AZ-900 Practice Test
Agility
Speed and flexibility in allocation and deallocation of required resources. The ability to react quickly with allocation and deallocation of cloud resources. It allows deployment of required resources and services in minutes without manual administration of provisioning or deprovisioning processes.
False - Using CapEx for infrastructure spending is not a good idea when the demand fluctuates or is unknown. On the contrary; CapEx is appealing when you need to predict the cost before the start of a project and plan your expenses accordingly. When the demand fluctuates or is unknown, you should consider OpEx.
Using CapEx for infrastructure spending is a good idea when the demand fluctuates or is unknown.
Scalability
Manually increasing or decreasing resources to meet a predictable workload
Incurs penalties for data deleted within 30 days - Cool Is not available at the account level - Archive Incurs the highest rehydration cost - Archive
Match each Azure Storage Blob access tier with its associated description.
Organize similar servers so you can easily define and implement security policies based on those groups.
Application Security Groups (ASGs) allow you to:
Elasticity
Automatically increasing or decreasing resources to meet spikes and drops in demand
PaaS IaaS SaaS
Azure Cosmos DB Azure Storage Microsoft Office 365
1. False 2. True 3. True
Azure DDoS Protection Standard is enabled automatically. Azure DDoS Protection Standard provides protection against volumetric, protocol, and application layer attacks. Virtual networks from multiple subscriptions in your organization can link to the same Azure DDoS Protection plan.
True - CapEx costs are fixed. CapEx is an upfront cost, and you know exactly how much is being spent. Buying the servers and equipment for a datacenter is a CapEx.
CapEx costs are fixed.
ExpressRoute traffic is routed over a private connection. ExpressRoute is enabled through a connectivity provider at a co-location facility that lets you link your on-premises networks to Microsoft cloud services, such as Microsoft Azure and Microsoft 365. Traffic between Peered Virtual Networks (VNets) is not routed over the public internet. Instead, it is routed through the Microsoft backbone infrastructure without the involvement of the public internet. A VNet is created within the scope of a region. A VNet is a regional resource. However, VNets from different regions can still be connected to each other via Global VNet peering using internal Microsoft connectivity in Azure or via VPN gateways using the public internet.
For each of the following statements about azure networking, select Yes if the statement is true. Otherwise, select No.
Azure Key Vault
Securely store a database connection string to avoid its accidental exposure in a web site's source code
True - The Pay-as-you-go consumption model qualifies as an OpEx. With OpEx, there is no upfront cost and you pay for a service or product as you use it.
The Pay-as-you-go consumption model qualifies as an OpEx.
High Availability
The benefit of cloud computing that keeps resources and services functioning for long periods of time. Cloud service providers typically offer a service level agreement (SLA) that guarantees HA or uptime of resources and services as a percentage
A resource lock prevents the VM from being deleted. Setting a resource lock to Delete prevents a resource from being deleted. All other actions on the resource can be performed. An additional type of lock is Read-Only. It prevents a resource from being modified.
What does a resource lock do to a virtual machine?
Policy
You want to ensure that only SQL Database instances can be added to a resource group named database-rg
Azure Files
Your company is considering using Linux-based Azure Container Instances (ACIs) to deploy a simple application. The application runs as a stateful application. You need to provide storage to retrieve and persist state. What type of storage should you use?
1. Yes 2. No 3. Yes
Your company is planning to move its infrastructure to the Azure cloud. You need to explain the subscription model. A subscription can contain one or more resource groups. A subscription can have only one license Multiple subscriptions can be owned by a single organization
Azure Reservations
Your company plans to commit to a three- year plan for virtual machines (VMs) and storage resources to receive a reduction in pay-as-you-go prices.
Azure Cost Management
Your company plans to make use of a free SaaS solution that lets your company monitor, allocate, and optimize cloud spend in a multi-cloud environment.
Separate Availability Zones
A company is deploying a critical business application on two virtual machines (VMS). The deployment needs to support: Highly Available access Separate fault and update zones Minimal latency between instances
Seperate Availability Zones.
A company is deploying a critical business application on two virtual machines (VMs). The deployment needs to support: « Highly available access « Separate fault and update zones « Minimal latency between instances Most users who need to access the application are in the Azure East US 2 region. Which configuration should the company use to deploy the solution?
Your company plans to commit to a three-year plan for virtual machines (VMs) and storage resources to receive a reduction in pay-as-you-go prices - Azure Reservations Your company plans to make use of a free SaaS solution that lets your company monitor, allocate, and optimize cloud spend in a multi-cloud environment - Azure Cost Management Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure Region - Azure Resource Manager (ARM)
A company is looking for solutions to help to lower cloud-related costs. You need to identify tools and mechanisms that help save money. To answer, select the appropriate cost control mechanism from the drop-down list.
Public Cloud Model Is the best Solution
A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physically deployed offsite.
Private Cloud Model is the best solution
A company plans to use a custom software as a service (SaaS) application and wants to minimize costs. The company is legally required to maintain and secure all data onsite.
Hybrid Cloud Model is the best solution
A company wants to deploy multiple servers to host web applications but wants to keep hardware costs and management costs to a minimum. The solution should be highly scalable.
1. True 2. False 3. True
AVD supports Remote Desktop clients on MacOS and iOS. You are charged for the use of AVD on a monthly basis accordingly by active users. AVD users should exist in the same Windows Server Active Directory (AD) that is linked to Azure AD.
Microsoft Defender For Cloud
Azure advisor integrates with _______________ to help prevent, detect, and respond to threats to Azure resources.
Microsoft Sentinel
Build a baseline behavioral profile of organization entities to identify anomalous activity
Cloud Shell can be accessed from Azure mobile app, among other features available on the app, to manage and monitor the Azure environment.
Cloud Shell provides a way to run Azure CLI and Azure PowerShell on iOS and Android mobile devices.
True
Cloud Shell times out with 20 minutes of inactivity
Commands work the same on Mac, Linux, and Windows with both Azure CLI and Azure PowerShell. Azure PowerShell works the same on all platform using. NET Core and the Az Module since PowerShell version 6.2.4. Azure Cloud Shell supports both. Azure Cloud Shell is an interactive, browser-accessible shell environment. The first time you launch Cloud Shell, you are prompted to select your shell as either Bash or PowerShell. This becomes your default, but you can manually choose between Bash and PowerShell. Choose Bash to support Azure CLI commands and PowerShell to support Azure PowerShell commands.
Compare using Azure Powershell and Azure CLI for Azure management. To answer, select the appropriate options from the drop-down menus Pt. 1
Azure Firewall
Deny traffic to your Azure Virtual Network resources from known malicious IP addresses
A single Azure account can create multiple subscriptions. Billing occurs at the subscription level. You should create three subscriptions when your company has three departments that must each receive an Azure bill. You should create two subscriptions when your company has two physical locations that must each receive a separate bill. You should create one subscription when your company has two divisions that must share one Azure bill.
How many subscriptions should you create? To answer, drag the appropriate number of subscriptions to each scenario. A number may be used once, more than once, or not at all.
Applications Operating System (OS)
In the Infrastructure-as-a-Service (1aaS) cloud service model, the subscriber is responsible for the management of which two components? Each correct answer presents part of the solution.
False Spot VMs do not use the standard SLA for Azure VMs. There is no SLA for spot VMS because Azure allocates spot VMs only if there is an unused capacity available. If Azure needs the capacity back, spot VMs can be evicted with a 30-second notice.
Spot VMs use the standard SLA for Azure VMs.
True
Spot pricing provides access to Azure compute resources at deep discounts when unused Azure capacity is available.
False True No
True or False Azure Advisor makes shutdown recommendations based on CPU and memory utilization over the last seven days. You can use Azure Advisor to reduce costs by resizing underutilized virtual machines. Tags can aid in cost management for your subscriptions, and each tag consists of a name, location, and value.
1. True 2. True 3. False
Virtual network peering can be used to connect virtual networks across Azure regions. Virtual network peering can be used to transfer data between Azure Active Directory (Azure AD) tenants. Configuring peering requires a short downtime for the peered virtual networks.
Cloud computing is the delivery of computing services such as compute, power, storage, software and analytics over the internet.
What is cloud computing?
Subscriptions as a single management entity to facilitate easier management.
What multiple items does Management groups allow you to organize?
Virtual Machine (VM)
Which Azure resource can be deployed as Infrastructure-as-a-Service (IaaS)?
Costs are lower and spread among multiple tenants
You are a cloud engineer for a retail company. You need to decide whether to use a public or private cloud. What is an advantage of using a public cloud over a private cloud?
laaS allows you to rent hardware and have control over the OS. This includes virtual machines (VMs), storage, and virtual networks (VNets). With laaS, you create the VMs, attach storage devices to them, and assign the VMs to VNets that you create. You control the applications that are installed on the VM. OS updates are automatically handled by Azure. PaaS allows you to manage applications without controlling the underlying OS. This includes development frameworks and databases, such as Azure SQL Database. With PaaS, you do not create the VM. You only have control of the applications on the VM. Saas allows you to subscribe to software. An example is Office 365.
You are asked about the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (Paas), and Software-as-a-Service (Saas). You need to explain what each service type means. For Each of the following statements, select Yes if the statement is true. Otherwise, select No.
True - Because spot vm prices vary based on available capacity, you can set the capped price. Your vms are automatically evicted when the current spot price is higher than the maximum price you agree to pay or if Azure no longer has compute capacity available.
You can set the maximum price that you agree to pay.
Define the server, database, storage, and networking workload.
You need to compare the costs of running an application workload in Azure versus on-premises. What should you do to ensure that you can use the Azure TCO calculator to complete this task?
It stores three data copies in each of two regions - Geo-redundant storage (GRS) It allows replicated data to be accessed in two zones - Read-Access GRS (RA-GRS) 1t stores all replicas in one data center - Locally redundant storage LRS
You need to enable data redundancy for your organization's cloud apps. Depending on the data, redundancy may be local only, or may require multiple copies stored in different locations. Given the redundant storage descriptions below, which redundancy option is being described? To answer, select the appropriate redundancy option from the answer area.
1. True 2. True 3. No
You work for a small company that hosts its own web server running Microsoft Internet Information Services (I1S) and email server running Microsoft Exchange. As demand on the web server increases, you want to add a secondary web server to spread out the traffic. As demand decreases, you want to decommission the web server to save energy and maintenance. You consider moving the current infrastructure to the cloud. You can use horizontal scaling for the web server. You can resize the disk on demand on mail server if e-mail messages increase. You eliminate the cost of having IT staff.
Azure Pricing Calculator
Your company plans to deploy to the Azure cloud three virtual machines (VMs) and a Load Balancer. You want to estimate the cost of using all four resources before you create a subscription. You need to choose the most appropriate cost estimation tool. Which tool should you use?
When a blueprint is updated and the updated version is published, any assignments of the blueprint are not updated automatically. You must update the blueprint assignment with the new updated version of the assignment. When a blueprint is unassigned, all of the resources assigned by the blueprint remain in place, but blueprint resource locking is removed. This also results in the deletion of the blueprint assignment object. When you delete a core blueprint, any assigned versions of the blueprint remain in place. A blueprint must be unassigned before it can be deleted.
Your company plans to use Azure Blueprints to support rapid deployment through built-in components and following organizational compliance. Which statements accurately describe the features and functionality of Azure Blueprints? For each of the following statements, select Yes if the statement is true.
Blueprint Operator
Your company uses Azure Blueprints to assist with its migration to Azure. User1 should be able to assign published blueprints. You need to add User1 to the role-based access control (RBAC) role necessary to provide this permission. Your solution should follow the principle of least privilege. Which role should you assign to User1 to?
User Access Administrator You should add User1 to the User Access Administrator role. From the context of management groups, this role grants permissions to assign access and assign policies only. You should not add User1 to the Owner role because this would grant them more permissions than necessary. Members of the Owner role can create, update, move, delete, and read management groups in addition to assigning access policies. You should not add User1 to the Contributor or Management Group Contributor role. Neither of these roles would grant User1 permission to assign access or assign policies. Members of both roles can create, update, move, delete, and read management groups.
Your company uses management groups to manage resources in your Azure tenant more efficiently. User1 should be able to assign access and assign policies to management groups. You need to determine which role-based access control (RBAC) role User1 should be added to. Your solution should follow the principle of least privilege. Which role should you add User1 to?
Region. - Azure Resource Manager (ARM)
Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure
Defense In Depth
______________ Is a strategy to implement multiple layers of security to slow down an attack and provide early alert telemetry to act upon
Both Azure CLI and Azure PowerShell execute commands in an interactive command-line based environment. In most management situations, the choice between using Azure CLI and Azure PowerShell is one of personal preference. Neither Azure CLI nor Azure PowerShell supports a GUI interface. They are both command-line only environments.
Compare using Azure Powershell and Azure CLI for Azure management. To answer, select the appropriate options from the drop-down menus Pt. 2
Overall compliance score Number of passing and failing assessments
Which two organization-level insights can you derive from the Regulatory Compliance dashboard of Microsoft Defender for Cloud? Each correct answer presents part of the solution.
AzCopy Azure Storage Explorer
Which two solutions should you use to transfer an on-premises virtual hard disk (VHD) to Azure? Each correct answer presents a complete solution.
Single Sign-On (SSO)
With _________ users can access all needed applications without being required to authenticate a second time
Azure allows you to pay monthly based on usage rather than pay upfront for physical hardware.
How can azure lower capital expenditure (CapEx) costs?
An Azure Log Analytics Workspace An Azure Storage Account
Which two locations are valid destinations for platform logs and metrics collected by Azure Monitor? Each connect answer presents a complete solution.
VPN Gateways VNet Peering
Which two options can you use to connect Azure Virtual Networks (Vnets) to each other? Each correct answer presents a complete solution
Serverless Computing
With ______________ , developers deploy code and pay for its runtime only, without worrying about the provisioning, configuration and management of the underlying infrastructure.
A free Azure subscription is good for 30 days before you have to upgrade. The subscription includes $200 credit that can be used any time within the first 30 days. Any credit left over after the first 30 days does not carry over. After using your credit or when your subscription expires, you can upgrade to Pay-As-You-Go for paid services. Services offered as free with the subscription, such as storage within limits, will continue to be free for 12 months.
What is the maximum length of time you can use the credits from an Azure free subscription before it expires?
Azure Cloud Shell is an interactive, browser-accessible shell environment. When launching Cloud Shell, you need to select PowerShell to execute Azure PowerShell commands or Bash to execute Azure CLI commands. When running Azure PowerShell with Cloud Shell, Linux-specific functionality is available, but Windows-specific functionality is not. This is because Cloud Shell runs PowerShell 6 on a Linux container.
When running Azure Powershell with cloud Shell, both Linux-Specific and windows-specific functionality is available.
Azure Portal Azure portal provides a graphic interface for deploying, managing, and monitoring Azure resources. It can also be used to manage all aspects of your applications. Azure portal has a home view, which is the default view with menus, and a dashboard view, which gives you easy access to tools and information. Azure PowerShell and Azure CLI are both command-line based management utilities and do not provide a graphic interface. Azure Resource Manager is not used for managing and monitoring Azure resources. It is used to deploy resources based on templates and provides an easy way to deploy consistent instances of resources.
Which Azure management tool provides a graphic interface for deploying, managing, and monitoring Azure resources?
Azure IOT Central
Which Azure resource can be managed as Software -As-A-Service (SaaS)
Azure Monitor
Which Azure service can use autoscale to add or remove resources as appropriate to minimize costs and ensure optimum performance levels?
People who present their birth certificate to prove that they are eligible to receive government age-based benefits.
Which example best describes authorization?
You receive a text message with a code after enter a username and password on a movie streaming site. You insert your debit card into an Atm and then enter your personal identification number (PIN) to access your account.
Which two examples best describe multi-factor authentication (MFA)? Each correct answer presents a complete solution.
Private and Public Cloud On-Premises infrastructure and public cloud
Which two infrastructures are valid hybrid cloud infrastructures? Each correct answer presents part of the solution.
A container can be accessed over the Internet by IP address or domain name. A container can run on Windows or Linux. A container can scale out as needed. A container represents a single app and its dependencies.
You are considering moving some of your applications to Azure as container instances. However, your manager wants you to explain to them about containers and their benefits first. You need to explain containers to your manager. Which four descriptions of containers are accurate?
You should use a policy when you want to ensure that only VMs of a specific size are deployed to a resource group. A policy definition is a JSON file that is assigned to a scope, such as a resource group. The JSON file defines the rules that are to be used for certain resources. For example, you can create a rule to deny the creation of all VMs that are outside the sizes that you specify. You should use an initiative when you want to manage a collection of policy definitions. This allows you to manage multiple policies as a whole, rather than individually. Similar to policies, you can assign initiatives to a scope, such as a resource group or subscription. You should use a lock when you want to prevent VMs from being deleted by anyone after they are deployed. This helps to prevent accidental deletion of critical resources. The name of this lock setting is Can Not Delete. In the Azure portal, this lock setting is simply referred to as Delete. You should not use Role-Based Access Control (RBAC) in this scenario. RBAC assigns permissions that apply to users and groups. In this scenario, you are applying settings to resources regardless of users and groups.
You are researching the governance methodologies in Azure. You want to understand role-based access security (RBAC), policies, initiatives, and locks. You need to choose the type of resource or feature to use for different scenarios. When should you use each resource or feature? To answer, drag the appropriate resource or feature to each scenario. A resource or feature may be used once, more than once, or not at all.
When a resource group is deleted, all of the resources contained in that resource group are also deleted, including VMs. Resource groups are used to group related resources for easier and more efficient management. Typically, resource groups are used to create a logical group of related resources with a similar lifecycle. The resource group stores metadata about the resources it contains, which can include resources from different Azure regions. Deleting a resource group deletes the metadata of all contained resources, so that the VMs are not left in place in any state.
You deploy two Azure virtual machines (VMs) running Windows Server 2016 and one VM running Ubuntu Linux. All three VMs and their resources are added to the same resource group. The VMs and the resource group are located in the same Azure region. The test plan directs that you need to delete the resource group once the initial test cycle is completed. What is the result of this action?
Contributor
You need to give all users in a group the ability to create and manage all types of Azure resources in a subscription. Rights granted to the users should be kept to a minimum. Which built-in role-based access control (RBAC) role should you assign to the group.
A collection of customizable tiles that are displayed in the portal - Dashboard A panel that slides out in a navigation sequence - Blade A service that provides recommendations on high availability - Azure Advisor
You recently signed up for a free Azure subscription. You need to familiarize yourself with the Azure portal UI. Which UI elements best match the descriptions? To answer, select the appropriate UI elements from the drop-down menus.
1. Application Insights 2. Alerts 3. Resource Health
You want to enable developers to improve app performance and usability. You want to receive an email whenever the number of requests to a web app exceeds 10,000 within an hour. You want to view the number of virtual machines (VMs) that are currently down.
RBAC
You want to ensure that only members of the sales group can access virtual machines (VMs) in the sales-rg resource group
You should use the Azure pricing calculator when you want to estimate the cost of deploying four VMs and two SQL Database instances to Azure. This tool allows you to estimate the cost of deploying new resources to Azure.
You want to estimate the cost of deploying four virtual machines (VMs) and two SQL Database instances to Azure.
Lock
You want to prevent new resources from being added to a resource group by anyone
You should use the Total Cost of Ownership (TCO) calculator when you want to see how much you can save over five years by moving your company's infrastructure to the Azure cloud. This tool allows you to predict cost savings.
You want to see how much you can save over five years by moving your company's infrastructure to the Azure cloud.
You should use the Cost Management tool when you want to set up an alert to send you and your coworker text messages when your Azure resources use 90 percent of your company's monthly Azure budget. This tool allows you to view historical breakdowns of how much Azure resources cost. You can also set up alerts that get triggered when costs exceed a budget threshold.
You want to set up an alert to send you and your coworker text messages when your Azure Resources use 90 percent of your company's monthly Azure budget.
The public cloud allows you to deploy resources without managing the underlying hardware. The servers, storage devices, and networking devices exist in Azure datacenters. You are only required to manage the configuration of those devices. The hybrid cloud typically allows you to deploy resources with some capital expenditure. Capital expenditure (CapEXx) involves spending money on physical resources up front. With the hybrid cloud, some resources exist in the cloud, while other resources usually exist on-premises. The CapEx costs come from the on-premises resources. Some hybrid deployments can also involve a combination of public and private clouds, which requires IT expertise. The private cloud requires you to have IT expertise in order to deploy resources, unless you are using a third-party company as the private cloud provider. This is because on a private cloud that is not third-party hosted, you are responsible for managing the hardware, such as servers, storage devices, and networking devices, as well as for the configuration of these resources.
You work for a cloud solution provider. One of your company's clients considers moving its on-premises infrastructure to the cloud. However, the client wants a better understanding of the different models before it makes a decision. A third-party will not be involved. You need to describe the advantages of the different cloud models. For each of the following statements, select Yes if the statement is true.
Region - US Operating System - Linux Tier - Basic
You work for a private equity firm in Richmond, Virginia. You are planning to deploy a virtual machine (VM) to Azure that allows developers to run a .NET Core web service. The client applications that access the web service are deployed at the firm. The developers inform you that any operating system can be used. You need to use the Azure pricing calculator to determine the least expensive cost of the deployed VM. Which settings should you select? To answer, select the appropriate settings from the drop-down menus.
Public Cloud
Your Organization hosts its e-commerce solution on a computing infrastructure that is provided by a third party service provided and shared with other organizations. You only pay for a the compute power, storage, and networking resources you use.
Azure Pricing Calculator
Your company is considering moving its on-premises infrastructure to Azure. Before doing so, you want to compare the cost savings, if any. You need to choose the most appropriate cost savings estimation tool. Which tool should you use?
You should use Azure Advisor to collect the recommendations needed. You should run Advisor from the menu to launch Azure Advisor. The other menu selections will not provide the requested information. Azure Advisor is a personal cloud consultant that provides the information you need to follow best practices and optimize Azure deployments. It can provide recommendations for proactive, actionable, and personalized best practices.
Your company is planning an Azure cloud deployment that must meet the following requirements: Improve the continuity of business-critical applications Improve application performance Detect threats and vulnerabilities Reduce overall Azure costs You need to use a tool that will help you make these types of recommendations. Which tool should you use? To answer click the appropriate option in the answer area.
To augment on-premises resources by providing overflow capacity.
Your company plans to migrate applications and services to the cloud. You recommend for a hybrid cloud to be deployed. Why would you make this recommendation?
Disaster recovery is the ability to restore a cloud service in the wake of a catastrophic loss. Taking regular backups of important data and replicating your application across different regions are some of the disaster recovery measures that help you ensure that data remains safe and that your application's availability is not impacted after an unexpected disastrous event. High availability (HA) is the ability to keep cloud resources and services functioning for long periods of time. Cloud service providers typically offer a service level agreement (SLA) that guarantees HA or uptime of resources and services, as a percentage.
________________ is the ability to restore a cloud service in the wake of a catastrophic loss.