Practice Assessment for Exam AZ-900: Microsoft Azure Fundamentals

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day. What should you do to minimize costs but preserve the associated hard disks and data?

Deallocate the virtual machine. If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, and cost reduction?

Azure Advisor Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

You need to be notified when there are new recommendations for reducing Azure costs. Which tool should you use?

Azure Advisor Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

What can you use to automatically detect performance anomalies for web apps?

Azure Application Insights Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

What can you use to manage servers across cloud platforms and on-premises environments?

Azure Arc Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

Which Azure Storage service should you use to store unstructured files, such as images, that will be served on webpages?

Azure Blob storage Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Which storage service should you use to store thousands of files containing text and images?

Azure Blob storage Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

Which storage service offers fully managed file shares in the cloud that are accessible by using Server Message Block (SMB) protocol?

Azure Files Azure Files offers fully managed file shares in the cloud with shares that are accessible by using Server Message Block (SMB) protocol. Mounting Azure file shares is just like connecting to shares on a local network.

What can you use to execute code in a serverless environment?

Azure Functions Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes?

Azure Monitor Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.

What can you use to restrict the deployment of a virtual machine to a specific location?

Azure Policy Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.

What can you use to ensure that a development team can only create virtual machines of a certain size?

Azure Policy Azure Policy enables you to define both individual policies and groups of related policies called initiatives. Azure Policy evaluates your resources and highlights resources that are not compliant with the policies you created. Azure Policy can also prevent noncompliant resources from being created.

You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription. What should you implement?

Azure Policy Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources.

What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?

Azure Policy Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.

Which two tools are accessible via Azure Cloud Shell and allows you to write Bash scripts to manage an Azure environment?

Azure PowerShell Azure CLI Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

You plan to build a new solution in Azure that will use platform as a service (PaaS) products. What should you use to estimate the monthly costs?

Azure Pricing calculator The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

Your organization plans to deploy several production virtual machines that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the virtual machines?

Azure Reservations Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72 percent compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance.Spending limits can suspend a subscription when the spend limit is reached.

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

Azure Resource Manager (ARM) ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.

What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent?

Azure Resource Manager (ARM) templates ARM templates define an application's infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.

What can you use to define the resources you want to provision in a declarative JSON format?

Azure Resource Manager (ARM) templates By using ARM templates, you can describe the resources you want to use in a declarative JSON format.

Which two Azure resources can make use of availability zones? Each correct answer presents a complete solution

Azure SQL databases virtual machines Availability zones are primarily for virtual machines, managed disks, load balancers, and SQL databases.

What can you use to find information about planned maintenance for Azure services that are critical to your organization?

Azure Service Health You can drill down to the affected services, regions, and details to show how an event will affect you and what you must do. Most of these events occur without any impact to you and will not be shown. In a rare case that a reboot is required, Service Health allows you to choose when to perform the maintenance to minimize the downtime

What can you use to provide Mac and Android users with access to a Windows environment that will run Windows-based applications?

Azure Virtual Desktop Azure Virtual Desktop is a desktop and application virtualization service that runs in the cloud. It enables your users to use a cloud-hosted version of Windows from any location. Azure Virtual Desktop works across devices such as Windows, Mac, iOS, Android, and Linux. It works with apps that you can use to access Remote Desktops and apps. You can also use most modern browsers to access Azure Virtual Desktop-hosted experiences.

Which Azure compute service can you use to deploy and manage a set of identical virtual machines?

Azure Virtual Machine Scale Sets

What can you use to allow a user to manage all the resources in a resource group?

Azure role-based access control (RBAC) Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key Vault is a centralized cloud service for storing an application secrets in a single, central location.

What Azure AD feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications?

Azure role-based access control (RBAC) Conditional Access Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

What uses the infrastructure as a service (IaaS) cloud service model?

Azure virtual machines Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering.

refers to upfront costs incurred one time, such as hardware purchases.

Capital expenditures Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

What can you use to ensure that a user can only access applications from compliant devices?

Conditional Access Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.

Which two features are available by using Azure Cost Management + Billing?

Create and manage budgets. Generate historical reports and forecast future usage. Azure Cost Management allows you to create and manage cost and usage budgets by monitoring resource demand trends, consumption rates, and cost patterns. It also allows you to use historical data to generate reports and forecast future usage and expenditures.

For which resource does Azure generate separate billing reports and invoices by default?

subscriptions Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.

What is the purpose of defense in depth?

to use several layers of protection to prevent information from being accessed by unauthorized users The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called

vertical scaling You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Which type of cloud service model is typically licensed through a monthly or annual subscription?

SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.

Which two protocols are used to access Azure file shares? Each correct answer presents a complete solution.

Server Message Block (SMB) Network File System (NFS) Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.

What are two characteristics of the public cloud deployment model? Each correct answer presents a complete solution.

Services are offered over the internet and are available to anyone who wants to purchase them. Servers and storage are owned and operated by a third-party cloud service provider. In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.

You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure.

Total Cost of Ownership (TCO) Calculator The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

What can be applied to a resource to prevent accidental deletion?

a resource lock A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.

Deploying and configuring cloud-based resources quickly as business requirements change is called

agility Agility means that you can deploy and configure cloud-based resources quickly as app requirements change. Scalability means that you can add RAM, CPU, or entire virtual machines to a configuration. Elasticity means that you can configure cloud-based apps to take advantage of autoscaling, so apps always have the resources they need. High availability means that cloud-based apps can provide a continuous user experience with no apparent downtime, even when things go wrong.

Which two services are provided by Azure AD?

authentication single sign-on (SSO) Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

Which two scenarios are common billing use cases for resource tags?

categorizing costs by department associating costs with different environments You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production.

What are two basic services provided by all cloud providers? Each correct answer presents a complete solution.

compute storage All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

Which scenario is a use case for a VPN gateway?

connecting an on-premises datacenter to an Azure virtual network (for example ExpressRoute one vpn gateway that is used to connect an on-premises network to Azure)

What is the customer responsible for in a software as a service (SaaS) model?

data and access SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.

In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world.

geo-location You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. This is referred to as geo-distribution.

Which type of cloud service are virtual networks?

infrastructure as a service (IaaS) IaaS helps you reduce the cost and complexity of maintaining a physical server and its datacenter infrastructure. Virtual networks are part of the IaaS cloud service.

In which two deployment models are customers responsible for managing operating systems that host applications? Each correct answer presents a complete solution.

infrastructure as a service (IaaS) on-premises

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

management groups Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Azure AD resources, such as users and groups. Accounts are used to provide access to resources

What Azure AD feature can you use to configure security authentication that requires users to use their mobile phone to sign in?

multi-factor authentication (MFA) MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

Your organization is building a custom application. You need to focus on application development rather than configuration and management of servers. Which cloud service model should you use?

platform as a service (PaaS) With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.

You need to associate the costs of resources to different groups within an organization without changing the location of the resources.

resource tags Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

Which two factors affect Azure costs?

resource usage resource location Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

service endpoints Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together

Which cloud service model is used by Microsoft Office 365?

software as a service (SaaS) SaaS allows users to connect to and use cloud-based apps over the internet. Common examples are email, calendaring, and Office tools, such as Office 365.

You need to identify which Azure services are compliant with ISO 27001 Information Security Management Standards. Where should you go to locate the information?

Microsoft Trust Center The Trust Center showcases the Microsoft principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.

Which two services can you use to establish network connectivity between an on-premises network and Azure resources?

ExpressRoute Azure VPN Gateway ExpressRoute connections and Azure VPN Gateway are two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure virtual machines by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.

In which cloud service model is the customer responsible for managing the operating system?

Infrastructure as a service (IaaS) IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.