Microsoft AZ-900 Practice Assessment

What can be applied to a resource to prevent accidental deletion? A. A Resource Lock B. A Resource Tag C. A Policy D. An Azure Reservation

A

Which tool is used to compare the monthly costs of running specific resources in Azure? These could include regions for VMs, categories, instance series, how many VMs and how many hours each one will run every month, etc. A. Azure Pricing Calculator / Azure Cost Calculator B. Azure Advisor C. Azure Cost Management D. Total Cost of Ownership Calculator (TCO)

A

What is an Azure Storage account named storage001 an example of? A. a resource B. a resource group C. a subscription D. a resource manager

A A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account? A. Azure Resource Manager (ARM) B. Azure management groups C. Azure CLI D. Azure Sphere

A ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.

What can you use to manage servers across cloud platforms and on-premises environments? A. Azure Arc B. Azure CLI C. Azure Monitor D. Azure PowerShell

A Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

What are two services that allow you to run applications in containers? Each correct answer presents a complete solution. A. Azure Container Instances B. Azure Kubernetes Service (AKS) C. Azure Logic Apps D. Azure Functions

A and B Containers are a virtualization environment. Much like running multiple virtual machines on a single physical host, you can run multiple containers on a single physical or virtual host. Unlike virtual machines, you do not manage the operating system for a container.

You need to be notified when there are new recommendations for reducing Azure costs. Which tool should you use? A. Azure Service Health B. Azure Advisor C. Azure Monitor D. Log Analytics

B Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

Which two factors affect Azure costs? (Choose two) A. Availability Zone selection B. Resource usage C. Resource location D. Date and time of use

B and C

Which cloud deployment model are you using if you have servers physically located at your organization's on-site datacenter, and you migrate a few of the servers to the cloud? A. private cloud B. public cloud C. hybrid cloud

C A hybrid cloud is a computing environment that combines a public cloud and a private cloud by allowing data and applications to be shared between them.

Which two protocols are used to access Azure file shares? Each correct answer presents a complete solution. A. FTP B. HTTP C. Network File System (NFS) D. Server Message Block (SMB)

C and D Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.

Which tool is used to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure? The same tool is used for calculating the cost of a migration from on-prem to the cloud. A. Azure Pricing Calculator / Azure Cost Calculator B. Azure Advisor C. Azure Cost Management D. Total Cost of Ownership Calculator (TCO)

D

An example of [answer choice] is automatically scaling an application to ensure that the application has the resources needed to meet customer demands. A. agility B. high availability C. geo-distribution D. elasticity

D Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers to the ability to ensure that a service or application remains available in the event of a failure. Geo-distribution makes a service or application available in multiple geographic locations that are typically close to your users.

Which resource can you use to manage access, policies, and compliance across multiple subscriptions? A. management groups B. resource groups C. administrative units

A Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Azure AD resources, such as users and groups. Accounts are used to provide access to resources

You need to associate the costs of resources to different groups within an organization without changing the location of the resources. What should you use? A. Resource Tags B. Resource Groups C. Subscriptions D. Administrative Units

A Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

You need to identify which Azure services are compliant with ISO 27001 Information Security Management Standards. Where should you go to locate the information? A. Microsoft Trust Center B. Microsoft Privacy Statement C. The Data Protection Addendum of Microsoft D. Microsoft Online Services Terms

A The Trust Center showcases the Microsoft principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.

What can you use to find information about planned maintenance for Azure services that are critical to your organization? A. Azure Service Health B. Azure Advisor C. Azure Monitor D. Log Analytics

A You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime.

Which two scenarios are common billing use cases for resource tags? Each correct answer presents a complete solution. A. categorizing costs by department B. associating costs with different environments C. resizing underutilized virtual machines D. identifying lower cost regions

A and B You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production. Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.

Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution. A. storing data for backup and restore B. hosting ASPX files for a website C. mounting a file storage share to be accessed as a virtual drive on multiple virtual machines D. serving images or documents directly to a browser

A and D Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.

Which scenario is a use case for a VPN gateway? A. connecting an on-premises datacenter to an Azure virtual network B. partitioning a virtual network's address space C. communicating between Azure resources D. filtering outbound network traffic

A A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.

Which type of strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data? A. defense in depth B. least privileged access C. distributed denial-of-service (DDoS) D. perimeter

A A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application's resources. The perimeter layer is about protecting an organization's resources from network-based attacks.

Deploying and configuring cloud-based resources quickly as business requirements change is called [answer choice]. A. agility B. scalability C. elasticity D. high availability

A Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration. What should you recommend? A. Azure Blueprint B. Azure CLI C. Azure Powershell D. Azure Resource Manager (ARM) template

B Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.

Which two tools are accessible via Azure Cloud Shell and allows you to write Bash scripts to manage an Azure environment? A. Azure PowerShell B. Azure Resource Manager (ARM) templates C. Azure Repos D. Azure CLI

A and D Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

To which object or level is an Azure role-based access control (RBAC) role applied? A. resource lock B. scope C. resource tag D. policy

B An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to. Resource locks prevent the accidental change or deletion of a resource. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Policies enforce different rules across resource configurations so that the configurations stay compliant with corporate standards.

What can you use to execute code in a serverless environment? A. Azure Logic Apps B. Azure Functions C. Azure Virtual Desktop D. Azure Container Instances

B Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

Which cloud service model is used by Azure SQL Database? A. infrastructure as a service (IaaS) B. platform as a service (PaaS) C. software as a service (SaaS)

B Azure SQL Database is a PaaS database engine.

What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent? A. Azure Resource Manager (ARM) templates B. Azure CLI C. Azure PowerShell D. Azure REST API

A ARM templates define an application's infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.

You need to review the root cause analysis (RCA) report for a service outage that occurred last week. Where should you look for the report? A. Azure Service Health B. Azure Advisor C. Azure Monitor D. Log Analytics

A After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day. What should you do to minimize costs but preserve the associated hard disks and data? A. Deallocate the virtual machine. B. Delete the virtual machine. C. Resize the virtual machine. D. Implement Privileged Identity Management.

A If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

Which two features are available by using Azure Cost Management + Billing? A. Create and manage budgets. B. Generate historical reports and forecast future usage. C. Provide discounted prices when you pay in advance. D. Estimate the total cost of ownership before resources are deployed.

A and B Azure Cost Management allows you to create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. It also allows you to use historical data to generate reports and forecast future usage and expenditures.

Which two attributes are characteristics of the private cloud deployment model? Each correct answer presents a complete solution. A. Hardware must be purchased. B. The company has complete control over physical resources and security. C. Applications can be provisioned and deprovisioned quickly. D. Organizations only pay for what they use.

A and B In a private cloud, hardware must be purchased for start up and maintenance. In a private cloud, organizations control resources and security. Quick provisioning is a characteristic of the public cloud deployment model. Paying only for what is used is a characteristic of the public cloud deployment model.

What are two characteristics of a consumption-based model? Each correct answer presents a complete solution. A. no upfront costs B. requires the purchase and management of the physical infrastructure C. the ability to stop paying for resources that are no longer needed D. high capital expenditures

A and C In a consumption-based model, you do not pay for anything until you start using resources, and you only pay for what you use. If you stop using a resource, you stop paying for it. High expenditures are usually associated with the purchase of the physical infrastructure, which is not needed in a consumption-based model.

What are two characteristics of the public cloud deployment model? Each correct answer presents a complete solution. A. Services are offered over the internet and are available to anyone who wants to purchase them. B. Computing resources are used exclusively by users from one organization. C. Servers and storage are owned and operated by a third-party cloud service provider. D. Hardware is physically located in an organization's on-site datacenter.

A and C In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.

Which two services are provided by Azure AD? A. authentication B. data encryption C. name resolution D. single sign-on (SSO)

Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

What can you use to define the resources you want to provision in a declarative JSON format? A. Azure PowerShell B. Azure CLI C. Azure Resource Manager (ARM) templates D. Azure Repos

C By using ARM templates, you can describe the resources you want to use in a declarative JSON format.

In which cloud service model is the customer responsible for managing the operating system? A. Infrastructure as a service (IaaS) B. platform as a service (PaaS) C. software as a service (SaaS)

A IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.

What allows you to orchestrate the deployment of resource templates, Azure Policy assignments, and resource groups? A. Azure Blueprints B. Azure Functions C. Azure App Services D. Azure Cognitive Services

A Azure Blueprints simplifies large scale Azure deployments by packaging key environment artifacts, such as Azure Resource Manager (ARM) templates, role-based access controls (RBAC), and policies, into a single blueprint definition. You can easily apply the blueprint to new subscriptions and environments.

What can you use to allow a user to manage all the resources in a resource group? A. Azure role-based access control (RBAC) B. resource tags C. resource locks D. Azure Key Vault

A Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location.

What uses the infrastructure as a service (IaaS) cloud service model? A. Azure virtual machines B. Azure App Services C. Microsoft Office 365 D. Azure Cosmos DB

A Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering.

What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location? A. Conditional Access B. Azure role-based access control (RBAC) C. single sign-on (SSO) D. administrative units

A Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.

What is high availability in a public cloud environment dependent on? A. the service-level agreement (SLA) that you choose B. the vertical scalability of an app C. cloud-based backup retention limits D. capital expenditures

A Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.

What are cloud-based backup services, data replication, and geo-distribution features of? A. a disaster recovery plan B. an elastic application configuration C. a cost reduction plan D. a hybrid cloud deployment

A Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.

In a region pair, a region is paired with another region in the same [answer choice]. A. geography B. availability zone C. resource group D. datacenter

A Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.

What should you proactively review and act on to avoid service interruptions, such as service retirements and breaking changes? A. Health advisories B. Service issues C. Application insights D. Azure monitor

A Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions.

Increasing compute capacity for an app by adding instances of resources such as virtual machines is called [answer choice]. A. vertical scaling B. horizontal scaling C. disaster recovery D. high availability

B Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically by adding RAM or CPUs to a virtual machine. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

You need to create a custom solution that uses thresholds to trigger autoscaling functionality to scale an app up or down to meet user demand. What should you include in the solution? Select only one answer. A. Azure Service Health B. Azure Advisor C. Azure Monitor D. Application insights

C Azure Monitor is a platform that collects metric and logging data, such as CPU percentages. The data can be used to trigger autoscaling.

For which resource does Azure generate separate billing reports and invoices by default? A. management groups B. resource groups C. subscriptions D. accounts

C Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.

You need to recommend a solution for Azure virtual machine deployments. The solution must enforce company standards on the virtual machines. What should you include in the recommendation? A. Azure Cost Management B. Azure Lock C. Azure Policy D. Azure Blueprints

C Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the virtual machine.

What Azure AD feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications? A. Azure role-based access control (RBAC) B. single sign-on (SSO) C. Conditional Access D. multi-factor authentication (MFA)

C Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

Which type of cloud service model is typically licensed through a monthly or annual subscription? A. Infrastructure as a service (IaaS) B. platform as a service (PaaS) C. software as a service (SaaS)

C SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.

What is the purpose of defense in depth? A.to enable you to locate and act on resources that are associated with specific workloads, environments, business units, and owners B. to manage policies that control or audit resources so that the configurations stay compliant with corporate standards C. to use several layers of protection to prevent information from being accessed by unauthorized users D. to evaluate resources and make recommendations to help improve reliability and performance

C The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

You need to allow resources on two different Azure virtual networks to communicate with each other. What should you configure? A. a network security group (NSG) B. a point-to-site VPN C. peering D. service endpoints

C You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.

What are two basic services provided by all cloud providers? Each correct answer presents a complete solution. A. application development B. colocation C. compute D. storage

C and D All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

In which two deployment models are customers responsible for managing operating systems that host applications? A. software as a service (SaaS) B. platform as a service (PaaS) C. infrastructure as a service (IaaS) D. on-premises

C and D Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.

What can you use to automatically detect performance anomalies for web apps? Select only one answer. A. Azure DevOps B. Azure Cognitive Services C. Azure Advisor D. Azure Application Insights

D Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

[Answer choice] are physically separate datacenters within an Azure region. A. Geographies B. Region pairs C. Resource groups D. Availability zones

D Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol? A. Azure Disk Storage B. Azure Table storage C. Azure Queue Storage D. Azure Files

D Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.

What can you use to ensure that a user can only access applications from compliant devices? A. single sign-on (SSO) B. multi-factor authentication (MFA) C. hybrid identity D. Conditional Access

D Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.

What Azure AD feature can you use to configure security authentication that requires users to use their mobile phone to sign in? A. Microsoft Defender for Cloud B. Microsoft Entra Verified ID C. Azure Information Protection (AIP) D. multi-factor authentication (MFA)

D MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

Which Azure compute service can you use to deploy and manage a set of identical virtual machines? A. availability sets B. availability zones C. Azure Container Instances D. Azure Virtual Machine Scale Sets

D Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.