Next Question

A cloud service that remains available after a failure occurs A. Fault Tolerance B. Disaster Recovery C. Low Latency D. Dynamic Scalability

Fault tolerance Fault tolerance is the ability of a service to remain available after a failure of one of the components of the service. For example, a service running on multiple servers can withstand the failure of one of the servers.

How to build availability requirements into your design

For example, to improve the availability of the application, avoid having any single points of failure. So instead of adding more virtual machines, you can deploy one or more extra instances of the same virtual machine across the different availability zones in the same Azure region. Deploying two or more instances of an Azure virtual machine across two or more availability zones raises the virtual machine SLA to 99.99 percent. Recalculating your composite SLA above with this Virtual Machines SLA gives you an application SLA of:

Benefits of Cloud Computing

High Availability, Scalability, Elasticity, Agility, Disaster Recovery

Azure Blob Access Tiers

Hot access tier: Optimized for storing data that is accessed frequently (for example, images for your website). Cool access tier: Optimized for data that is infrequently accessed and stored for at least 30 days (for example, invoices for your customers). Archive access tier: Appropriate for data that is rarely accessed and stored for at least 180 days, with flexible latency requirements (for example, long-term backups).

An org that hosts its infrastructure _____ no longer requires a data center

In the public cloud

outbound data traffic from azure to an on prem network is always free

Inbound data traffic is free but outbound data traffic is not.

Azure China 21Vianet

It's a physically separated instance of cloud services located in China. Azure China 21Vianet is independently operated and transacted by Shanghai Blue Cloud Technology Co., Ltd. ("21Vianet"), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd. According to the China Telecommunication Regulation, providers of cloud services, infrastructure as a service (IaaS) and platform as a service (PaaS), must have value-added telecom permits. Only locally registered companies with less than 50 percent foreign investment qualify for these permits. To comply with this regulation, the Azure service in China is operated by 21Vianet, based on the technologies licensed from Microsoft.

You plan to extend your company"™s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.You need to create an Azure resource that defines the VPN appliance in Azure.Which Azure resource should you create?

Local network gateways A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of theVPN. A "˜connection"™ is what connects the Local Network Gateway an the Virtual Network Gateway to bring up the VPN.The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.

You create a resource group named RG1 in Azure Resource Manager.You need to prevent the accidental deletion of the resources in RG1.Which setting should you use?

Locks

A cloud service that can be accessed quickly from the internet A. Fault Tolerance B. Disaster Recovery C. Low Latency D. Dynamic Scalability

Low latency Latency is the time a service to respond to requests. For example, the time it takes for a web page to be returned from a web server. Low latency means low response time which means a quicker response.

What tool should you use to monitor the health of Azure Services?

Monitor Azure Monitor is used to monitor the health of Azure services. Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.

You plan to implement several security services for an Azure environment. You need to identify which Azure services must be used to meet the following security requirements: ✑ Monitor threats by using sensors ✑ Enforce Azure Multi-Factor Authentication (MFA) based on a condition Which Azure service should you identify for each requirement?

Monitor Threats by using Sensors: Azure Advanced Threat Protection Enforce Azure MFA based on a condition: Azure AD Identity Protection. Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to.

Your company plans to migrate all its data and resources to Azure.The company"™s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that meets the company migration plan.Solution: You create an Azure virtual machines, Azure SQL databases, and Azure Storage accounts.Does this meet the goal? A. Yes B. No

No VMs are IaaS Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure "" servers, storage, and networking "" but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.

You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.

On the Help and Support blade, there is a Service Health option. If you click Service Health, a new blade opens. The Service Health blade contains the PlannedMaintenance link which opens a blade where you can view a list of planned maintenance events that can affect the availability of an Azure subscription.

Azure Cosmos DB is an example of a ___ Offering

PaaS

Azure SQL Database

PaaS DB Engine. Relational database based on the latest stable version of the Microsoft SQL Server database engine. SQL Database is a high-performance, reliable, fully managed, and secure database. You can use it to build data-driven applications and websites in the programming language of your choice, without needing to manage infrastructure

What workloads can you automate with Azure Logic Apps?

Process and route orders across on-premises systems and cloud services. ✑ Send email notifications with Office 365 when events happen in various systems, apps, and services. ✑ Move uploaded files from an SFTP or FTP server to Azure Storage. ✑ Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need review.

Cloud Computing

Renting resources, like storage space or CPU cycles on another company's computers, you only pay for what you use

You need to request that Microsoft increase a subscription quota limit for your company.Which blade should you use from the Azure portal?

Request a standard quota increase from Help + support

Resource Groups

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts are deployed and managed.

Resources

Resources are instances of services that you create, like virtual machines, storage, or SQL databases.

Azure SQL Managed Instance

Scalable cloud data service that provides the broadest SQL Server database engine compatibility with all the benefits of a fully managed platform as a service.

Public Cloud

Services are offered over the public internet and available to anyone who wants to purchase them. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider, and delivered over the internet.

Tags

Tags provide extra information, or metadata, about your resources. This metadata is useful for: Resource management Tags enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners. Cost management and optimization Tags enable you to group resources so that you can report on costs, allocate internal cost centers, track budgets, and forecast estimated cost. Operations management Tags enable you to group resources according to how critical their availability is to your business. This grouping helps you formulate service-level agreements (SLAs). An SLA is an uptime or performance guarantee between you and your users. Security Tags enable you to classify data by its security level, such as public or confidential. Governance and regulatory compliance Tags enable you to identify resources that align with governance or regulatory compliance requirements, such as ISO 27001. Tags can also be part of your standards enforcement efforts. For example, you might require that all resources be tagged with an owner or department name. Workload optimization and automation Tags can help you visualize all of the resources that participate in complex deployments. For example, you might tag a resource with its associated workload or application name and use software such as Azure DevOps to perform automated tasks on those resources.

The ____ explains what data microsoft processes, how microsoft processes the data, and the purpose of processing the data

The Microsoft Privacy Statement

You have an app that is comprised of an azure web app that has a SLA of 99.95 percent and an Azure SQL database that has an SLA of 99.99 percent. The composite SLA for the app is

The product of both SLAs, which equals 99.4 percent

What factors affect cost?

The way you use resources, your subscription type, and pricing from third-party vendors are common factors Resource type: For example, with a storage account you specify a type (such as block blob storage or table storage), a performance tier (standard or premium), and an access tier (hot, cool, or archive). These selections present different costs. Usage meters: Each meter tracks a specific type of usage. For example, a meter might track bandwidth usage (ingress or egress network traffic in bits per second), number of operations, or its size (storage capacity in bytes). The usage that a meter tracks correlates to a quantity of billable units. Those units are charged to your account for each billing period. The rate per billable unit depends on the resource type you're using. Resource usage: Charged based on what you use Azure subscription types Azure marketplace Location: Different regions can have different associated prices. Because geographic regions can impact where your network traffic flows, network traffic is a cost influence to consider as well Billing Zones: Bandwidth refers to data moving in and out of Azure datacenters. Some inbound data transfers (data going into Azure datacenters) are free. For outbound data transfers (data leaving Azure datacenters), data transfer pricing is based on zones.

Redundancy

To ensure high availability, you might plan for your application to have duplicate components across several regions, known as redundancy. Conversely, to minimize costs during non-critical periods, you might run your application only in a single region.

An azure resource can have multiple delete locks

True

An azure resource inherits locks from its resource group

True

If an azure resource has a read-only lock you can add a delete lock to the resource

True

T/F A PaaS solution that hosts web apps in azure can be provided w/ additional memory by changing the pricing tier

True

T/F A resource group can contain resources from multiple azure regions

True

T/F Copying 10 GB of data FROM Azure TO an on prem network over a VPN generates additional azure data transfer costs

True

T/F Deploying your own datacenter is an ex of CapEx

True

T/F You can convert the azure subscription of your company from free trial to pay as you go

True

T/F you can change the azure ad tenant to which an azure subscription is associated

True

T/F you can create group policies in Azure AD

True

You can use availability zones in azure to protect azure managed disks from a datacenter failure

True

data traffic bet azure services w/in the same region is always free

True

A PaaS solution that hosts web apps in azure provides the ability to scale the platform automatically

True A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling means adding more load balanced virtual machines to host the web apps.

T/F A PaaS solution that hosts web apps in azure can be configured to auto scale the # of instances based on demand

True A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling means adding more load balanced virtual machines to host the web apps.

A company can extend the capacity of its internal network by using the public cloud

True A company can extend the capacity of its internal network by using the public cloud. This is very common. When you need more capacity, rather than pay out for new on-premises infrastructure, you can configure a cloud environment and connect your on-premises network to the cloud environment by using a VPN.

T/F a co can extend the computing resources of its internal network using a hybrid cloud

True A company can extend the computing resources of its internal network by using the public cloud. This is very common. When you need more resources, rather than pay out for new on-premises infrastructure, you can configure a cloud environment and connect your on-premises network to the cloud environment by using a VPN.

T/F a company can use resources from multiple subscriptions

True A company can have multiple subscriptions and store resources in the different subscriptions. However, a resource instance can exist in only one subscription.

Every Azure region has multiple datacenters

True A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.

T/F with azure reservations, you pay less for VMs than w/ pay as you go pricing

True A reservation is where you commit to pay for a resource (for example a virtual machine) for one or three years. This gives you a discounted price on the resource for the reservation period.

If you assign permissions for a user to manage a resource group, the user can manage all the azure resources in that resource group

True A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group.

T/F Azure Monitor can send alerts to azure AD security groups

True Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action.

T/F From Azure Monitor, you can create alerts

True Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective action. Alert rules based on metrics provide near real time alerting based on numeric values, while rules based on logs allow for complex logic across data from multiple sources.

T/F all azure free accounts expire after a specific period

True All free accounts expire after 12 months.

T/F Identities stored in azure AD, third party cloud services, and on=prem active directory can be used to access azure resources

True As described above, third-party cloud services and on-premises Active Directory can be used to access Azure resources. This is known as "˜federation"™.Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization. A typical federation might include a number of organizations that have established trust for shared access to a set of resources.

T/F you can join windows 10 devices to azure AD

True Azure AD join only applies to Windows 10 devices.

T/F Azure AD provides authentication services for resources hosted in azure and M365

True Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources and Microsoft 365.

T/F Azure has built in authentication and authorization services that provide secure access to azure resources

True Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources.

T/F azure has built in authentication and authorization services that provide secure access to azure resources

True Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources.

T/F From Azure Monitor, you can monitor resources across multiple azure subscriptions

True Azure Monitor can consolidate log entries from multiple Azure resources, subscriptions, and tenants into one location for analysis together.

T/F Azure Monitor can monitor the performance of on-prem computers

True Azure Monitor maximizes the availability and performance of your applications and services by delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.

T/F Azure monitor can trigger alters based on data in an azure log analytics workspace

True Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A target can be any Azure resource. Example targets: a virtual machine, a storage account, a virtual machine scale set, a Log Analytics workspace, or an Application Insights resource.

T/F Azure Security Center can monitor azure resources and on-prem resources

True Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

T/F If you delete a resource group all the resources in the resource group will be deleted

True Deleting the resource group will remove the resource group as well as all the resources in that resource group. This can be useful for the management of resources. For example, a virtual machine has several components (the VM itself, virtual disks, network adapter etc.). By placing the VM in its own resource group, you can delete the VM along with all its associated components by deleting the resource group.Another example is when creating a test environment. You could place the entire test environment (Network components, virtual machines etc.) in one resource group. You can then delete the entire test environment by deleting the resource group.

T/F in azure ad premium p2 at least 99.99 availability is guranteed

True Microsoft guarantee at least 99.9% availability of the Azure Active Directory Premium edition services. The services are considered available in the following scenarios:✑ Users are able to login to the service, login to the Access Panel, access applications on the Access Panel and reset passwords.✑ IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision users to applications in the directory.

A PaaS solution that hosts web apps in azure provides professional development services to continuously add features to custom apps

True PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. PaaS development tools can cut the time it takes to code new apps with pre-coded application components built into the platform, such as workflow, directory services, security features, search and so on.

T/F the SLA guranteed uptime for paid azure services is at least 99.9 percent

True SLA"™s vary based on the resource type and the location distribution of the resource. However, the minimum uptime for all Azure services is 99.9 percent.

T/F companies can increase the SLA guaranteed uptime by adding azure resources to multiple regions

True The SLA guaranteed uptime is increased (usually to 99.95 percent) when resources are deployed across multiple regions.

T/F From azure security center, you can download a regulatory compliance report

True The advanced monitoring capabilities in Security Center also let you track and manage compliance and governance over time. The overall compliance provides you with a measure of how much your subscriptions are compliant with policies associated with your workload.References:

T/F From Azure service health an admin can create a rule to be alerted if a service fails

True The best way to use Service Health is to set up Service Health alerts to notify you via your preferred communication channels when service issues, planned maintenance, or other changes may affect the Azure services and regions you use.

T/F Identities stored in an on prem Ad can be synched w azure AD

True The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD

T/F Data that is stored in an azure storage account automatically has at least three copies

True There are different replication options available with a storage account. The "˜minimum"™ replication option is Locally Redundant Storage (LRS). With LRS, data is replicated synchronously three times within the primary region.

Azure provides flexibility between CapEx and OpEx

True Traditionally, IT expenses have been considered a Capital Expenditure (CapEx). Today, with the move to the cloud and the pay-as-you-go model, organizations have the ability to stretch their budgets and are shifting their IT CapEx costs to Operating Expenditures (OpEx) instead. This flexibility, in accounting terms, is now an option due to the "as a Service" model of purchasing software, cloud storage and other IT related resources.

When an azure VM is stopped, you continue to pay storage costs associated w/ the machine

True When an Azure virtual machine is stopped, you don"™t pay for the virtual machine. However, you do still pay for the storage costs associated to the virtual machine.The most common storage costs are for the disks attached to the virtual machines. There are also other storage costs associated with a virtual machine such as storage for diagnostic data and virtual machine backups.

T/F all paying azure customers receive a credit if their monthly uptime percentage is below the guranteed amount in the SLA

True You can claim credit if the availability falls below the SLA. The amount of credit depends on the availability. For example: You can claim 25% credit if the availability is less than 99.9%, 50% credit for less than 99% and 100% for less than 95% availability.

T/F Azure Multi-Factor Authentication (MFA) can be required for admin and non-admin user accounts

True You can configure MFA to be required for administrator accounts only or you can configure MFA for any user account.

T/F a premier support plan can only be purchased by co's w/ an Enterprise Agreement

True You can purchase the Professional Direct, Standard, and Developer support plans with the Microsoft Customer Agreement. You can also purchase theProfessional and Standard support plans with the Enterprise Agreement.

T/F the azure spending limit is fixed and cannot be increased or decreased

True You can remove the spending limit, but you can"™t increase or decrease it.The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an Azure free account or subscription types that include credits over multiple months have the spending limit turned on by default. The spending limit is equal to the amount of credit and it can"™t be changed. For example, if you signed up for Azure free account, your spending limit is $200 and you can't change it to $500. However, you can remove the spending limit. So, you either have no limit, or you have a limit equal to the amount of credit.

T/F You can configure the Azure Active Directory activity logs to appear in Azure Monitor

True You can send Azure AD activity logs to Azure Monitor logs to enable rich visualizations, monitoring and alerting on the connected data.All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs (including Azure AD activity logs). Activity logs record when resources are created or modified. Metrics tell you how the resource is performing and the resources that it's consuming.

T/F azure services in public preview can be used in production environments

True You can use services in public preview in production environments. However, you should be aware that the service may have faults, is not subject to an SLA and may be withdrawn without notice.

T/F Identities stored in Azure AD, 3rd party cloud services, and on prem AD can be used to access azure resources

True As described above, third-party cloud services and on-premises Active Directory can be used to access Azure resources. This is known as "˜federation"™.Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization. A typical federation might include a number of organizations that have established trust for shared access to a set of resources.

T/F by copying several GB of data from Azure to an onprem network over a VPN additional data transfer costs are incurred

True Data egress over a VPN is data "˜going out"™ of Azure over the VPN. You are charged for data egress.

Your company plans to migrate all its data and resources to Azure.The company"s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.You need to deploy an Azure environment that meets the company migration plan. Solution: You create an Azure App Service and Azure SQL databases. Does this meet the goal?

True: Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does meet the goal. Next Question

How to reduce cost ?

Use Azure Advisor to monitor usage Use spending limits User Azure Reservations to prepay Choose low cost locations and regions Use Azure Cost Management + Billing to control spending Apply tags to ID cost owners Resize underutilized VMs Deallocate VMs in off hours Delete unused resources Migrate from IaaS to PaaS Save on licensing Choose cost effective OS (e.g. windows vs linux) Use Azure Hybrid Benefit to repurpose software licenses

Do you need to perform one-off management, administrative, or reporting actions?

Use either Azure PowerShell or the Azure CLI if you need to quickly obtain the IP address of a virtual machine (VM) you've deployed, reboot a VM, or scale an app. You might want to keep custom scripts handy on your local hard drive for certain operations that you perform occasionally.

when using an azure expressroute cnxn, inbound data traffic from an on prem network to azure is always free

With Azure ExpressRoute, all inbound data transfer is free of charge.

You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.Solution: You use PowerShell in Azure Cloud Shell.Does this meet the goal? A. Yes B. No

Yes Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the overhead of installing, versioning, and maintaining a machine yourself.Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the Android operating system.

Elasticity

You can configure cloud-based apps to take advantage of autoscaling, so your apps always have the resources they need. As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by automatically adding or removing resources.

You plan to deploy a critical line-of-business application to Azure.The application will run on an Azure virtual machine.You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent.What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment? To answer, select the appropriate options in the answer area.

You need a minimum of two virtual machines with each one located in a different availability zone. Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there"™s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With AvailabilityZones, Azure offers industry best 99.99% VM uptime SLA.

How should you calculate the monthly uptime percentage?

[(Max Available Minutes - Downtime Minutes) / Max Available Minutes ] * 100

Content Delivery Network

a distributed network of servers that can efficiently deliver web content to users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users, to minimize latency.Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).The benefits of using Azure CDN to deliver web site assets include: ✑ Better performance and improved user experience for end users, especially when using applications in which multiple round-trips are required to load content. ✑ Large scaling to better handle instantaneous high loads, such as the start of a product launch event. ✑ Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the origin server.

DDoS Attack

attempts to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. DDoS attacks can target any resource that's publicly reachable through the internet, including websites.

Azure DevTest Labs

automated means of managing the process of building, setting up, and tearing down virtual machines (VMs) that contain builds of your software projects. Anything you can deploy in Azure via an ARM template can be provisioned through DevTest Labs. Provisioning pre-created lab environments with their required configurations and tools already installed is a huge time saver for quality assurance professionals and developers. Ex: Suppose you need to test a new feature on an old version of an operating system. Azure DevTest Labs can set up everything automatically upon request. After the testing is complete, DevTest Labs can shut down and deprovision the VM, which saves money when it's not in use. To control costs, the management team can restrict how many labs can be created, how long they run, and so on.

to ensure a virtual machine, VM1, cannot connect to the other VMs, VM1 must...

be deployed to a separate virtual network Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual machines in a virtual network can connect to the other virtual machines in the same virtual network. Even if the virtual machines are on separate subnets within the virtual network, they can still communicate with each other.To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network.

Azure Role-Based Access Control (RBAC)

built-in roles that describe common access rules for cloud resources. You can also define your own roles. Each role has an associated set of access permissions that relate to that role. When you assign individuals or groups to one or more roles, they receive all of the associated access permissions. Role-based access control is applied to a scope, which is a resource or set of resources that this access applies to.

Azure Kubernetes Service

complete orchestration service for containers with distributed architectures and large volumes of containers. Orchestration is the task of automating and managing a large number of containers and how they interact.

Compliance & Regulatory Compliance

compliance means to adhere to a law, standard, or set of guidelines. Regulatory compliance refers to the discipline and process of ensuring that a company follows the laws that governing bodies enforce.

When implementing a SaaS solution you are responsible for - configuring high availability - defining scalability rules - installing the SaaS solution - configuring the SaaS solution

configuring the SaaS solution When you are implementing a Software as a Service (SaaS) solution, you are responsible for configuring the SaaS solution. Everything else is managed by the cloud provider.SaaS requires the least amount of management. The cloud provider is responsible for managing everything, and the end user just uses the software.Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring and office tools(such as Microsoft Office 365).SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually with a web browser. All of the underlying infrastructure, middleware, app software and app data are located in the service provider"™s data center. The service provider manages the hardware and software and with the appropriate service agreement, will ensure the availability and the security of the app and your data as well.

Security Posture

cybersecurity policies and controls, as well as how well you can predict, prevent, and respond to security threats. your organization's ability to protect from and respond to security threats. The common principles used to define a security posture are confidentiality, integrity, and availability, known collectively as CIA.

Windows Virtual Desktop

desktop and application virtualization service that runs on the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Windows Virtual Desktop works across devices like Windows, Mac, iOS, Android, and Linux Windows Virtual Desktop, the data and apps are separated from the local hardware. Windows Virtual Desktop runs them instead on a remote server. The risk of confidential data being left on a personal device is reduced

Azure compliance documentation

detailed documentation about legal and regulatory standards and compliance on Azure. Here you find compliance offerings across these categories: Global US government Financial services Health Media and manufacturing Regional There are also additional compliance resources, such as audit reports, privacy information, compliance implementations and mappings, and white papers and analyst reports. Country and region privacy and compliance guidelines are also included. Some resources might require you to be signed in to your cloud service to access them.

Azure Blueprints

enables you to define the set of standard Azure resources that your organization requires. For example, you can define a blueprint that specifies that a certain resource lock must exist. Azure Blueprints can automatically replace the resource lock if that lock is removed. Azure Blueprints orchestrates the deployment of various resource templates and other artifacts, such as: Role assignments Policy assignments Azure Resource Manager templates Resource groups

Microsoft Privacy Statement

explains what personal data Microsoft collects, how Microsoft uses it, and for what purposes. The privacy statement covers all of Microsoft's services, websites, apps, software, servers, and devices. This list ranges from enterprise and server products to devices that you use in your home to software that students use at school. Microsoft's privacy statement also provides information that's relevant to specific products such as Windows and Xbox.

T/F An azure resource group can contain multiple azure subscriptions

false

T/F An azure subscription can have multiple account admins

false

T/F adding RGs in azure subscriptions generates additional costs

false

T/F if you create two Azure VMs that use the B2S size, each VM will always generate the same monthly cost

false

Azure advisor provides recs on how to configure the network settings on Azure vms

false Azure Advisor does not provide recommendations on how to configure network settings on Azure virtual machines.

T/F if your company uses a free azure account, you will only be able to use a subset of azure resources

false Azure Free Account gives you 12 months access to the most popular free services. It also gives you a credit (150 GBP or 200 USD) to use on any Azure service for up to 30 days.

T/F an azure free account has a limit of 2Tb of data that can be uploaded to azure

false Azure free account has a 5 GB blob storage limit and a 5 GB file storage limit.

T/F an azure RG contains multiple azure subscriptions

false Resource groups are logical containers for Azure resources. However, resource groups do not contain subscriptions. Subscriptions contain resource groups.

T/F when you use a general purpose v2 azure storage account you are only charged for the amount of data stored. All read and write operations are free

false You are charged for read and write operations in general-purpose v2 storage accounts.

T/F each azure subscription can be managed by using a microsoft account only

false You need an Azure Active Directory account to manage a subscription, not a Microsoft account. An account is created in the Azure Active Directory when you create the subscription. Further accounts can be created in the Azure Active Directory to manage the subscription.

T/F transferring data between azure storage accounts in different azure regions is free

false You would be charge for the read operations of the source storage account and write operations in the destination storage account.

Azure Service Level Agreement (SLA)

formal agreement between a service company and the customer. For Azure, this agreement defines the performance standards that Microsoft commits to for you, the customer.

Data Protection Addendum (DPA)

further defines the data processing and security terms for online services. These terms include: Compliance with laws. Disclosure of processed data. Data Security, which includes security practices and policies, data encryption, data access, customer responsibilities, and compliance with auditing. Data transfer, retention, and deletion.

TCO (Total Cost of Ownership) Calculator

helps you estimate the cost savings of operating your solution on Azure over time, instead of in your on-premises datacenter. The term total cost of ownership is commonly used in finance. It can be hard to see all the hidden costs related to operating a technology capability on-premises. Software licenses and hardware are additional costs. With the TCO Calculator, you enter the details of your on-premises workloads. Then you review the suggested industry average cost (which you can adjust) for related operational costs. These costs include electricity, network maintenance, and IT labor. You're then presented with a side-by-side report. Using the report, you can compare those costs with the same workloads running on Azure.

You have an Azure environment that contains 10 web apps. To which URL should you connect to manage all the Azure resources? To answer, select the appropriate options in the answer area.

https:// portal. azure .com

Online Services Terms

legal agreement between Microsoft and the customer. The OST details the obligations by both parties with respect to the processing and security of customer data and personal data. The OST applies specifically to Microsoft's online services that you license through a subscription, including Azure, Dynamics 365, Office 365, and Bing Maps.

Azure Logic Apps (serverless computing)

low-code/no-code development platform hosted as a cloud service. The service helps you automate and orchestrate tasks, business processes, and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations. Logic Apps simplifies how you design and build scalable solutions, whether in the cloud, on-premises, or both. This solution covers app integration, data integration, system integration, enterprise application integration (EAI), and business-to-business (B2B) integration.

Data stored in the archive access tier of an azure storage account...

must be rehydrated before the data can be accessed

Azure Blob Storage

object storage solution for the cloud. It can store massive amounts of data, such as text or binary data. Azure Blob Storage is unstructured, meaning that there are no restrictions on the kinds of data it can hold. Blob Storage can manage thousands of simultaneous uploads, massive amounts of video data, constantly growing log files, and can be reached from anywhere with an internet connection. Ideal for: Serving images or documents directly to a browser. Storing files for distributed access. Streaming video and audio. Storing data for backup and restore, disaster recovery, and archiving. Storing data for analysis by an on-premises or Azure-hosted service. Storing up to 8 TB of data for virtual machines. Easier to manage than disks b/c developers don't have to deal w/ the physical needs that they do when using disk Blobs stored in containers which makes it easy to organize by biz need

When planning to migrate a public website to Azure you must plan to - deploy a VPN - pay monthly usage costs - pay to transfer all website data to azure - reduce the # of cnxns to the website

pay monthly usage costs

Service Credit

percentage of the fees you paid that are credited back to you according to the claim approval process An SLA describes how Microsoft responds when an Azure service fails to perform to its specification. For example, you might receive a discount on your Azure bill as compensation when a service fails to perform according to its SLA. Credits typically increase as uptime decreases.

Resource Locks

prevents resources from being accidentally deleted or changed Even with Azure role-based access control (Azure RBAC) policies in place, there's still a risk that people with the right level of access could delete critical cloud resources. Think of a resource lock as a warning system that reminds you that a resource should not be deleted or changed. You can manage resource locks from the Azure portal, PowerShell, the Azure CLI, or from an Azure Resource Manager template. You can apply locks to a subscription, a resource group, or an individual resource: CanNotDelete & ReadOnly locks are available

Authentication

process of establishing the identity of a person or service that wants to access a resource. It involves the act of challenging a party for legitimate credentials and provides the basis for creating a security principal for identity and access control. It establishes whether the user is who they say they are.

Fault Tolerance

refers to achieving high availability on the cloud the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service

Azure Database for PostgreSQL

relational database service in the cloud. The server software is based on the community version of the open-source PostgreSQL database engine. Single Server & Hyperscale (Citus) deployment available

Azure Government

separate instance of the Microsoft Azure service. It addresses the security and compliance needs of US federal agencies, state and local governments, and their solution providers. Azure Government offers physical isolation from non-US government deployments and provides screened US personnel.

Azure policy

service in Azure that enables you to create, assign, and manage policies that control or audit your resources. These policies enforce different rules and effects over your resource configurations so that those configurations stay compliant with corporate standards Implementing a policy in Azure Policy involves these three steps: Create a policy definition. Assign the definition to resources. Review the evaluation results.

Azure DevOps

services that address every stage of the software development lifecycle. (SaaS offering) Azure Repos is a centralized source-code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration. Azure Boards is an agile project management suite that includes Kanban boards, reporting, and tracking ideas and work from high-level epics to work items and issues. Azure Pipelines is a CI/CD pipeline automation tool. Azure Artifacts is a repository for hosting artifacts, such as compiled source code, which can be fed into testing or deployment pipeline steps. Azure Test Plans is an automated test tool that can be used in a CI/CD pipeline to ensure quality before a software release.

Trust Center

showcases Microsoft's principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services. The Trust Center is an important part of the Microsoft Trusted Cloud Initiative and provides support and resources for the legal and compliance community The Trust Center provides: In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products. Additional resources for each topic. Links to the security, privacy, and compliance blogs and upcoming events.

Azure Virtual Machines

software emulations of physical computers. They include a virtual processor, memory, storage, and networking resources. VMs host an operating system, and you can install and run software just like a physical computer. When using a remote desktop client, you can use and control the VM as if you were sitting in front of it IaaS Good for when you need total control over an operating system and environment Can customize all software running on it When to use: testing & dev running apps in cloud extending datacenters to cloud during disaster recovery Azure Batch -- scale tens to thousands of VMs

Shared Responsibility Model

the user manages and maintains the services they have provisioned, and the cloud provider manages and maintains the cloud infrastructure.

T/F An azure subscription can be managed by using a microsoft account only

true

T/F to build a hybrid cloud you must deploy resources to the public cloud

true

Azure advisor provides recs on how to reduce the cost of running azure VMs

true Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.

T/F an azure free account has a spending limit

true An Azure free account has a spending limit. This is currently 200 USD or 150 GBP.

T/F From azure service health an admin can view the health of all services in an azure environment

true Azure Service Health consists of three components: Azure Status, Azure Service Heath and Azure Resource Health.Azure service health provides a personalized view of the health of the Azure services and regions you're using. This is the best place to look for service impacting communications about outages, planned maintenance activities, and other health advisories because the authenticated Azure Service Health experience knows which services and resources you currently use.To view the health of all other services available in Azure, you would use the Azure Status component of Azure Service Health. Azure status informs you of service outages in Azure on the Azure Status page. The page is a global view of the health of all Azure services across all Azure regions.

T/F when an azure vm is stopped you continue to pay storage associated with it

true When a virtual machine is stopped (deallocated), the virtual machine is unloaded/dismounted from the physical server in Azure. In this state, you are not charged for the virtual machine itself. However, you are still charged for the storage costs of the virtual hard disks attached to the virtual machine.If the virtual machine is stopped but not deallocated (this happens if you shut down the virtual machine from the operating system of the virtual machine), the virtual machine is still mounted on the physical server in Azure and you are charged for the virtual machine itself as well as the storage costs. To ensure that a virtual machine is "˜stopped (deallocated)"™, you need to stop the virtual machine in the Azure portal.

T/F each azure subscription can contain multiple account admins

true You can assign additional account administrators in the Azure Portal.

T/F a single microsoft account can be used to manage multiple azure subscriptions

true You can use the same account to manage multiple subscriptions. You can create an additional subscription for your account in the Azure portal. You may want an additional subscription to avoid hitting subscription limits, to create separate environments for security, or to isolate data for compliance reasons.

Azure policy initiatives

way of grouping related policies into one set. The initiative definition contains all of the policy definitions to help track your compliance state for a larger goal.

Azure Portal

web-based user interface, you can access virtually every feature of Azure. The Azure portal provides a friendly, graphical UI to view all the services you're using, create new services, configure your services, and view reports. The Azure portal is how most users first experience Azure. But, as your Azure usage grows, you'll likely choose a more repeatable code-centric approach to managing your Azure resources.

Azure PowerShell

shell with which developers and DevOps and IT professionals can execute commands called cmdlets (pronounced command-lets). These commands call the Azure Rest API to perform every possible management task in Azure. Cmdlets can be executed independently or combined into a script file and executed together to orchestrate: The routine setup, teardown, and maintenance of a single resource or multiple connected resources. The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code. Better for Windows background

Agility

the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business

Identity

the new primary security boundary. Accurately proving that someone is a valid user of your system, with an appropriate level of access, is critical to maintaining control of your data. This identity layer is now more often the target of attack than the network is.

Compute Services

Ex: Azure VMs, AKS, Azure Batch, Azure ACI One of the primary reasons people move to azure

Single Sign On

A gateway service that permits users to log in once with a single user ID and password to gain access to multiple software applications.

Private Cloud

A private cloud consists of computing resources used exclusively by users from one business or organization. A private cloud can be physically located at your organization's on-site (on-premises) datacenter, or it can be hosted by a third-party service provider.

High Availability

A service that is up and running for a long period of time. Depending on the service-level agreement (SLA) that you choose, your cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

Subscriptions

A subscription groups together user accounts and the resources that have been created by those user accounts. For each subscription, there are limits or quotas on the amount of resources that you can create and use. Organizations can use subscriptions to manage costs and the resources that are created by users, teams, or projects.

Do you need a way to repeatedly set up one or more resources and ensure that all the dependencies are created in the proper order?

ARM templates express your application's infrastructure requirements for a repeatable deployment. A validation step ensures that all resources can be created, so that the resources are created in the proper order based on dependencies, in parallel, and idempotent.

Disaster Recovery

By taking advantage of cloud-based backup services, data replication, and geo-distribution, you can deploy your apps with the confidence that comes from knowing that your data is safe in the event of disaster.

DevOps vs GitHub

GitHub has a long history with public repositories and is trusted by tens of thousands of open-source project owners. GitHub is a lighter-weight tool than Azure DevOps, with a focus on individual developers contributing to the open-source code. Azure DevOps, on the other hand, is more focused on enterprise development, with heavier project-management and planning tools, and finer-grained access control. Note you can use them together

Special Azure Regions

US DoD Central, US Gov Virginia, US Gov Iowa and more: These regions are physical and logical network-isolated instances of Azure for U.S. government agencies and partners. These datacenters are operated by screened U.S. personnel and include additional compliance certifications. China East, China North, and more: These regions are available through a unique partnership between Microsoft and 21Vianet, whereby Microsoft doesn't directly maintain the datacenters.

VPN Gateway (virtual network gateway)

VPNs use an encrypted tunnel within another network. They're typically deployed to connect two or more trusted private networks to one another over an untrusted network (typically the public internet). Traffic is encrypted while traveling over the untrusted network to prevent eavesdropping or other attacks. Azure VPN Gateway instances are deployed in Azure Virtual Network instances and enable the following connectivity: Connect on-premises datacenters to virtual networks through a site-to-site connection. Connect individual devices to virtual networks through a point-to-site connection. Connect virtual networks to other virtual networks through a network-to-network connection

Azure Regions

a geographical area on the planet that contains at least one but potentially multiple datacenters that are nearby and networked together with a low-latency network. Azure intelligently assigns and controls the resources within each region to ensure workloads are appropriately balanced.

Azure IoT Central

builds on top of IoT Hub by adding a dashboard that allows you to connect, monitor, and manage your IoT devices. The visual user interface (UI) makes it easy to quickly connect new devices and watch as they begin sending telemetry or error messages. You can watch the overall performance across all devices in aggregate, and you can set up alerts that send notifications when a specific device needs maintenance. Finally, you can push firmware updates to the device. A key part of IoT Central is the use of device templates. By using a device template, you can connect a device without any service-side coding. IoT Central uses the templates to construct the dashboards, alerts, and so on. Device developers still need to create code to run on the devices, and that code must match the device template specification.

Azure Key Vault

centralized cloud service for storing an application's secrets in a single, central location. It provides secure access to sensitive information by providing access control and logging capabilities. Manage secrets You can use Key Vault to securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. Manage encryption keys You can use Key Vault as a key management solution. Key Vault makes it easier to create and control the encryption keys that are used to encrypt your data. Manage SSL/TLS certificates Key Vault enables you to provision, manage, and deploy your public and private Secure Sockets Layer / Transport Layer Security (SSL/TLS) certificates for both your Azure resources and your internal resources. Store secrets backed by hardware security modules (HSMs) These secrets and keys can be protected either by software or by FIPS 140-2 Level 2 validated HSMs.

Virtual Network

enable Azure resources, such as VMs, web apps, and databases, to communicate with each other, with users on the internet, and with your on-premises client computers. You can think of an Azure network as a set of resources that links other Azure resources. Azure virtual networks provide the following key networking capabilities: Isolation and segmentation Internet communications Communicate between Azure resources Communicate with on-premises resources Route network traffic Filter network traffic Connect virtual networks

Serverless Computing

enables developers to build applications faster by eliminating the need for them to manage infrastructure. With serverless applications, the cloud service provider automatically provisions, scales, and manages the infrastructure required to run the code. Serverless architectures are highly scalable and event-driven, only using resources when a specific function or trigger occurs. It's important to note that servers are still running the code. The "serverless" name comes from the fact that the tasks associated with infrastructure provisioning and management are invisible to the developer.

Azure Region Pair

Each Azure region is always paired with another region within the same geography (such as US, Europe, or Asia) at least 300 miles away. This approach allows for the replication of resources (such as VM storage) across a geography that helps reduce the likelihood of interruptions because of events such as natural disasters, civil unrest, power outages, or physical network outages that affect both regions at once. If a region in a pair was affected by a natural disaster, for instance, services would automatically failover to the other region in its region pair. Availability zones are created by using one or more datacenters. There's a minimum of three zones within a single region. It's possible that a large disaster could cause an outage big enough to affect even two datacenters. That's why Azure also creates region pairs.

Cloud Shell

A browser-based scripting environment for command-line administration of Azure resources. It provides support for two shell environments. Linux users can opt for a Bash experience, while Windows users can use PowerShell.

What services does Azure AD provide?

Authentication This includes verifying identity to access applications and resources. It also includes providing functionality such as self-service password reset, multifactor authentication, a custom list of banned passwords, and smart lockout services. Single sign-on SSO enables you to remember only one username and one password to access multiple applications. A single identity is tied to a user, which simplifies the security model. As users change roles or leave an organization, access modifications are tied to that identity, which greatly reduces the effort needed to change or disable accounts. Application management You can manage your cloud and on-premises apps by using Azure AD. Features like Application Proxy, SaaS apps, the My Apps portal (also called the access panel), and single-sign on provide a better user experience. Device management Along with accounts for individual people, Azure AD supports the registration of devices. Registration enables devices to be managed through tools like Microsoft Intune. It also allows for device-based conditional access policies to restrict access attempts to only those coming from known devices, regardless of the requesting user account.

Authorization

Authentication establishes the user's identity, but authorization is the process of establishing what level of access an authenticated person or service has. It specifies what data they're allowed to access and what they can do with it.

Availability Zones

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking. An availability zone is set up to be an isolation boundary. If one zone goes down, the other continues working. Availability zones are connected through high-speed, private fiber-optic networks. To ensure resiliency, there are a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your solutions to use replicated VMs in zones, you can protect your applications and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.

What's in the Cloud Adoption Framework?

Consists of tools, documentation, and proven practices. The Cloud Adoption Framework includes these stages: Define your strategy. Make a plan. Ready your organization. Adopt the cloud. Govern and manage your cloud environments.

Azure Container Instances (ACI)

Containers are lightweight, virtualized application environments. They're designed to be quickly created, scaled out, and stopped dynamically. You can run multiple instances of a containerized application on a single host machine. For containers you don't manage the OS **different than VMs** fastest and simplest way to run a container in Azure without having to manage any virtual machines or adopt any additional services. It's a platform as a service (PaaS) offering that allows you to upload your containers, which it runs for you.

Azure DDoS Protection

DDoS Protection uses the scale and elasticity of Microsoft's global network to bring DDoS mitigation capacity to every Azure region. The DDoS Protection service helps protect your Azure applications by analyzing and discarding DDoS traffic at the Azure network edge, before it can affect your service's availability. DDoS Protection identifies the attacker's attempt to overwhelm the network and blocks further traffic from them, ensuring that traffic never reaches Azure resources. Legitimate traffic from customers still flows into Azure without any interruption of service. DDoS Protection can also help you manage your cloud consumption. When you run on-premises, you have a fixed number of compute resources. But in the cloud, elastic computing means that you can automatically scale out your deployment to meet demand. A cleverly designed DDoS attack can cause you to increase your resource allocation, which incurs unneeded expense. DDoS Protection Standard helps ensure that the network load you process reflects customer usage. You can also receive credit for any costs accrued for scaled-out resources during a DDoS attack.

ExpressRoute

ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365. Don't go over public internet -- offer more reliability, faster speed, consistent latencies, higher security

Azure AD vs AD

For on-premises environments, Active Directory running on Windows Server provides an identity and access management service that's managed by your own organization. Azure AD is Microsoft's cloud-based identity and access management service. With Azure AD, you control the identity accounts, but Microsoft ensures that the service is available globally. If you've worked with Active Directory, Azure AD will be familiar to you. When you secure identities on-premises with Active Directory, Microsoft doesn't monitor sign-in attempts. When you connect Active Directory with Azure AD, Microsoft can help protect you by detecting suspicious sign-in attempts at no extra cost. For example, Azure AD can detect sign-in attempts from unexpected locations or unknown devices.

GitHub and GitHub Actions

GitHub is arguably the world's most popular code repository for open-source software. Git is a decentralized source-code management tool, and GitHub is a hosted version of Git that serves as the primary remote. GitHub builds on top of Git to provide related services for coordinating work, reporting and discussing issues, providing documentation GitHub Actions enables workflow automation with triggers for many lifecycle events. One such example would be automating a CI/CD toolchain.

Who uses Azure AD?

IT administrators Administrators can use Azure AD to control access to applications and resources based on their business requirements. App developers Developers can use Azure AD to provide a standards-based approach for adding functionality to applications that they build, such as adding SSO functionality to an app or enabling an app to work with a user's existing credentials. Users Users can manage their identities. For example, self-service password reset enables users to change or reset their password with no involvement from an IT administrator or help desk. Online service subscribers Microsoft 365, Microsoft Office 365, Azure, and Microsoft Dynamics CRM Online subscribers are already using Azure AD. A tenant is a representation of an organization. A tenant is typically separated from other tenants and has its own identity. Each Microsoft 365, Office 365, Azure, and Dynamics CRM Online tenant is automatically an Azure AD tenant.

IoT - Do I need a dashboard for reporting and management?

If you merely want to connect to your remote devices to receive telemetry and occasionally push updates, and you don't need any reporting capabilities, you might prefer to implement Azure IoT Hub by itself. Your programmers can still create a customized set of management tools and reports by using the IoT Hub RESTful API. However, if you want a pre-built customizable user interface with which you can view and control your devices remotely, you might prefer to start with IoT Central. With this solution, you can control a single device or all devices at once, and you can set up alerts for certain conditions, such as a device failure.

SaaS

In this cloud service model, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. The cloud tenant only needs to provide their data to the application managed by the cloud provider. For example, Microsoft Office 365 provides a fully working version of Microsoft Office that runs in the cloud. All you need to do is create your content, and Office 365 takes care of everything else. software that's centrally hosted and managed for you and your users or customers. Usually one version of the application is used for all customers, and it's licensed through a monthly or annual subscription. Disadvantage: Software Limitations -- b/c you're using as is software you don't have direct control of the features

Networking

Linking compute resources and providing access to applications is the key function of Azure networking. Networking functionality in Azure includes a range of options to connect the outside world to services and features in the global Azure datacenters. Ex: Azure Virtual Network, Azure Load Balancer, Azure VPN Gateway, ACDN, Azure Firewall

Azure Sentinel

Microsoft's cloud-based SIEM system. It uses intelligent security analytics and threat analysis. Collect cloud data at scale Collect data across all users, devices, applications, and infrastructure, both on-premises and from multiple clouds. Detect previously undetected threats Minimize false positives by using Microsoft's comprehensive analytics and threat intelligence. Investigate threats with artificial intelligence Examine suspicious activities at scale, tapping into years of cybersecurity experience from Microsoft. Respond to incidents rapidly Utilize built-in orchestration and automation of common tasks.

Azure Security Center

Monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises. Automatically apply required security settings to new resources as they come online. Provide security recommendations that are based on your current configurations, resources, and networks. Continuously monitor your resources and perform automatic security assessments to identify potential vulnerabilities before those vulnerabilities can be exploited. Use machine learning to detect and block malware from being installed on your virtual machines (VMs) and other resources. You can also use adaptive application controls to define rules that list allowed applications to ensure that only applications you allow can run. Detect and analyze potential inbound attacks and investigate threats and any post-breach activity that might have occurred. Provide just-in-time access control for network ports. Doing so reduces your attack surface by ensuring that the network only allows traffic that you require at the time that you need it to.

API's: Web API Web API Endpoint REST API

Programmers use APIs to interact with the functionality that's contained in code libraries. Web API: An API that's accessible from servers that accept requests via HTTP. Web API endpoint: The location of the code library. REST API: The design of the URL style that's used to expose the API's functionality.

PaaS

This cloud service model is a managed hosting environment. The cloud provider manages the virtual machines and networking resources, and the cloud tenant deploys their applications into the managed hosting environment. For example, Azure App Services provides a managed hosting environment where developers can upload their web applications, without having to worry about the physical hardware and software requirements. No capex platform limitations: might be some limitations to a cloud paltform that could affect how the app runs

IaaS

This cloud service model is the closest to managing physical servers; a cloud provider will keep the hardware up-to-date, but operating system maintenance and network configuration is up to you as the cloud tenant. For example, Azure virtual machines are fully operational virtual compute devices running in Microsoft datacenters. An advantage of this cloud service model is rapid deployment of new compute devices. Setting up a new virtual machine is considerably faster than procuring, installing, and configuring a physical server. Most flexible category b/c you can control and manage the hardware running your app No CapEx

What kinds of attacks can DDoS Protection help prevent?

Volumetric attacks The goal of this attack is to flood the network layer with a substantial amount of seemingly legitimate traffic. Protocol attacks These attacks render a target inaccessible by exploiting a weakness in the layer 3 and layer 4 protocol stack. Resource-layer (application-layer) attacks (only with web application firewall) These attacks target web application packets to disrupt the transmission of data between hosts. You need a web application firewall (WAF) to protect against L7 attacks. DDoS Protection Standard protects the WAF from volumetric and protocol attacks.

Is it critical to ensure that the device is not compromised?

When security is a critical consideration in your product's design, the best product option is Azure Sphere, which provides a comprehensive end-to-end solution for IoT devices.

Azure functions vs Azure logic apps

You can call Azure Functions from Azure Logic Apps, and vice versa. The primary difference between the two services is their intent. Azure Functions is a serverless compute service, and Azure Logic Apps is intended to be a serverless orchestration service. Although you can use Azure Functions to orchestrate a long-running business process that involves various connections, this was not its primary use case when it was designed. Additionally, the two services are priced differently. Azure Functions pricing is based on the number of executions and the running time of each execution. Logic Apps pricing is based on the number of executions and the type of connectors that it utilizes.

Azure Sphere

creates an end-to-end, highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub. Azure Sphere has built-in communication and security features for internet-connected devices. Three parts: 1. Micro Controller Unit: responsible for processing the operating system and signals from attached sensors. 2. Customized Linux OS that handles communication w/ security service & runs vendors software 3. Azure Sphere Security Service, also known as AS3. Its job is to make sure that the device has not been maliciously compromised. After the Azure Sphere system has validated the authenticity of the device and authenticated it, the device can interact with other Azure IoT services by sending telemetry and error information.

Network Security Group

enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Consumption Based Model

end users only pay for the resources that they use. Whatever they use is what they pay for. A consumption-based model has many benefits, including: No upfront costs. No need to purchase and manage costly infrastructure that users might not use to its fullest. The ability to pay for additional resources when they are needed. The ability to stop paying for resources that are no longer needed.

Azure Advisor

evaluates your Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs. Advisor is designed to help you save time on cloud optimization. The recommendation service includes suggested actions you can take right away, postpone, or dismiss. Advisor dashboard displays personalized recommendations for all your subscriptions, and you can use filters to select recommendations for specific subscriptions, resource groups, or services. The recommendations are divided into five categories: Reliability: Used to ensure and improve the continuity of your business-critical applications. Security: Used to detect threats and vulnerabilities that might lead to security breaches. Performance: Used to improve the speed of your applications. Cost: Used to optimize and reduce your overall Azure spending. Operational Excellence: Used to help you achieve process and workflow efficiency, resource manageability, and deployment best practices. Choose Azure Advisor when you're looking for an analysis of your deployed resources

Cosmos DB

globally distributed, multi-model database service. You can elastically and independently scale throughput and storage across any number of Azure regions worldwide. You can take advantage of fast, single-digit-millisecond data access by using any one of several popular APIs. Azure Cosmos DB provides comprehensive service level agreements for throughput, latency, availability, and consistency guarantees. Azure Cosmos DB supports schema-less data, which lets you build highly responsive and "Always On" applications to support constantly changing data. You can use this feature to store data that's updated and maintained by users around stores data in atom-record-sequence (ARS) format. The data is then abstracted and projected as an API, which you specify when you're creating your database.

Azure Service Health

personalized view of the health of the Azure services, regions, and resources you rely on displays both major and smaller, localized issues that affect you. Service issues are rare, but it's important to be prepared for the unexpected. You can set up alerts that help you triage outages and planned maintenance. After an outage, Service Health provides official incident reports, called root cause analyses (RCAs), which you can share with stakeholders. Keep an eye on: Service Issues Planned Maintenance Health Advisories If you want to keep tabs on Azure itself, especially the services and regions you depend on, you want to choose Azure Service Health

Azure Monitor

platform for collecting, analyzing, visualizing, and potentially taking action based on the metric and logging data from your entire Azure and on-premises environment. Choose Azure Monitor when you want to measure custom events alongside other collected telemetry data. Custom events, such as those added in the source code of your software applications, could help identify and diagnose why your application is behaving a certain way.

Azure Machine Learning

platform for making predictions. It consists of tools and services that allow you to connect to data to train and test models to find one that will most accurately predict a future result. After you've run experiments to test the model, you can deploy and use it in real time via a web API endpoint. With Azure Machine Learning, you can: Create a process that defines how to obtain data, how to handle missing or bad data, how to split the data into either a training set or test set, and deliver the data to the training process. Train and evaluate predictive models by using tools and programming languages familiar to data scientists. Create pipelines that define where and when to run the compute-intensive experiments that are required to score the algorithms based on the training and test data. Deploy the best-performing algorithm as an API to an endpoint so it can be consumed in real time by other applications. Choose Azure Machine Learning when your data scientists need complete control over the design and training of an algorithm using your own data.

MFA

process where a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan. Multifactor authentication increases identity security by limiting the impact of credential exposure (for example, stolen usernames and passwords). With multifactor authentication enabled, an attacker who has a user's password would also need to have possession of their phone or their fingerprint to fully authenticate.

Defense in depth

protect information and prevent it from being stolen by those who aren't authorized to access it. A defense-in-depth strategy uses a series of mechanisms to slow the advance of an attack that aims at acquiring unauthorized access to data. The physical security layer is the first line of defense to protect computing hardware in the datacenter. The identity and access layer controls access to infrastructure and change control. The perimeter layer uses distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of service for users. The network layer limits communication between resources through segmentation and access controls. The compute layer secures access to virtual machines. The application layer helps ensure that applications are secure and free of security vulnerabilities. The data layer controls access to business and customer data that you need to protect.

Azure Dedicated Host

provides dedicated physical servers to host your Azure VMs for Windows and Linux. Gives you visibility into, and control over, the server infrastructure that's running your Azure VMs. Helps address compliance requirements by deploying your workloads on an isolated server. Lets you choose the number of processors, server capabilities, VM series, and VM sizes within the same host. You're charged per dedicated host, independent of how many VMs you deploy to it. The host price is based on the VM family, type (hardware size), and region

Azure Disk Storage

provides disks for Azure virtual machines. Applications and other services can access and use these disks as needed, similar to how they would in on-premises scenarios. Disk Storage allows data to be persistently stored and accessed from an attached virtual hard disk Disks come in many different sizes and performance levels, from solid-state drives (SSDs) to traditional spinning hard disk drives (HDDs), with varying performance tiers. You can use standard SSD and HDD disks for less critical workloads, premium SSD disks for mission-critical production applications, and ultra disks for data-intensive workloads such as SAP HANA, top tier databases, and transaction-heavy workloads. Azure has consistently delivered enterprise-grade durability for infrastructure as a service (Iaas) disks, with an industry-leading ZERO% annualized failure rate.

Azure Mobile App

provides iOS and Android access to your Azure resources when you're away from your computer. With it, you can: Monitor the health and status of your Azure resources. Check for alerts, quickly diagnose and fix issues, and restart a web app or virtual machine (VM). Run the Azure CLI or Azure PowerShell commands to manage your Azure resources.

Azure Cognitive Services

provides prebuilt machine learning models that enable applications to see, hear, speak, understand, and even begin to reason. Use Azure Cognitive Services to solve general problems, such as analyzing text for emotional sentiment or analyzing images to recognize objects or faces. You don't need special machine learning or data science knowledge to use these services. Developers access Azure Cognitive Services via APIs and can easily include these features in just a few lines of code. Language, Speech, Vision, Decision services

Azure Database for MySQL

relational database service in the cloud, and it's based on the MySQL Community Edition database engine, versions 5.6, 5.7, and 8.0. With it, you have a 99.99 percent availability service level agreement from Azure, powered by a global network of Microsoft-managed datacenters. This helps keep your app running 24/7. With every Azure Database for MySQL server, you take advantage of built-in security, fault tolerance, and data protection that you would otherwise have to buy or design, build, and manage. With Azure Database for MySQL, you can use point-in-time restore to recover a server to an earlier state, as far back as 35 days.

OpEx

spending money on services or products now, and being billed for them now. You can deduct this expense in the same year you spend it. There is no up-front cost, as you pay for a service or product as you use it. e.g cloud services

Azure Implementations of Serverless Computing (Azure Functions & Azure Logic Apps)

system in which a cloud provider fully manages the functions of a cloud server includes abstraction of servers, an event-driven scale, and micro-billing Azure Functions: Functions can execute code in almost any modern language. Azure Logic Apps: Logic apps are designed in a web-based designer and can execute logic triggered by Azure services without writing any code. With Functions, you write code to complete each step. With Logic Apps, you use a GUI to define the actions and how they relate to one another. You can mix and match services when you build an orchestration, calling functions from logic apps and calling logic apps from functions.

Conditional Access

tool that Azure Active Directory uses to allow (or deny) access to resources based on identity signals. These signals include who the user is, where the user is, and what device the user is requesting access from. provides a more granular multifactor authentication experience for users. For example, a user might not be challenged for second authentication factor if they're at a known location. However, they might be challenged for a second authentication factor if their sign-in signals are unusual or they're at an unexpected location. During sign-in, Conditional Access collects signals from the user, makes decisions based on those signals, and then enforces that decision by allowing or denying the access request or challenging for a multifactor authentication response. To use Conditional Access, you need an Azure AD Premium P1 or P2 license. If you have a Microsoft 365 Business Premium license, you also have access to Conditional Access features.

CapEx

up-front spending of money on physical infrastructure, and then deducting that up-front expense over time. The up-front cost from CapEx has a value that reduces over time. e.g. buying servers

ARM (Azure Resource Manager) Templates

you can describe the resources you want to use in a declarative JSON format. The benefit is that the entire ARM template is verified before any code is executed to ensure that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time.


Related study sets

Endocrine Function Practice Quiz

View Set

Assignment 4 - Operational, Financial, and Strategic Risk

View Set

Team Response Scenario: Bill Goodman

View Set

Ace world history pace 103 self test

View Set

BIO 1201 - MORONEY - EXAM 1 SAMPLE/QUIZ 1

View Set

NUR220 - Mental Health Questions

View Set

Equal Credit Opportunity Act (ECOA)

View Set