Professional Documents
Culture Documents
Yes No: Correct
Yes No: Correct
Yes No: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
●
● Yes
● (Correct)
●
● No
Explanation
Fault tolerance refers to the ability of a system or application to continue operating without
interruption, when one or more of its components fail.
The main objective of deploying a fault tolerant application is to prevent outages arising from a
single point of failure. This way business continuity and high availability of mission-critical
applications or systems is assured.
Reference:
https://docs.microsoft.com/en-us/archive/msdn-magazine/2015/september/microsoft-azure-fault-
tolerance-pitfalls-and-resolutions-in-the-cloud
Quick Preview:
Question 2: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
An application has disaster recovery capabilities if it can recover after a failure occurs.
●
● Yes
● (Correct)
●
● No
Explanation
Disaster recovery represents the ability of an application or a system to return to normal working
conditions after a failure takes place.
For example, while working in Azure, if one of your virtual machines turns out to be broken, you
could restore the virtual machine from a backup to its initial state. And yes, the process can be
either manual or automatic.
Reference:
https://en.wikipedia.org/wiki/Disaster_recovery
Quick Preview:
Question 3: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
●
● Yes
● (Incorrect)
●
● No
● (Correct)
Explanation
Depending on the business that you are running, deploying scalable applications in Azure could
be an important fact. An application is considered scalable if it can adapt to traffic changes,
either up or down.
For example, if you are running an online store, as soon as you launch a sales campaign, heavy
traffic could be hitting your web servers. Under normal conditions, your existing computing
capacity can handle your business, but not traffic bursts. In this specific example, you could
create a virtual machine scale set and add autoscaling capabilities. The end result would be
virtual machines added automatically when traffic increases, and virtual machines taken out of
the set up when the traffic level is low.
Because the presented statement is negative and scalability actually means that the application
and service is able to adapt, the statement is false.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/framework/scalability/overview
Quick Preview:
Question 4: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure provides low latency access to its services, which means services can be accessed
quickly from the Internet.
●
● Yes
● (Correct)
●
● No
Explanation
Latency is the time that passes between a user action and the resulting response.
Let’s remember how Internet speed looked like 10 years ago. You could be literally waiting for
seconds until a webpage was opened, so that’s really latency. High latency leads to a high
response time, and of course to a bad user experience.
Reference:
https://docs.microsoft.com/en-us/azure/networking/microsoft-global-network
Quick Preview:
Question 5: Correct
You are preparing to migrate all your company's virtual machines to a pay-as-you-go
subscription in Azure cloud. The company CFO asks you what expenditure model Azure uses.
●
● operational expenditure
● (Correct)
●
● elastic expenditure
●
● capital expenditure
●
● scalable expenditure
Explanation
One of the major differences between running your business in a traditional data center as
opposed to running your applications in the public cloud environment is the paying model.
With Azure, you pay only for what you use and there is no upfront commitment. This is also
known as pay-as-you-go pricing.
With pay-as-you-go pricing, you pay on a monthly basis for usage consumption, just like you do
for electricity, gas, internet connection, etc. Also, paying on a monthly basis for different services
that you are using is also known as operational expenditure or OpEx.
On the other hand, capital expenditure, or CapEx, refers to spending money in advance, for
example when you make an investment. If you think about traditional data centers, this is a
CapEx spending. Before running your business, you need to build your data center, so you
make an investment and buy servers, networking equipment, etc.
Paying the electricity bill for your data center represents an operational expenditure (OpEx) for
your company, you are paying electricity on a monthly basis.
And last, coming back to this scenario, you pay for your Azure spending on a monthly
basis, and again no upfront commitment is needed. This represents an operational
expenditure (OpEx) for your company.
Reference:
https://azure.microsoft.com/en-gb/offers/ms-azr-0003p/
Quick Preview:
Question 6: Incorrect
Your company is running the business on an on-premises network that contains around 80
servers. You need to identify a solution to provide more resources to your users, but also to
minimize capital and operational expenditure costs.
●
● a complete migration to the public cloud
● (Incorrect)
●
● an additional data center
●
● a private cloud
●
● a hybrid cloud
● (Correct)
Explanation
In this scenario, we need to identify the best solution in order to increase the capacity of our
existing on premises datacenter. Still, we need to meet some requirements related to pricing
and costs. Specifically, we need to minimize investments, so this is capital expenditure, but also
operational expenditure, which represents monthly payments.
In order to keep the costs low, we need to identify a technical solution that will continue to use
the existing hardware. What is the reason, we need to either choose a private data center or
private cloud, or a hybrid cloud.
The private cloud is not the best solution, because we would need to invest a lot of money
(Capital expenditure) and buy new servers. So this way we would not meet the requirements.
Indeed, the best solution is to choose the hybrid cloud deployment model. This way, we
will continue to use our existing hardware, and we will buy or actually rent additional
computing capacity from Azure.
Reference:
https://azure.microsoft.com/en-gb/solutions/hybrid-cloud-app/
Quick Preview:
Question 7: Incorrect
Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases?
(Select two)
●
● Azure virtual machines are Infrastructure as a Service (IaaS)
● (Correct)
●
● Azure virtual machines are Platform as a Service (PaaS)
● (Incorrect)
●
● Azure virtual machines are Software as a Service (SaaS)
●
● Azure SQL Databases are Infrastructure as a Service (IaaS)
●
● Azure SQL Databases are Platform as a Service (PaaS)
● (Correct)
●
● Azure SQL Databases are Software as a Service (SaaS)
Explanation
Azure virtual machines represent Azure Infrastructure as a Service (IaaS) cloud deployment
model.
With Infrastructure as a Service you literally rent the infrastructure that you need in order to run
your business. What kind of infrastructure? Well, almost anything that you would by for your
traditional infrastructure: computing power, storage, networking, etc.
“Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that
handles most of the database management functions such as upgrading, patching, backups,
and monitoring without user involvement.” – Microsoft.com
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-cloud-computing/#cloud-computing-models
https://azure.microsoft.com/en-gb/blog/infrastructure-as-a-service-series-virtual-machines-and-w
indows/
https://docs.microsoft.com/en-us/azure/azure-sql/database/sql-database-paas-overview
Quick Preview:
Question 8: Correct
Your intend to deploy your Food-Now web application in Azure. Food-Now web app will be
publicly accessible to your external end clients.
Which of the following cloud deployment models would you use in order to minimize
administrative effort for your food ordering application?
●
● Software as a Service (SaaS)
●
● Platform as a Service (PaaS)
● (Correct)
●
● Infrastructure as a Service (IaaS)
●
● Database as a Service (DaaS)
Explanation
The best cloud deployment model to use for your Food-Now web application in Azure, while
meeting the technical requirements is PaaS - Platform as a Service.
“Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and
mobile apps for any platform or device and connect to data anywhere, in the cloud or
on-premises.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-servi
ces
Quick Preview:
Question 9: Correct
The company’s compliance policy states that a server named Azure_on_Udemy_Server must
be on a separate network segment.
●
● a resource group for Azure_on_Udemy_Server and another resource group for all
the other servers
●
● a virtual network for Azure_on_Udemy_Server and another virtual network for all the
other servers
● (Correct)
●
● a VPN for Azure_on_Udemy_Server and a virtual network gateway for each other
server
●
● one resource group for all the servers and a resource lock for
Azure_on_Udemy_Server
Explanation
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
Quick Preview:
You are looking for an Azure storage solution for your virtual machines’ disks.
Which of the following Azure services would you use to complete this task?
●
● Azure Blobs
● (Correct)
●
● Azure Files
● (Incorrect)
●
● Azure Queues
●
● Azure Tables
Explanation
Azure Blob storage currently supports three types of blobs: Block blobs, append blobs and page
blobs. Page blobs are used to store virtual hard drive (VHD) files, so this storage option is
definitely what Azure virtual machines disks use. In terms of capacity, page blobs can store
random data up to 8 TB.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-pageblob-overview?tabs=dot
net
Quick Preview:
Which of the following Azure portal menus would you navigate to in order to accomplish this
task?
●
● Monitor menu
● (Correct)
●
● Subscriptions menu
● (Incorrect)
●
● Marketplace menu
●
● Advisor menu
Explanation
Azure Monitor is most probably the first Azure service you may want to navigate to, when you
need to verify or check the health state of your Azure services.
“Azure Monitor helps you maximize the availability and performance of your applications and
services. It delivers a comprehensive solution for collecting, analyzing, and acting on telemetry
from your cloud and on-premises environments. This information helps you understand how
your applications are performing and proactively identify issues affecting them and the
resources they depend on.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Quick Preview:
Question 12: Incorrect
You need to find out what VM pre-built OS images are available in Azure.
Which of the following Azure portal menus would you navigate to in order to accomplish this
task?
●
● Monitor blade
●
● Subscriptions blade
● (Incorrect)
●
● Marketplace blade
● (Correct)
●
● Advisor blade
Explanation
Whenever you need to deploy a new service in Azure, you can simply navigate to Azure
Marketplace. You would need to first search for your service or application in Azure
Marketplace, select it and then run through the wizard setup process.
“Accelerate the pace of development at your organization with thousands of certified apps
tailored to meet your needs. Search from a rich catalog of more than 17,000 certified apps and
services, deploy seamlessly, and simplify billing with a single bill for all Microsoft and third-party
solutions.” – Microsoft.com
Coming back to the scenario presented in this question, you can definitely check Azure
Marketplace for virtual machines’ prebuilt images.
Reference:
https://docs.microsoft.com/en-us/azure/marketplace/marketplace-faq-publisher-guide
Quick Preview:
Please choose the option that best matches the following statement:
.......... provides security recommendations for your Azure environment.
●
● Monitor blade
●
● Subscriptions blade
● (Incorrect)
●
● Marketplace blade
●
● Advisor blade
● (Correct)
Explanation
You would use Azure Advisor to successfully complete this task. Honestly, if you take a closer
look at the other options, they don’t make that much sense.
“Azure Advisor provides you with a consistent, consolidated view of recommendations for all
your Azure resources. It integrates with Azure Security Center to bring you security
recommendations. You can get security recommendations from the Security tab on the Advisor
dashboard.” – Microsoft.com
Azure Monitor service, as the name suggests, would be a great choice if you need to monitor
your infrastructure. Azure Subscriptions menu provide you information relating to your
subscriptions, while Azure Marketplace is simply an online store that offers applications and
services.
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
Azure SQL Database is a managed SQL Server Database in Azure. The SQL Server is
managed by Microsoft, you just have to access and use the database.
“Build your next app faster on a fully managed SQL database - Part of the Azure SQL family,
Azure SQL Database is an intelligent, scalable, relational database service built for the cloud.
Optimize performance and durability with automated, AI-powered features that are always up to
date.” – Microsoft.com
Reference:
https://azure.microsoft.com/en-us/services/sql-database/
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure Synapse Analytics is capable of running complex queries across huge amount of data in
a relational database.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
“Azure Synapse Analytics is an analytics service that brings together enterprise data
warehousing and Big Data analytics.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/synapse-analytics/sql-data-warehouse/sql-data-warehou
se-overview-what-is
Quick Preview:
Question 16: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure Data Lake Analytics is able to run data transformation and processing programs across
petabytes of data.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
“Azure Data Lake Analytics is an on-demand analytics job service that simplifies big data.
Instead of deploying, configuring, and tuning hardware, you write queries to transform your data
and extract valuable insights.
The analytics service can handle jobs of any scale instantly by setting the dial for how much
power you need.
Data Lake Analytics dynamically provisions resources and lets you do analytics on
terabytes to petabytes of data.” – Microsoft.com
And again, you pay only for the processing power used!!
Reference:
https://azure.microsoft.com/en-gb/services/data-lake-analytics/
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure HD Insight is an open source framework that enables users to process and analyze big
data sets in clusters.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
“Azure HDInsight is a managed, full-spectrum, open-source analytics service in the cloud for
enterprises.” – Microsoft.com
“Apache Hadoop was the original open-source framework for distributed processing and
analysis of big data sets on clusters. The Hadoop ecosystem includes related software and
utilities, including Apache Hive, Apache HBase, Spark, Kafka, and many others.” –
Microsoft.com
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/hdinsight/hadoop/apache-hadoop-introduction
Quick Preview:
Question 18: Incorrect
You need to connect your on premises network to Azure, so that users can access privately
different Azure services, such as virtual machines.
Which two Azure resources should you include in your architecture? (Select two)
●
● a virtual network gateway
● (Correct)
●
● a load balancer
● (Incorrect)
●
● an application gateway
●
● a virtual network
●
● a gateway subnet
● (Correct)
Explanation
In order for users to be able to privately connect to Azure services, you would need to set up a
virtual private network, or simply VPN. The private connection would be built between the on
premises network and the Azure virtual network.
First, you would need to create in Azure a Virtual Network Gateway. This virtual device needs to
be deployed on a separate, dedicated subnet, part of the same virtual network that you want to
connect to your traditional data center.
The extra subnet that you need to create for your Virtual Network Gateway has to have a very
specific name - "GatewaySubnet", this is a requirement that Azure is asking for.
The rest of the options are not valid. You would need to create a load balancer if you need to
distribute traffic to multiple destinations, such as virtual machines maybe. The same is true for
application gateway, which is actually a more advanced load balancer. And last, the virtual
network answer option is really not connected in any way to this scenario.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-mic
rosoft-azure-virtual-network
Quick Preview:
Question 19: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
DevOps influences the application lifecycle throughout its plan, develop, deliver and operate
phases.” – Microsoft.com
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-devops/
Quick Preview:
Question 20: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure Advisor represents an Azure tool that provides guidance and recommendations to
improve an Azure environment.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
“Advisor is a personalized cloud consultant that helps you follow best practices to optimize your
Azure deployments.” – Microsoft.com
Azure Advisor provides recommendations and these are split into the following five categories:
Reliability (formerly called High Availability): “To ensure and improve the continuity of your
business-critical applications.” (microsoft.com)
Security: “To detect threats and vulnerabilities that might lead to security breaches.”
(microsoft.com)
Cost: “To optimize and reduce your overall Azure spending.” (microsoft.com)
Operational Excellence: “To help you achieve process and workflow efficiency, resource
manageability and deployment best practices.” (microsoft.com)
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
Quick Preview:
Question 21: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Azure Cognitive Services is an Azure service that you can use to build and deploy Artificial
Intelligence (AI) applications.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
“Azure Cognitive Services are APIs, SDKs, and services available to help developers build
intelligent applications without having direct AI or data science skills or knowledge. Azure
Cognitive Services enable developers to easily add cognitive features into their applications.
The goal of Azure Cognitive Services is to help developers create applications that can see,
hear, speak, understand, and even begin to reason. The catalog of services within Azure
Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web
Search, and Decision.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/cognitive-services/welcome
Quick Preview:
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
Azure Application Insights is a great Azure service that you can use to monitor your live
applications.
“Azure Application Insights automatically detect performance anomalies, and includes powerful
analytics tools to help you diagnose issues and to understand what users actually do with your
app.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
Quick Preview:
Question 23: Incorrect
You want to connect through HTTPS to a brand new web server VM that you deployed to Azure.
You open a browser, try to connect to web server's Public IP, but your connection gets denied.
What configuration should you modify so that you can connect to the web server?
●
● virtual network gateway
●
● virtual network
● (Incorrect)
●
● network security group
● (Correct)
●
● routing table
Explanation
By default, when you deploy a virtual machine in Azure, there are only two ports opened, SSH
port 22 and RDP port 3389. Specifically, when you deploy a Linux virtual machine, SSH port 22
will be opened by default, and the virtual machine will be accessible on this port. Similarly, for
Windows virtual machines, Port 3389 is opened by default and Windows virtual machines are
accessible on this port.
After you finish configuring the virtual machine as your new Web Server, you would need to
make sure to open TCP port 80, so this is HTTP protocol, so that the website is accessible from
the Internet. Or port 443, if you need to permit HTTPS access.
Depending on the overall architecture, you would need to modify the default configuration of
either the network security group applied on the virtual machine, or at the subnet level where
the virtual machine lives, or modify the configuration of the Azure Firewall applied at the virtual
network level.
So, both network security group and Azure Firewall represent security firewall solutions, the
difference is where the solution is applied and what perimeter it protects.
Coming back to the scenario presented in this question, a security rule needs to be added to the
network security group or Azure Firewall to allow the traffic arriving at the virtual machine level,
on TCP port 443 (HTTPS).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Quick Preview:
What should you do next in order to delete the AZ900 resource group?
●
● ask a global administrator to delete the lock
●
● first remove the Delete lock, then delete the resource group
● (Correct)
●
● add an Azure policy first, then delete the resource group
●
● remove an Azure tag, then delete the resource group
Explanation
There are two types of locks that you can configure in Azure: Delete and Read-only.
The Delete lock means that users will still be able to read or modify a resource inside the
resource group, but the user will not be able to delete the resource.
If you apply a Read-only lock, then the user will be allowed to only read a resource. The user
will not be allowed to delete or modify the configuration of the resource.
In this specific scenario, a Delete lock has been applied on the AZ900 Resource Group. It really
doesn’t matter what permissions are assigned to your user account, if you try to delete a
resource and it has a Delete lock applied, Azure will simply throw an error at you.
That’s really the purpose of Azure Locks, preventing accidental deletion or modification of
deployed resources.
Bottom line, if you want or need to delete AZ900 resource group, you would first need to remove
the Delete lock and then remove the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Quick Preview:
Which of the following would you configure to control the protocol and port numbers used to
access an Azure virtual machine?
●
● a network security group (NSG)
● (Correct)
●
● an Azure Active Directory (Azure AD) role
●
● an Azure Active Directory group
● (Incorrect)
●
● an Azure key vault
Explanation
By default, when you deploy a virtual machine in Azure, there are only two ports opened, SSH
port 22 and RDP port 3389. Specifically, when you deploy a Linux virtual machine, SSH port 22
will be opened by default, and the virtual machine will be accessible on this port. Similarly, for
Windows virtual machines, Port 3389 is opened by default and Windows virtual machines are
accessible on this port.
If you need to access the virtual machine on a different port then 22 or 3389, you would need to
manually enable access on these port numbers.
Depending on the overall architecture, you would need to modify the default configuration of
either the network security group applied on the virtual machine, or at the subnet level where
the virtual machine lives, or modify the configuration of the Azure Firewall Applied at the virtual
network level.
So, both network security group and Azure Firewall represent security firewall solutions, the
difference is where the solution is applied and what perimeter it protects.
Coming back to the scenario presented in this question, a security rule needs to be
added to the network security group or Azure Firewall to allow the connection arriving on
a custom protocol and port number.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Quick Preview:
You received a new task to identify an Azure service that encrypts the administrative credentials
during the deployment phase.
●
● Azure Key Vault
● (Correct)
●
● Azure Information Protection
● (Incorrect)
●
● Azure Security Center
●
● Azure Multi-Factor Authentication (MFA)
Explanation
Azure Key Vault service is great when you need to securely store administrative credentials.
For example, in a real world production environment, scripting is used in order to automate
services deployment. So, instead of manually deploying services in the cloud, the teams create
scripts that will be run as a next step.
Instead of using the administrative credentials (usernames and passwords) as plain text (clear
text) in the deployment scripts, the recommended option is to use Azure Key Vault.
This way, the administrative credentials are encrypted and stored securely in Azure. All
information stored in Azure Key Vault is encrypted: usernames, passwords, digital certificates,
etc.
Reference:
https://docs.microsoft.com/en-us/azure/key-vault/general/overview
Quick Preview:
Question 27: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Only users that are authorized by Azure AD can access Azure resources.
●
● Yes
●
● No
● (Correct)
Explanation
In order to access an Azure resource, a user needs to receive the proper authorization. And
where does the authorization come from? Well, identity providers are in charge with
authentication and authorization, and Azure Active Directory (AD) is an example of an identity
provider.
While working in a hybrid cloud deployment model, one common practice is to federate the on
premises Active Directory environment with Azure AD, available in Azure cloud. Once the setup
is complete, federation then is be used for authentication and authorization.
Bottom line, Azure Active Directory (AD) is an example of an identity provider that can
authenticate and authorize users for Azure resources, but it’s not the only option
available.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
In order to access Azure resources, identities stored in Azure AD and traditional on-premises
AD can be used.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
In order to access an Azure resource, a user needs to receive the proper authorization. And
where does the authorization come from? Well, identity providers are in charge with
authentication and authorization, and Azure Active Directory (AD) is an example of an identity
provider.
“Federation is a collection of domains that have established trust. The level of trust may vary,
but typically includes authentication and almost always includes authorization. A typical
federation might include a number of organizations that have established trust for shared
access to a set of resources.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Microsoft Azure has built-in authentication and authorization services that provide secure
access to Azure resources.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
In order to access an Azure resource, a user needs to receive the proper authorization. And
where does the authorization come from? Well, identity providers are in charge with
authentication and authorization, and Azure Active Directory (AD) is an example of an identity
provider.
“Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management
service, which helps your employees sign in and access resources.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
Quick Preview:
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
With Azure, you pay only for what you use and , by default, there is no upfront commitment.
This is also known as pay-as-you-go pricing.
If you want or need to save on your Azure costs spending, then you can choose Azure
Reserved virtual machine instances. With reserved virtual machine instances, you commit to
use the virtual machine for one or three years period and you will receive a big discount for this.
Also, if you want to save even more, you can even pay upfront for the whole contract period. So
this would mean that you would pay upfront for your reserved virtual machine instance usage,
which will bring you a big discount on your Azure bill.
Reference:
https://azure.microsoft.com/en-us/reservations/
Quick Preview:
You are running two DS1v2 virtual machines in Azure, App-Prod-VM and App-Bkp-VM.
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
App-Prod-VM and App-Bkp-VM will always generate the same monthly costs.
●
● Yes
● (Incorrect)
●
● No
● (Correct)
Explanation
But VM instance size is not the only factor that influences the monthly cost of a virtual machine
running in Azure. For example, you could deploy a virtual machine with one virtual hard disk
attached, and the second virtual machine with two virtual hard disks attached, which would
result in different monthly costs.
Other factors that influence the monthly costs for a running VM, as follows:
- Egress traffic.
- Operating System.
Taking into account all these aspects, we definitely can't confirm that the monthly costs
generated will always be the same for both VMs.
Reference:
https://azure.microsoft.com/en-us/pricing/calculator
Quick Preview:
Question 32: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
If you stop an Azure virtual machine, it will no longer generate costs on your monthly bill.
●
● Yes
●
● No
● (Correct)
Explanation
Azure virtual machines generate costs while they are running because of several factors, such
as computing power used, storage capacity used, public IP address is used, etc.
When you stop a virtual machine, and the virtual machine will be in the stopped (deallocated)
state, you will no longer pay for computing power for example. Still, you will continue to pay for
the storage capacity used by the virtual machine’s virtual hard drives.
For this reason, please make sure that you stop and completely remove or delete a virtual
machine that you no longer need, in order to avoid unnecessary costs.
Reference:
https://docs.microsoft.com/en-us/archive/blogs/uspartner_ts2team/azure-virtual-machines-stoppi
ng-versus-stopping-deallocating
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Because you have been assigned the Owner role, you can now transfer the ownership of your
Azure subscription.
●
● Yes
●
● No
● (Correct)
Explanation
The Owner role gives a user full access to all resources included in a subscription. Also, the
Owner can delegate access to other users, so the owner can add or remove access privileges
associated to other users using the subscription.
But, the Owner role doesn’t allow you to transfer the ownership of your Azure subscription. In
order to be able to do that, you would need either the Billing Administrator or Global
Administrator role attached to your user account.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscripti
on-administrator
Quick Preview:
Question 34: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
An Azure subscription can be converted from Free trial to Pay-as-you-Go pricing model.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
In order to start working in Azure, you would first need to create a Microsoft account, if you don’t
have one already.
Next, you need to create an Azure account. When you create your Azure account, actually an
Azure subscription is created for you behind-the-scenes. If you create a free trial subscription,
you are provided an initial credit to use and test Azure, for 30 days time window.
When the free trial subscription expires, you need to migrate your free subscription to a
pay-as-you-go subscription, in order to continue using your Azure account. Or, you can start
with a paid subscription from the beginning as well.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/upgrade-azure-subscri
ption
Quick Preview:
Question 35: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
The Azure spending limit of an Azure Free Trial account is fixed and can't be increased or
decreased.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
In order to start working in Azure, you would first need to create a Microsoft account, if you don’t
have one already.
Next, you need to create an Azure account. When you create your Azure account, actually an
Azure subscription is created for you behind-the-scenes. If you create a free trial subscription,
you are provided an initial $200 credit to use and test Azure, for 30 days time window.
You can’t change the initial credit value - $200, which also represents your spending limit.
However, you can remove the spending limit by transitioning your account to a pay as you go
subscription. So again, either you keep the limit as it is, or you remove the spending limit.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/spending-limit
Quick Preview:
Which of the following options can solve this requirement? (Select two)
●
● create multiple subscriptions
● (Correct)
●
● create multiple Azure AD directories
● (Incorrect)
●
● create multiple regions
●
● create multiple resource groups
● (Correct)
Explanation
An Azure subscription is a container for Azure resources. It is also a boundary for permissions
to resources and for billing. You are charged monthly for all resources in a subscription.
A resource group is a container that holds related resources for an Azure solution. The resource
group can include all the resources for the solution, or only those resources that you want to
manage as a group.
To enable separate persons to manage the Azure resources used by each application, you will
need to create a separate subscription per application. You can then assign each person as an
administrator for the subscription to enable them to manage all resources in that subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscripti
on-administrator
Quick Preview:
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
A separate non-standard Azure portal is used to access private preview Azure services.
●
● Yes
●
● No
● (Correct)
Explanation
Usually, when Microsoft releases a new service, the service is released in private preview
phase. During private preview, Microsoft will invite a few customers to test the new service and
provide feedback. Also during private preview phase, regular support services are not available.
Services in private preview phase can be accessed and configured using the regular Azure
portal. There is no distinct, non-standard Azure portal available, all services are made available
in Azure portal, a graphical user interface that you can use to manage your infrastructure
deployed in Azure.
Reference:
https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
Quick Preview:
Question 38: Incorrect
Which Azure service can you use as a security information and event management (SIEM)
solution?
●
● Azure Analysis Services
●
● Azure Sentinel
● (Correct)
●
● Azure Cognitive Services
● (Incorrect)
●
● Azure Information Protection
Explanation
Azure Sentinel delivers intelligent security analytics and threat intelligence across the
enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and
threat response.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
Quick Preview:
Please fill in the blanks the correct option for the following statement:
You need to modify the default configuration of a .......... if you want to allow connections
to TCP port 443 on a virtual machine running in Azure.
●
● network security group (NSG)
● (Correct)
●
● virtual network gateway
● (Incorrect)
●
● virtual network
●
● route table
Explanation
By default, when you deploy a virtual machine in Azure, there are only two ports opened, SSH
port 22 and RDP port 3389. Specifically, when you deploy a Linux virtual machine, SSH port 22
will be opened by default, and the virtual machine will be accessible on this port. Similarly, for
Windows virtual machines, Port 3389 is opened by default and Windows virtual machines are
accessible on this port.
In this specific scenario, traffic arriving at the virtual machine on TCP port 443 (so this is HTTPS
traffic), needs to be permitted or allowed.
Depending on the overall architecture, you would need to modify the default configuration of
either the network security group applied on the virtual machine, or at the subnet level where
the virtual machine lives, or modify the configuration of the Azure Firewall Applied at the virtual
network level.
So, both network security group and Azure Firewall represent security firewall solutions, the
difference is where the solution is applied and what perimeter it protects.
Coming back to the scenario presented in this question, a security rule needs to be
added to the network security group or Azure Firewall to allow the connection coming
from the Internet, for example, to the virtual machine on port 443 (HTTPS).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Quick Preview:
General Data Protection Regulation (GDPR) defines data protection and privacy rules.
●
● True
● (Correct)
●
● False
● (Incorrect)
Explanation
“The GDPR gives rights to people to manage personal data collected by an organization.
Several points should be considered when implementing or assessing GDPR requirements:
Reference:
https://docs.microsoft.com/en-GB/microsoft-365/compliance/gdpr?view=o365-worldwide
Quick Preview:
Question 41: Incorrect
General Data Protection Regulation (GDPR) applies to organizations that target or collect data
related to people in the European Union (EU).
●
● True
● (Correct)
●
● False
● (Incorrect)
Explanation
“The General Data Protection Regulation (GDPR) introduces new rules for organizations that
offer goods and services to people in the European Union (EU), or that collect and analyze data
for EU residents no matter where you or your enterprise are located.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-GB/microsoft-365/compliance/gdpr?view=o365-worldwide
Quick Preview:
Please fill in the blanks the correct option for the following statement:
●
● collection of policy definitions
● (Correct)
●
● collection of Azure Policy definition assignments
● (Incorrect)
●
● group of Azure Blueprints definitions
●
● group of Role-based access control (RBAC) role assignments
Explanation
“Initiatives enable you to group several related policy definitions to simplify assignments and
management because you work with a group as a single item.” – Microsoft.com
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview#initiative-definition
Quick Preview:
●
● True
● (Correct)
●
● False
● (Incorrect)
Explanation
A resource can have multiple locks applied, either at the resource level itself, or for example,
one lock applied at the resource level, a second one at the resource group, another at the
subscription level.
I am not saying that it necessarily makes sense to do so, but it is indeed possible. One single
lock applied at the resource level or inherited by the resource is enough to, for example, prevent
changes or accidental delete operations.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Quick Preview:
Question 44: Correct
You can use Azure Service Health to prevent a service failure in Azure.
●
● True
●
● False
● (Correct)
Explanation
Within Azure Service Health you can configure and customize alerts in order to be notified about
how did use that can impact your infrastructure running in Azure. You are also provided a
customized Dashboard which you can use to analyze any potential health issues and monitor
the impact on your resources.
“Azure Service Health notifies you about Azure service incidents and planned maintenance so
you can take action to mitigate downtime.” – Microsoft.com
Bottom line, Azure Service Health is great for monitoring and alerting purposes, but the service
can’t be used to prevent service failures.
Reference:
https://azure.microsoft.com/en-gb/features/service-health/
https://docs.microsoft.com/en-gb/azure/service-health/overview
Quick Preview:
You can use .......... to build an Artificial Intelligence (AI) solution in Azure.
●
● Azure Logic Apps
●
● Azure Machine Learning Studio
● (Correct)
●
● Azure Batch
● (Incorrect)
●
● Azure Cosmos DB
Explanation
Azure Machine Learning Studio can be used to build, test, and deploy predictive analytics
solutions in Azure. Azure Machine Learning studio represents the web portal used by data
scientist developers in Azure Machine Learning.
“Azure Machine Learning is a cloud-based environment you can use to train, deploy, automate,
manage, and track ML models.” – Microsoft.com
And how is Azure Machine Learning connected to artificial intelligence? Well, artificial
intelligence services, such as Azure Cognitive Services, use behind-the-scenes machine
learning models.
Learn more:
https://studio.azureml.net
Quick Preview:
Question 46: Incorrect
In this question you are required to match the Azure service to the correct Azure service
description.
Services:
3 - Azure AI bot
4 - Azure Functions
Description:
A - provides an online assistant with advanced capabilities, such as chat and speech support
●
● 1 - D, 2 - B, 3 - A, 4 - C
●
● 1 - B, 2 - D, 3 - A, 4 - C
● (Correct)
●
● 1 - B, 2 - D, 3 - C, 4 - A
● (Incorrect)
●
● 1 - C, 2 - D, 3 - A, 4 - B
Explanation
Azure AI Bot - provides an online assistant with advanced capabilities, such as chat and speech
support
Azure IoT Hub - is able to process incoming data from 100.000+ sensors
References:
https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?view=azur
e-bot-service-4.0
https://docs.microsoft.com/en-us/azure/machine-learning/
https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview
https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub
Question 47: Correct
Please evaluate the following statements and decide if they are True or False:
●
● 1 - True, 2 - False, 3 - False
●
● 1 - True, 2 - False, 3 - True
● (Correct)
●
● 1 - True, 2 - True, 3 - True
●
● 1 - False, 2 - False, 3 - True
Explanation
Azure Blueprints can be used to define a repeatable set of Azure resources that needs to be
deployed in Azure.
“Azure Blueprints are a declarative way to orchestrate the deployment of various resource
templates and other artifacts, such as:
- Role Assignments
- Policy Assignments
So, if we now refer to the first statement, then yes, the statement is true. You can take your
existing ARM templates and use them in a more complex Azure blueprint construct, in order to
define what resources you want to deploy in Azure.
Also, the blueprint is assigned at the subscription level and again, there's no need to
choose between an ARM template and a blueprint. Each blueprint can consist of zero or more
ARM templates. So this clarifies statement two.
As I mentioned in the beginning, an Azure blueprint can also include policy assignments.
An assignment is a policy definition or initiative that has been assigned to take place within a
specific scope in Azure. This means that you can use Azure blueprints to assign permissions,
through the policy assignments included in the Azure blueprint. Please note that there are
several scopes available in Azure where the policy assignment can be applied: management
groups, subscriptions, resource groups and the actual resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Quick Preview:
Question 48: Correct
Please evaluate the following statements and decide if they are True or False:
●
● 1 - True, 2 - True, 3 - True
●
● 1 - False, 2 - True, 3 - True
● (Correct)
●
● 1 - False, 2 - False, 3 - True
●
● 1 - False, 2 - True, 3 - False
Explanation
Statement 1:
“Azure China is operated by 21Vianet. 21Vianet Group is the largest carrier-neutral Internet
Service Provider (ISP) in China.” – Microsoft.com
Statement 2:
Statement 3:
Azure Government customers that are eligible to use Azure Government cloud are:
- US federal state
Reference:
https://docs.microsoft.com/en-us/azure/china/overview-operations
https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-welcome
Quick Preview:
Question 49: Incorrect
●
● public preview
● (Correct)
●
● private preview
●
● development
● (Incorrect)
●
● an Enterprise Agreement (EA) subscription
Explanation
Usually, when Microsoft releases a new service, the service is released in private preview
phase. During private preview, Microsoft will invite a few customers to test the new service and
provide feedback. Also during private preview phase, regular support services are not available.
When the service is mature and considered ready for production environments testing, Microsoft
will transition the service to public preview phase. During this phase, any customer can run and
test the service. As opposed to private preview, Microsoft teams will provide formal support
services in this phase.
The last step is migrating the service to generally available (GA) phase. During public preview
phase, there may be functionalities or features fixing as well, but once the service is transitioned
to GA, the new service is considered stable and ready for real production workloads. All Azure
services in GA are available to all customers. Also, the service is covered by support via all
official Microsoft support channels.
So this clarifies the Azure services’ lifecycle: private preview, to public preview and last to
generally available (GA) phase.
Coming back to the scenario presented in this question, public preview services are
available to all customers. In case needed, you can easily remember this topic if you
think about the “public” keyword used in the name, public preview. Similarly, private
preview services are available to only few customers, so please note the “private”
keyword used here.
Reference:
https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
Quick Preview:
Your manager has asked you to calculate the monthly uptime percentage for a virtual machine
that is currently running in production environment. The virtual machine was unavailable for 30
minutes during last month.
Which of the following formulas would you use to calculate the monthly uptime percentage for
your virtual machine?
●
● ( (Maximum available minutes – Downtime in minutes) / Maximum available minutes
) x 100
● (Correct)
●
● ( Maximum available minutes / 1440 ) x 100
●
● ( ( Downtime in minutes - Maximum available minutes) / Downtime in minutes) x 100
●
● ( Downtime in minutes / 1440 ) x 100
Explanation
The official SLA for Virtual Machines clearly presents what formula needs to be used for
calculating the monthly uptime.
If we now refer to this specific example, then the calculation for a 30 days month would be the
following:
Where 43200 represents total minutes in a month (with 30 days), and 30 minutes represents the
total downtime presented in this scenario
Reference:
https://azure.microsoft.com/en-gb/support/legal/sla/virtual-machines/v1_9/
Quick Preview:
Question 51: Incorrect
Your company is currently running 5 Windows Servers in the on-premises data center. The
servers are covered by a Software Assurance agreement that your company has in place with
Microsoft.
You received a new task to migrate the Windows Servers to Azure cloud and you need to keep
the licensing costs as low as possible.
Which of the following actions will help you meet the requirements?
●
● Schedule your VMs to automatically power off outside 9:00-18:00 regular working
hours
● (Incorrect)
●
● Configure an Azure Budget
●
● Configure Azure Reservations for your 5 servers
●
● Use Azure Hybrid licensing benefit
● (Correct)
Explanation
If you have already bought some licenses for your on premises servers and you are now
planning to migrate your servers in Azure, you should definitely consider Azure Hybrid Benefit.
Azure Hybrid Benefit is available for multiple licenses, such as Windows Server license, SQL
Server license and RedHat and SUSE Linux as well.
“Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of
running your workloads in the cloud. It works by letting you use your on-premises Software
Assurance-enabled Windows Server and SQL Server licences on Azure. And now, this benefit
applies to RedHat and SUSE Linux subscriptions too.” – Microsoft.com
Reference:
https://azure.microsoft.com/en-gb/pricing/hybrid-benefit/
Quick Preview:
Question 52: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
When using Azure Functions with consumption-based plan, you will pay a fixed fee for Azure
Functions usage.
●
● Yes
●
● No
● (Correct)
Explanation
With Azure, you pay on a monthly basis for your usage in Azure platform, and the pricing model
is also known as pay-as-you-go.
For example, if you need to run a virtual machine in Azure, you will first need to select the
hardware configuration of your future VM, and it will be available to use in a couple of minutes.
At the end of the month, Azure Will issue you an invoice correlated to your monthly usage.
Here’s the interesting part. Once you deploy your virtual machine, you will actually start paying
for it right away. Even if you don’t use it during the month, as long as the virtual machine is
running, it will generate costs for you.
These things are totally different with consumption-based plans and serverless computing.
Billing and actually the costs generated are based on a number of factors, such as the number
of code executions and the duration of the execution.
Simply put, you will pay for the computing power only when it’s used, so only when your code is
executed or run, and you will no longer pay for idle times.
Coming back to the scenario presented in this question, it is now obvious that you won’t have a
fixed predefined payment or a fee for your Azure Functions usage. This actually represents the
general rule for serverless computing and consumption based plans.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/consumption-plan
Quick Preview:
Question 53: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
When using Azure Functions with consumption-based plan, your Azure costs are reduced
because you will pay only when your functions are running.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
With Azure, you pay on a monthly basis for your usage in Azure platform, and the pricing model
is also known as pay-as-you-go.
For example, if you need to run a virtual machine in Azure, you will first need to select the
hardware configuration of your future VM, and it will be available to use in a couple of minutes.
At the end of the month, Azure Will issue you an invoice correlated to your monthly usage.
Here’s the interesting part. Once you deploy your virtual machine, you will actually start paying
for it right away. Even if you don’t use it during the month, as long as the virtual machine is
running, it will generate costs for you.
These things are totally different with consumption-based plans and serverless computing.
Billing and actually the costs generated are based on a number of factors, such as the number
of code executions and the duration of the execution.
Simply put, you will pay for the computing power only when it’s used, so only when your code is
executed or run, and you will no longer pay for idle times.
Coming back to the scenario presented in this question, it is now obvious that while using a
consumption based plan, you will pay only for the duration the functions are run.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/consumption-plan
Quick Preview:
Question 54: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
With consumption-based plans, you pay for serverless computing in Azure only when your code
is executed.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
With Azure, you pay on a monthly basis for your usage in Azure platform, and the pricing model
is also known as pay-as-you-go.
For example, if you need to run a virtual machine in Azure, you will first need to select the
hardware configuration of your future VM, and it will be available to use in a couple of minutes.
At the end of the month, Azure Will issue you an invoice correlated to your monthly usage.
Here’s the interesting part. Once you deploy your virtual machine, you will actually start paying
for it right away. Even if you don’t use it during the month, as long as the virtual machine is
running, it will generate costs for you.
These things are totally different with consumption-based plans and serverless computing.
Billing and actually the costs generated are based on a number of factors, such as the number
of code executions and the duration of the execution.
Simply put, you will pay for the computing power only when it’s used, so only when your code is
executed or run, and you will no longer pay for idle times.
Coming back to the scenario presented in this question, it is now obvious that while using a
consumption based plan, you will pay for serverless computing only for the duration the
functions or code are run.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/consumption-plan
Quick Preview:
Question 55: Correct
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
If you deploy the same resource in two different Azure regions, the cost generated will be the
same for both regions.
●
● Yes
●
● No
● (Correct)
Explanation
The pricing or cost generated by the same resources, deployed in different Azure regions is not
the same. For this reason, you may want to check this information before starting a new project
or implementation.
You can test the scenario easily if you navigate to the URL provided below in the reference
section. For example, if you want to deploy a Windows OS virtual machine in West Europe
region, you will see an approximate cost of 7.38 Euro per month, for a B1S VM instance size:
On the other hand, if you select a different region, for example Australia Central, you will get a
different monthly price for you B1S VM, around 8.12 Euro per month:
So yes, the price is not necessarily the same for your resource deployed in different Azure
regions, so the statement is false.
Reference:
https://azure.microsoft.com/en-gb/pricing/details/virtual-machines/windows/
Quick Preview:
Question 56: Incorrect
Please evaluate the following statement and select Yes if the statement is true, otherwise select
No.
Although not covered by formal SLA, public preview Azure services can be used for production
applications.
●
● Yes
● (Correct)
●
● No
● (Incorrect)
Explanation
First of all, public preview services are available to use to any Azure customers. Also, if
you need to deploy an application in Azure and you need a service or a feature that is
currently in public preview phase, you can definitely use that. It really doesn’t matter if
the application you are developing will be used in a production environment or not, you
can definitely use public preview services in the process.
The other aspect that you may want to be aware of is that public previous services are
not covered by formal service level agreements or SLAs. This means that, for example,
Microsoft doesn’t guarantee the uptime for the public preview service you are using.
Of course, if you can wait, you should be using only generally available (GA) services for
your production environment.
Reference:
https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
Quick Preview:
I hope you enjoyed this practice course, can I ask you to leave a review for this course?
I'd love to hear about your experience, this helps me keep going and create more Azure
content for the community. Also, your feedback will help other students to evaluate the
course and take the right decision. Thank you so much for your contribution!
Best of luck with your AZ-900 exam and please let me know how it went. Reading
success stories is the most rewarding aspect for me and I am confident that yours will
be next!