AZ-900 study deck

Ace your homework & exams now with Quizwiz!

What is the maximum number of websites that can share an Azure Application Gateway?

100

What is the minimum number of Availability Zones in a Region?

3

What is the max time an item can remain in the cool blob storage tier?

30 days

What is the maximum size of an Azure block blob?

4.7TB

What is the maximum number of tenants for which a user can be a member or guest?

500

What is the maximum size of an Azure page blob?

8TB

What is a PowerShell cmdlet?

A lightweight command used in PowerShell environment to perform an action. Can perform same functions as CLI but different syntax.

What is an application gateway?

A special type of load balancer that allows routing based on URI (web address) as well as host headers. A standard load balancer only uses IP address and port.

Where would an application retrieve security tokens? A. Azure Active Directory (AAD) B. Azure Security Center C. Azure Key Vault D. Azure Information Protection

A. Azure Active Directory (AAD) Security tokens are not secrets, and are issued by an authorization server, like AAD. Tokens are dynamically generated, with a short expiration period, so they do not make sense to store in Key Vault.

You need to implement an Azure database solution that can add data concurrently from multiple regions, and can store JSON documents. Which of the following is the best choice? A. Azure Cosmos DB B. Azure Database for MySQL C. Azure SQL D. Azure Database for PostgreSQL E. Azure SQL data warehouse

A. Azure Cosmos DB

A company plans to deploy several million sensors that will upload data to Azure. Which two (2) of the following resources would be the best choices to utilize? A. Azure Data Lake B. Azure Queue storage C. Azure file storage D. Azure IoT Hub

A. Azure Data Lake D. Azure IoT Hub

Which Azure service uses past training to provide predictions that have high probability? A. Azure Machine Learning B. Azure IoT Hub C. Azure Bot Service D. Azure Functions

A. Azure Machine Learning

Which two of the following database APIs support key-value and wide-column noSQL: A. Cassandra API B. Table API C. SQL API D. Gremlin API E. MongoDB API

A. Cassandra API E. MongoDB API

After you create a virtual machine, you need to modify the ______ to allow connections to TCP port 8080 on the virtual machine. A. Network security group B. Virtual network gateway C. Virtual network D. Route table

A. Network security group. A Network Security Group (NSG) works like a firewall.

A Microsoft SQL Server database, hosted in the cloud, with software updates managed by Azure, is an example of which of the following: A. Platform as a service (PaaS) B. Infrastructure as a service (IaaS) C. Software as a service (SaaS) D. Serverless

A. Platform as a service (PaaS)

Azure Cosmos DB is an example of which of the following: A. Platform as a service (PaaS) B. Infrastructure as a service (IaaS) C. Software as a service (SaaS) D. Serverless

A. Platform as a service (PaaS)

Which of the following would you use to evaluate whether your company's Azure environment meets regulatory requirements (select all that apply)? A. Service Trust Portal B. Microsoft Defender for Cloud C. Compliance Manager D. Regulatory Compliance Dashboard in Security Center

A. Service Trust Portal B. Defender for Cloud C. Compliance Manager D. Regulatory Compliance Dashboard in Security Center (This question originally didn't include Service Trust Portal in the correct answers. However, while the Service Trust Portal content doesn't evaluate the specifics of a given user's Azure configuration, it provides generalized guidance on complying with various industry and governmental regulations.)

Where would you go to see Azure's compliance with industry standards like PCI DSS and ISO 27001? A. Trust Center B. Compliance Manager C. Security Center

A. Trust Center (Compliance Manager provides a framework for managing internal compliance requirements. Trust Center covers compliance with industry standards.)

What are the three kinds of Azure App Services? A. Web Apps B. Azure Container Instances C. Web App for Containers D. API Apps

A. Web Apps C. Web App for Containers D. API Apps

What is cloud agility?

Ability to rapidly provision computer resources

What does Azure Arc do?

Allow non-Azure resources (e.g., on AWS) to be managed as if they were in Azure.

When can you delete an Azure resource group?

Anytime, as long as the resources and resource group aren't locked by a related service.

Which Azure service can help collect, analyze and act on telemetry from cloud or on-premises environments? A. Azure Log Analytics B. Azure Monitor C. Azure availability sets

B. Azure Monitor

On Azure portal, where is the cloud shell icon?

At the top

What is the name of the Azure managed platform to host apps?

Azure App Service

What is the Azure product for running containers?

Azure Container Instances Note: Azure Kubernetes Service (AKS) sort of sounds right here, but AKS is focused on container orchestration, not simply running containers.

What is Azure DevTest Labs?

Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments. Good for creating demo/training/sandbox environments.

What is AKS

Azure Kubernetes Service. Kubernetes provides orchestration for containers.

Which Azure AI service provides a visual workspace?

Azure Machine Learning Studio

What are Azure security policies?

Azure security policies are a set of rules that Azure can use to evaluate if your configuration of a service is secure and complies with your organization's security guidelines.

Which Azure service can process data from millions of sensors? A. Azure Machine Learning B. Azure IoT Hub C. Azure Bot Service D. Azure Functions

B. Azure IoT Hub

What can Azure Information Protection (AIP) encrypt? A. Network traffic B. Documents and email messages C. An Azure Storage account D. An Azure SQL database

B. Documents and email messages

Which of the following is not a valid type of cloud computing? A. Public cloud B. Scalable cloud C. Private cloud D. Hybrid cloud

B. Scalable Cloud

Which of the following best describes Platform as a Service (PaaS)? A. Users are responsible for purchasing, installing, configuring and managing operating systems, middleware and applications B. Users create and deploy applications without having to worry about the underlying infrastructure C. Users have a turn-key solution provided, where all software is provided, configured, managed and ready to use.

B. Users create and deploy applications without having to worry about the underlying infrastructure

An application utilizes two Azure services, one with an SLA of 99.99%, and the other with an SLA of 99.95%. What is the composite SLA? A. 99.99%, the highest associated SLA B. 99.95%, the lowest associated SLA C. 99.94%, the product of the two SLAs D. 0.05%, the difference of the SLAs

C. 99.94%, the product of the two SLAs

What are the three types of blob storage?

Block Append Page

Which Azure service provides a digital online assistant with speech support? A. Azure Machine Learning B. Azure IoT Hub C. Azure Bot Service D. Azure Functions

C. Azure Bot Service

Which Azure service could automatically add watermarks to Microsoft Word documents that contain credit card information? A. Azure policies B. DDoS protection C. Azure Information Protection D. Azure Active Directory (AAD) Identity Protection

C. Azure Information Protection

Which of the following is the best choice to quickly send millions of notifications to iOS, Android, Windows or Kindle devices, working with APNs (Apple Push Notification service), GCM (Google Cloud Messaging), WNS (Windows Push Notification Service) and more? A. Azure IoT Hub B. Azure Event Hub C. Azure Notification Hubs D. Azure Queue Storage

C. Azure Notification Hubs

Microsoft Office 365, Xbox Live and Intune are examples of: A. Platform as a service (PaaS) B. Infrastructure as a service (IaaS) C. Software as a service (SaaS) D. Serverless

C. Software as a service (SaaS)

You have an Azure virtual network VNET1 in resource group RG1. You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. What happens? A. VNET1 is deleted B. VNET1 is moved to another resource group C. VNET1 continues to function normally D. VNET1 is now a read-only object

C. VNET1 continues to function normally

If Microsoft plans to end support for an Azure service with no successor, what is the minimum amount of advance notice they will provide? A. 30 days B. 90 days C. 6 months D. 12 months

D. 12 months

Azure Germany can be used by: A. Only legal residents of Germany B. Only enterprises registered in Germany C. German government agencies/partners D. Any user or enterprise that requires its data to reside in Germany

D. Any user or enterprise that requires its data to reside in Germany. Azure Germany is physically isolated to comply with Germany's privacy regulations, but it isn't restricted to use by any particular user group.

You need to ensure that when Azure Active Directory (AAD) users connect to AAD from the internet via an anonymous IP address, they are automatically prompted to change their password. Which Azure service would you use? A. Azure AD Connect Health B. Azure AD Privileged Identity Management C. Azure Advanced Threat Protection (ATP) D. Azure AD Identity Protection

D. Azure AD Identity Protection

Which Azure service provides "serverless" computing? A. Azure Machine Learning B. Azure IoT Hub C. Azure Bot Service D. Azure Functions

D. Azure Functions

Which Azure service should you use to correlate events from multiple resources into a single repository? A. Azure Event Hubs B. Azure Analysis Service C. Azure Monitor D. Azure Log Analytics

D. Azure Log Analytics

You have resource groups, RG1 and RG2. You need to prevent the creation of VMs within RG1. You still need to be able to create other object types in RG1, and RG2 needs to still allow the creation of VMs. What would you use? A. Lock B. Azure role C. Tag D. Azure policy

D. Azure policy

Your company plans to extend their on-premises network to Azure using a VPN appliance. What Azure resource would you create to recognize this VPN appliance? A. Load balancer B. Virtual network gateway C. ExpressRoute circuit D. Local network gateway E. Application network gateway

D. Local network gateway

What is an Azure Active Directory (AAD) tenant?

Dedicated instance of AAD an organization receives when signing up for Azure.

What do you call the ability to quickly expand or decrease computer processing, memory and storage resources to meet changing demands?

Elasticity (not scalability)

What Azure product provides private, high-bandwidth, low-latency connectivity between an on-premises data center and Azure?

Express Route

T/F: A Network Security Group (NSG) will encrypt all network traffic sent from Azure to the internet.

False

T/F: A resource can be in multiple resource groups?

False

T/F: Authorization to access Azure resources can be provided only to Azure Active Directory (AAD) users

False

T/F: Azure China offers the same services as other Azure global services

False

T/F: Azure Monitor gathers physical hardware data?

False

T/F: Identities stored in Azure Active Directory (AAD), third-party cloud service and on-premises Active Directory (AD) can be used to access Azure resources.

False

T/F: Azure VMs can be moved between availability sets?

False A VM can only be added to an availability set when it is created.

T/F: Azure Active Directory (AAD) can be used to grant or deny access based on the originating IP address.

False AAD is used to authorize actions based on an identity (user / account), and has no visibility to where that identity is located. Azure Firewall would provide the ability to grant or deny access by IP address.

T/F: Azure Advisor provides recommendations on how to improve the security of an Azure Active Directory (AAD) environment

False Azure Advisor provides recommendations for performance and cost. Microsoft Defender for Cloud provides security recommendations.

T/F: Among the various Azure management tools (Azure CLI, Azure portal, Azure PowerShell), all are available on Windows machines, but Mac/Linux are limited to Azure portal and Azure CLI.

False Azure CLI, Azure portal and Azure PowerShell are all available on Windows, Mac and Linux.

T/F: Azure China is operated by Microsoft

False Azure Chine is operated by an independent, China-based company.

T/F: Azure Government is open for use to European government agencies

False Azure Government is only for use by US government agencies and their partners.

T/F: Azure Government is for any government, worldwide

False Azure Government is only for use by the US government and partners.

T/F: Azure pay-as-you-go pricing is an example of CapEx?

False Azure pay-as-you-go pricing is OpEx (operational expenditure), not CapEx (capital expenditure)

T/F: Azure Reserved VM instances are an example of OpEx?

False Because Reserved Instances involve making an upfront payment, it is classified as CapEx, not OpEx.

T/F: Familiarity with Active Directory (AD) will help in understanding Azure Active Directory (AAD)?

False While they have similar names and accomplish similar goals, AD and AAD vary considerably.

T/F: Azure Firewall will encrypt all network traffic sent from Azure to the internet

False. This is a tricky question. If Azure Firewall encounters encrypted outbound data, it will decrypt, inspect and then RE-ENCRYPT outbound traffic to prevent the spread of malware and viruses. If Azure Firewall will NOT encrypt outbound data that is unencrypted.

T/F: A scale set can contain different VM sizes/configurations?

False. All VMs in a scale set are identical.

What is Azure HDInsight?

HDInsight is an open-source, managed, cloud-based analytics service

What are the key advantages to ARM (Azure Resource Manager) templates?

Idempotent (re-run results in same state), allows template storage in source control, declarative

What is Azure Resource Manager?

Main Azure architecture component for creating, updating and manipulating resources. CLI, PowerShell cmdlets and Azure web UI all use ARM behind the scenes.

What is Azure Synapse Analytics?

Microsoft refers to Azure Synapse Analytics as a "limitless" service that supports development of end-to-end analytics solution. It combines data integration, enterprise data warehousing and big data analytics.

What is the main purpose of the Azure mobile app?

Monitor state of Azure resources. Not a replacement for Azure portal, where you can build, manage and monitor pretty much anything

Your Azure environment contains multiple Azure VMs. You need to ensure that a VM named BOB is accessible from the Internet over HTTP. Would modifying an Azure Traffic Manager profile accomplish this goal?

No

Which blob type is most suitable for random access?

Page

What is a management group?

Provides ability to manage access, policy, and compliance across multiple Azure subscriptions

What is an Azure region?

Set of data centers with low-latency network interconnect

Name the types of disk storage, in order of slowest/cheapest to fastest/most expensive.

Standard HDD Standard SSD Premium SSD Premium SSD v2 Ultra Disk

Does a storage account names have to be unique across all of Azure, or just unique within a given account?

Storage account names must be globally unique across all of Azure.

T/F: A resource group can contain resources from multiple regions?

True

T/F: All Azure management tools (Azure CLI, Azure portal, Azure PowerShell) are available on Windows, Mac and Linux.

True

T/F: An Azure load balancer can log traffic that passes through it?

True

T/F: Azure Active Directory (AAD) provides authentication

True

T/F: Azure Advisor provides recommendations on how to reduce the cost of running Azure virtual machines

True

T/F: Azure Government is operated by Microsoft

True

T/F: Azure Monitor gathers metrics and logs?

True

T/F: Azure Monitor gathers subscription monitoring data?

True

T/F: Azure VMs can be moved between Availability Zones?

True

T/F: Azure VMs can be moved between regions?

True

T/F: Azure VMs can be moved between resource groups?

True

T/F: Azure VMs can be moved between subscriptions?

True

T/F: Azure has build-in authentication and authorization services that provide secure access to Azure resources

True

T/F: Deploying your own data center is an example of CapEx?

True

T/F: Every Azure account has an Azure Active Directory (AAD) service?

True

T/F: Microsoft Azure services operated by 21Vianet are separate from Azure Global Services?

True

T/F: Azure Active Directory (AAD) provides authorization

True Authorization is provided through Role-Based Access Control (RBAC) within AAD.

T/F: A resource group has a region?

True Even though a resource group can contain resources from multiple regions, the metadata for the resource group has a defined location in a region.

Your Azure environment contains multiple Azure VMs. You need to ensure that a VM named BOB is accessible from the Internet over HTTP. Would modifying an Azure firewall accomplish this goal?

Yes

Name the three Azure storage blob access tiers

hot cool archive


Related study sets

Section 13 - 14 : Closing the transaction, Compliance with Federal Regulations

View Set

Vocab #19, Vocab #18, Vocab #17, Vocab #16, Vocab #15, Vocab #14, Vocab #13, Vocab #12, Vocab #11, Vocab #10, vocab #9, Vocab #8, Vocab #7, vocab #6, vocab #1, Vocab #2, Vocab #5, vocab #3, Vocab #4

View Set

First English class/первое занятие по английскому языку

View Set

Psych - Ch. 14 Personality - Prep: Learning Curve

View Set