Cloud Exam

Azure Security Center

Azure Advisor integrates with ______ to help to prevent, detect, and respond to threats to Azure resources. The tool analyzes resource configuration and usage telemetry to provide recommendations for high availability, security, performance, and cost.

Yes

Azure DDoS Protection Standard provides protection aainst volumetric, protocol, and application layer attacks

as soon as you add a resource to a new Azure subscription.

Azure Monitor begins collecting data _______

Azure Service Health

Azure component providing information about planned maintenance and advisories such as deprecated offerings

Azure Monitor

Azure service that uses autoscale to add/remove resources as appropriate to minimize costs and ensure optimum performance levels

Yes

Both Azure Functions and Logic Apps can act as a web hook.

Yes

Both Azure Functions and Logic Apps can run on a schedule.

Azure Sentinel

Build a baseline behavioural profile of organizational entities to identify anomalous activity.

Azure Functions

Build an event-driven solution and pay only for the time spent running your code

Azure Virtual Machine

An example of an Infrastructure as a Service (Iaas)

Yes

An initiative can only contain policies that are located in the same subscription

Azure HDInsight

An open-source enterprise-level analytics service that provides for fast and cost-effective processing of massive amounts of data

organize similar servers so you can easily define and implement security policies based on those groups.

Application Security Groups (ASGs) let you ___

No

(Y/N) - A user can be given access to only one subscription, and resources can belong to only one subscription.

No

(Y/N) - Azure DDoS Protection Standard is enabled automatically

Yes

(Y/N) - Azure PowerShell can be run in a browser in the Azure Cloud Shell

Yes

(Y/N) - Azure PowerShell can be used to create scripts to automate Azure management tasks

No

(Y/N) - Azure PowerShell virtual machine (VM) management is limited to Windows VMs only.

No - it uses JSON

(Y/N) - Azure Resource Manager Templates use Azure PowerShell syntax

Yes

(Y/N) - The customer always retains responsibility for the data

No

(Y/N) - The responsibility for accounts is transferred to the cloud provider

Yes

(Y/N) - When a blueprint is unassigned, all resources assigned by the blueprint remain in place, but blueprint resource locking is removed

No

(Y/N) - When a blueprint is updated and the updated version is published, any assignment of the blueprint are updated automatically

Yes

(Y/N) - When multiple locks are applied at different scopes, the most restrictive inherited lock applies

Yes

(Y/N) - When you delete a core blueprint, any assigned versions of the blueprint remain in place

Yes

(Y/N) - You can increase the composite SLA by having the web app access as a fallback queue

No

(Y/N) - You use Azure Functions to implement serverless computing through a graphical user interface.

No

(Y/N) - You use Logic Apps to implement serverless computing through code

No

(Y/N) An initiative is limited to being assigned to only one scope

Dashboard

A collection of customizable tiles displayed in the portal

Yes

A lock applies to all resources contained in a scope and any new resources added to the scope

Blade

A panel that slides out in a navigation sequence

Azure IoT Hub

A service that provides for bi-directional connections between your Internet of Things (IoT) devices and an IoT application.

Azure Advisor

A service that provides recommendations on high availability

Plan

Align actionable adoption plans with business outcomes.

Function App

Allows you to write code that executes on a trigger or a schedule

Container descriptions

Can be accessed over the internet by IP address or domain name, can run on windows or linux, represents a single app and its dependencies, can scale out as needed

Machine Learning Studio

Data Science Solution without the need to write a code

Azure Firewall

Deny traffic to your Azure Virtual Network resources from known malicious IP addresses. Can identify and deny traffic to/from malicious IP addresses and domains.

1. Self-service password change for cloud users 2. User and group management

Features available to the company with Azure Active Directory (AD) Free Edition

Purpose of a resource group

It serves as a container for Azure resources like virtual machines (VMs) and web apps

Azure Pricing Calculator

Lets you deploy your virtual machines. Allows you to estimate the monthly cost of a cloud solution

Read-Only Lock

Lock that prevents a resource from being modified

No

Locks can be applied in the context of specific users and roles

Azure Cost Management

Makes use a free SaaS solution that lets your company monitor, allocate, and optimize cloud spend in a multi-cloud environment

Azure Virtual Machine (VM)

Migrate a workload from an on-premises Hyper-V Host to Azure, still retaining full control over the operating system

Github + Azure Pipelines

Need to deploy a solution that would allow your developers to automatically build, test, release, and deploy code

The product of the SLAs of each of the services used in the application

On what is the composite SLA based?

PostgreSQL Hyperscale (CITUS)

Option if supporting horizontally scaled queries across multiple machines using sharding.

Azure Advisor

Personal Cloud consultant that provides the information you need to follow best practices and optimize Azure deployments. It can provide recommendations for proactive, actionable, and personalized best practices.

Premium

Premium or Free? You want on-premises users to be able to reset their own passwords

Resource Lock

Prevents the VM from being deleted

Private Model

Private, Public, or Hybrid? A company needs to implement a solution where it maintains management control over hardware and infrastructure. The solution can be physically deployed offsite.

Hybrid Model

Private, Public, or Hybrid? A company plans to use a custom Software-as-a-Service (SaaS) application and wants to minimize costs. The company is legally required to maintain and secure all data onsite.

Security Center

Provides general security recommendations and suggests remediations to better secure your resources

Microsoft Marketplace

Provides purchase and subscription links to certified cloud applications and solutions from Microsoft and it's technology partners

Yes

Quotas for resources in Azure Resource Groups are per region rather than per subscription.

Contributor

Role that give all users in a group the ability to create and manage all types of Azure resources in a subscription.

No

Role-based access control (RBAC) roles take precedence over locks

Azure iOT Central

SaaS solutions, let's you create solutions without code

Azure Key Vault

Securely store a database connection string to avoid its accidental exposure in a web site's source code

Logic Apps

Serverless workflow orchestration to let you integrate apps, data, systems, and services across enterprises organizations

Functions

Solution for building highly reliable and secure serverless apps that support multiple programming languages

NIST (National Institute and Technology)

Standards-based, non-regulatory agency based in the United States.

PostgreSQL Single Server Basic Tier

Storage is limited to 1TB and is limited to Azure Standard Storage

- You want to be notified if your App Service exceeds the usage quota (health advisory) - You want to respond to planned service outages in VA - You want to implement a webhook on your website to display health incidents

The following are good use cases for Service Health:

# of Webjobs, Type of Application Framework

The following factors DON'T affect cost of an App Service:

1. Instance Type 2. Number of Instances 3. Operating System 4. Region 5. Tier

The following factors affect cost of an App Service:

No

The responsibility for the operating system in Platform-as-a-service (PaaS) is retained by the customer

Online Services Terms

The terms for how you can use subscribed, public, and generally available Microsoft online service are defined in the ______ document.

Key Vault

The tool helps provision, manage, and deploy certificates: used to store cryptographic keys and other secrets.

1. User and group management 2. Self-service password change for cloud users

Two features supported by Azure Free Edition:

Azure Database for PostgreSQL Single Server General Purpose Tier

Up to 10 TB Storage, Azure Premium Storage, point-in-time restore for up to 35 days

Yes

Virtual networks from multiple subscriptions in your organization can link to the same Azure DDoS Protection Plan

Access to preview features

What can be configured at the organization or user level?

Azure Policy

What is the recommended solution? Your company wants to ensure that it meets its internal compliance goals and that Azure resources are compliant with company standards. This will include ongoing evaluation for compliance and identification of non-compliant resources

Azure App Service

What is the tool used to deploy a web application using Platform-as-a-Service (PaaS) for scalability and security?

Strategy

What is the word to define the business justification and the expected outcomes of adoption?

Yes

When an initiative assignment is evaluated, all policies in that initiative are evaluated

Service Health

Which Azure Monitor feature sends an email to an administrator when a virtual machine (VM) is about to exceed its usage quote for the month?

Storage Account

Which resource is required to use Azure Cloud Shell?

Serverless computing

With ____, developers deploy code and pay for its run time only, without worrying about the provisioning, configuration, and management of the underlying infrastructure

Region Pairs

You need to ensure that your resources are replicated and hosted at least 200 miles away within the same geographic area, to minimize impact on your solution's availability in case of disaster. Which configuration option should you use?

Network Security Groups (NSGs) and Application Security Groups (ASGs)

You need to implement detailed controls over the types of connections supported between the web servers and database servers. You want to minimize the effort necessary to implement and maintain your solution. Which two technologies should you include in your solution?

Azure CLI

You need to log in to Azure with the following: az login

Azure PowerShell

You need to log into Azure with the following cmdlet from your laptop without manually opening a web browser: Connect-AzAccount. A module that you can install on your computer. It allows you to use cmdlets locally to administer Azure resources.

Azure Application Insights

You want to allow developers to send telemetry data to Azure. What tool will you use?

Azure Cognitive Services

You want to build an app that can guess the age of people in provided photos. You need to choose an Azure service that can provide you with access to advance computer vision algorithms for face detection and analysis. Which Azure service should you use?

Azure Pricing Calculator

You want to estimate the cost of of deploying four virtual machines (VMs) and two SQL database instances to Azure

Premium

You want to publish on-premises web apps using Azure AD (Premium or Free?)

Azure Cloud Shell

You want to run the following cmdlet in a scripting environment inside the browser: New-AzVm.

TCO (Total Cost of Ownership)

You want to see how much you can save over five years by moving your company's infrastructure to the cloud.

Cost Management

You want to set up an alert to send you and your coworker text messages when your Azure resources use 90 percent of your company's monthly Azure budget

Free

You want to use on-premises directory synchronization (Premium or Free?)

Resource Health

You want to view the number of virtual machines (VMs) that are currently down. What tool will you use?

Azure DDoS Protection Standard

Your Azure tenant includes an Azure Virtual Network (VNet) with several internet-facing web servers. The web servers experience attacks that exhaust server resources and make the servers unavailable to legitimate users. You determine that the attacks are being launched from multiple locations. What Azure tool do you need to use?

Azure Files

Your company is considering using Linux-based Azure Container Instances (ACIs) to deploy a simple application. The application runs as a stateful application. You need to provide storage to retrieve and persist state. What type of storage should you use?

Yes

Your company is reorganizing after acquiring a new company. Both your company and the new company have its own Azure Active Directory (Azure AD) tenants. You need to determine what happens when you transfer the billing ownership of a subscription from an account in your Azure AD tenant to an account in another Azure AD tenant and associate the subscription with the new directory. All users and groups with role-based access to manage the subscription lose their access

Azure Reservations

Your company wants to commit to a three-year plan for virtual machines (VMs) and storage resources to receive a reduction in pay-as-you-go prices

Azure Resource Manager (ARM)

Your company wants to increase default limits on how many select resources of each type can be provisioned per Azure Region.