LogicApps Practice Test

AZ-900 Practice Test A
Question 1:
Skipped
What feature within Azure will make recommendations to you about reducing cost on
your account?
 Azure Security Center

 Azure Advisor
(Correct)
 Azure Dashboard
 Azure Service Health
Explanation
Azure Advisor analyzes your account usage and makes recommendations for you based on its
set rules
See: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
Question 2:
Skipped
In the context of cloud computing and Azure services, how would you define 'compute
resources'?
 They encompass Virtual Machines, Storage Accounts, and Virtual Networks.
 They refer exclusively to Virtual Machines.
 They are resources that execute tasks requiring CPU cycles.
(Correct)
 They include all resources listed in the Azure Marketplace.

Explanation
The correct answer is "They are resources that execute tasks requiring CPU cycles".
In cloud computing, the term "compute" refers to the amount of computational power
required to process a task - essentially, it's anything that uses processing power (CPU cycles)
to perform operations. This includes, but is not limited to, running applications, executing
scripts, and processing data.
While virtual machines (VMs) are a common type of compute resource, they are not the only
type. Azure offers a wide variety of compute resources, like Azure Functions for serverless
computing, Azure Kubernetes Service for container-based applications, and Azure Batch for
parallel and high-performance computing tasks.
So, the definition of compute resources is broader than just VMs or certain resources listed in
the Azure Marketplace. It also includes more than VMs, Storage Accounts, and Virtual
Networks, as these other resources (storage and networking) have distinct roles separate from
the compute resources. Storage accounts deal with data storage while virtual networks are
concerned with networking aspects in Azure, not with performing tasks that require CPU
cycles. Therefore, "They are resources that execute tasks requiring CPU cycles" is the most
accurate answer.
See: https://azure.microsoft.com/en-us/product-categories/compute/
Question 3:
Skipped
What is a primary benefit of opting for a consumption-based pricing model over a time-based
pricing model in cloud services?
 Significant cost savings when the resources aren't needed for constant use.
(Correct)
 A simpler and easier-to-understand pricing model.

 It always being cheaper to pay for consumption rather than paying hourly.
 The ability to easily predict the future cost of the service.
Explanation
The correct answer is "Significant cost savings when the resources aren't needed for constant
use". In a consumption-based pricing model, also known as pay-as-you-go, customers are
billed only for the specific resources they use. This model provides cost-efficiency for
workloads with variable usage patterns or for resources that aren't needed continuously.
When compared to a time-based pricing model, where resources are billed on a fixed
schedule regardless of actual use (for example, hourly or monthly), consumption-based
pricing can result in significant cost savings if the resources are not used often or their usage
fluctuates.
While the other options can be true in certain cases, they aren't inherently beneficial aspects
of the consumption-based model. The cost predictability can be challenging due to the
variable nature of usage (Answer 1), it's not always cheaper (Answer 2) as it depends on the
resource usage pattern, and the simplicity of the pricing model (Answer 4) depends on the
specific terms and conditions of the service provider. Therefore, the most accurate and
generalizable benefit is the potential for cost savings with infrequent or variable resource use.
See: https://docs.microsoft.com/en-us/azure/azure-functions/functions-consumption-costs
Question 4:
Skipped
If you wanted to simply use Azure as an extension of your own datacenter, not
primarily hosting anything there but using it for extra storage or taking advantage of
some services, what hosting model is that called?
 Hybrid cloud
(Correct)
 Public cloud
 Private cloud
Explanation
The correct answer is "Hybrid cloud." The scenario described in the question is a typical use
case for a hybrid cloud model, which integrates private cloud or on-premises infrastructure
with public cloud resources, such as those provided by Azure.
In a hybrid cloud model, businesses can keep sensitive data or critical applications on their
private cloud or on-premises datacenter for security and compliance reasons while using the
public cloud's vast resources for additional storage, computational power, or specific services
when necessary. This not only allows for greater flexibility and scalability, but also offers
potential cost savings.
In contrast, a purely public cloud model involves hosting all data and applications on a public
cloud provider's infrastructure, and a purely private cloud model involves hosting everything
on a business's own infrastructure or a rented, single-tenant infrastructure. The described
scenario of extending an on-premises datacenter with Azure services fits best with the hybrid
cloud model.
See: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/
Question 5:
Skipped
Which major cloud provider offers the most international locations for customers to
provision virtual machines and other servers?
 Google Cloud Platform

 Microsoft Azure
(Correct)
 Amazon AWS
Explanation
Microsoft Azure offers the most extensive global coverage among major cloud providers
regarding geographical regions. This allows customers to provision virtual machines,
databases, and other services in various international locations closer to their user base, which
can enhance performance, reduce latency, and comply with local regulations regarding data
residency.
While AWS (Amazon Web Services) and GCP (Google Cloud Platform) also provide many
regions globally, Microsoft Azure has distinguished itself with the broadest regional
availability.
See: https://azure.microsoft.com/en-us/global-infrastructure/regions/
Question 6:
Skipped
In Microsoft Azure, what is the maximum number of virtual machines that can be included in
a single Virtual Machine Scale Set, as per Azure's standard guidelines and capabilities?
 10000
 1000
(Correct)
 Unlimited
 500
Explanation
The correct answer is 1000.
Azure Virtual Machine Scale Sets are a service provided by Azure that allows you to manage,
scale, and distribute large numbers of identical virtual machines. As per the limitations set by
Microsoft Azure, a single Virtual Machine Scale Set can support up to 1000 VM instances.
This capacity allows for high availability and network load balancing across a large number
of virtual machines, providing a robust and efficient solution for applications that require
heavy compute resources. However, if you are using custom VM images, this limit decreases
to 600 instances.
This functionality is part of Azure's Infrastructure as a Service (IaaS) offerings, providing

flexibility and scalability to businesses and developers.
See: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
Question 7:
Skipped
Which feature within Azure collects all of the logs from various resources into a central
dashboard, where you can run queries, view graphs, and create alerts on certain events?
 Azure Portal Dashboard

 Storage Account or Event Hub
 Azure Monitor
(Correct)
Explanation
Azure Monitor - a centralized dashboard that collects all the logs, metrics and events from
your resources
See: https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question 8:
Skipped
In the context of Azure's high availability solutions, what is the primary purpose of Azure
Availability Zones?
 They are synonymous with an Azure region.
 They allow manual selection of data centers for virtual machine placement to
achieve superior availability compared to other options.
(Correct)
 They represent certain server racks within individual data centers, specifically
designed by Azure for higher uptime.
 They serve as a folder structure in Azure used for organizing resources such as
databases, virtual machines, and virtual networks.
Explanation
The correct answer is: "They allow manual selection of data centers for virtual machine
placement to achieve superior availability compared to other options."
Azure Availability Zones are a high availability offering that protects applications and data
from datacenter failures. Each Azure region is composed of multiple datacenters, and each
datacenter is essentially an Availability Zone. They are unique physical locations within a
region, equipped with their own independent power, cooling, and networking.
By placing your resources across different Availability Zones within a region, you can protect
your apps and data from the failure of a single datacenter. If one datacenter goes down, the
resources in the other datacenters (Availability Zones) can continue to operate, providing
redundancy and increasing the overall availability of your applications.
It's important to note that these zones are not the same as Azure regions (which are
geographical areas containing one or more datacenters), nor are they equivalent to resource
groups (which are logical containers for resources deployed on Azure). They are also not
isolated to specific racks within a datacenter, but rather spread across different datacenters in
a region, offering a broader scope of protection.
See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Question 9:
Skipped
What is Single Sign-On?
 The ability to use an existing user id and password to sign in other applications,
and not have to create/memorize a new one.
(Correct)
 When you sign in to an application, it remembers who you are the next time you
go there.
 When an application outsources (federates) it's identity service to a third-party
platform
Explanation
Single Sign-On - the ability to use the same user id and password to log into every
application that your company has; enabled by Azure AD
See: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-
sign-on
Question 10:
Skipped
Who is responsible for the security of your Azure Storage account access keys?
 Azure is responsible for securing the access keys

 I am responsible for securing the access keys
(Correct)
Explanation
Customers are responsible to secure the access keys they are given and regenerate them if
they are exposed.
See: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage
Question 11:
Skipped
In the context of Azure's Service Level Agreement (SLA) for virtual machines, which of the
following deployment strategies would offer the highest level of availability?
 Deploying a single virtual machine.
 Deploying two or more virtual machines within an availability set.
 Deploying two or more virtual machines within the same data center.
 Deploying two or more virtual machines across different availability zones
within the same region.
(Correct)
Explanation
The correct answer is "Deploying two or more virtual machines across different availability
zones within the same region".
Service Level Agreement (SLA) is a commitment by a service provider on the level of

service - like uptime, performance, or other key metrics - that users can expect. Azure
provides an SLA for various services, including Virtual Machines.
A single VM, even with premium storage, provides a lesser SLA compared to VMs deployed
in an Availability Set or across Availability Zones. While using an Availability Set (two or
more VMs in the same datacenter but across fault and update domains) provides a higher
SLA than a single VM, the highest SLA is provided when two or more VMs are deployed
across Availability Zones in the same region.
Availability Zones are unique physical locations within a region. Each zone is made up of
one or more datacenters equipped with independent power, cooling, and networking. They
are set up to be an isolation boundary - if one zone goes down, the other continues working.
This distribution of VMs across zones provides high availability and resiliency, hence
offering the highest SLA.
See: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
Question 12:
Skipped
Which Azure service is meant to be a security dashboard that contains all the security and
threat protection in one place?
 Azure Key Vault

 Azure Monitor
(Correct)
Explanation
Azure Security Center - unified security management and threat protection; a security
dashboard inside Azure Portal
See: https://azure.microsoft.com/en-us/services/security-center/
Question 13:
Skipped
Which Azure website tool is available for you to estimate the future costs of your Azure
products and services by adding products to a shopping basket and helping you
calculate the costs?
 Microsoft Docs
 Azure Advisor
 Azure Pricing Calculator
(Correct)
Explanation
Azure Pricing Calculator lets you attempt to calculate your future bill based on resources you
select and your estimates of usage
See: https://azure.microsoft.com/en-us/pricing/calculator/
Question 14:
Skipped
What is the default amount of credits that you are given when you first create an Azure
Free account?
 Azure does not give you any free credits when you create a free account
 You are given $50 per month, for one year towards Azure services
 The default is US$200
(Correct)
 You can create 1 Linux VM, 1 Windows VM, and a number of other free
services for the first year.
Explanation
There are some other benefits to a free account, but you get US$200 to spend in the first
month.
See: https://azure.microsoft.com/free
Question 15:
Skipped
Which Azure Service contains pre-built machine learning models that you can use in your
own code, using an API?
 App Services
 Azure Blueprints
 Azure Functions
 Cognitive Services
(Correct)
Explanation
Cognitive Services is an API that Azure provides, that gives access to a set of pre-built
machine learning models including vision services, speech services, knowledge management
and chat bots.
Question 16:
Skipped
In the context of cloud computing, a virtual machine (VM) is primarily associated with which
type of cloud hosting model?
 Software as a Service (SaaS)
 Infrastructure as a Service (IaaS)
(Correct)
 Platform as a Service (PaaS)

Explanation
The correct answer is IaaS, which stands for Infrastructure as a Service. In the context of
cloud computing, a virtual machine (VM) is typically provided as part of an IaaS offering.
With IaaS, the provider manages the underlying physical infrastructure (like servers, network
equipment, and storage), while the consumer controls the virtualized components of the
infrastructure, such as the virtual machines, their operating systems, and the applications
running on them.
This is contrasted with the other options. In a Platform as a Service (PaaS) model, the
consumer only controls the applications and possibly some configuration settings for the
application-hosting environment, but does not manage the operating system, server hardware,
or network infrastructure. Similarly, in a Software as a Service (SaaS) model, the consumer
only uses the software and does not control any aspect of the infrastructure or platform where
the application runs.
Therefore, given that a virtual machine involves control over the operating system and
applications within a cloud-managed infrastructure, it aligns with the IaaS hosting model.
See: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 17:
Skipped
What is the name of the group of services inside Azure that hosts the Apache Hadoop big
data analysis tools?
 Azure Hadoop Services

 Azure Data Factory
 HDInsight
(Correct)
 Azure Kubernetes Services
Explanation
The correct answer is HDInsight. HDInsight is Microsoft Azure's offering for hosting the
Apache Hadoop big data analysis tools. Apache Hadoop is an open-source software platform
that supports data-intensive distributed applications. This platform enables processing large
amounts of data across clusters of computers.
Azure HDInsight is a cloud distribution of the Hadoop components from the Hortonworks
Data Platform. It allows Azure users to process vast amounts of data with popular open-
source frameworks such as Hadoop, Hive, HBase, Storm, and others. Additionally, the
HDInsight service also supports R, Python, Scala, and .NET. So, it's not just limited to
traditional Hadoop tools.
Options like 'Azure Hadoop Services' and 'Azure Data Factory' are incorrect as Azure doesn't
have a service named 'Azure Hadoop Services' and 'Azure Data Factory' is a cloud-based data
integration service. 'Azure Kubernetes Services' is a service for managing containerized
applications, not specifically for Hadoop.
See: https://azure.microsoft.com/en-us/services/hdinsight/
Question 18:
Skipped
Within the landscape of cloud service models, how would Microsoft's Outlook 365 be best
categorized?
 Software as a Service (SaaS)
(Correct)
 Platform as a Service (PaaS)

 Infrastructure as a Service (IaaS)
Explanation
The correct answer is SaaS, which stands for Software as a Service. Outlook 365, part of
Microsoft's Office 365 suite, is a cloud-based service that provides access to various
applications and services, including email, calendars, and contact management, which are
delivered over the internet.
In a SaaS model, the service provider is responsible for the infrastructure, platform, and
software, and ensures their maintenance and updates. Users simply access the services via a
web browser or app, without needing to worry about the underlying infrastructure, platform,
or software updates.
This contrasts with Infrastructure as a Service (IaaS), where the user is responsible for
managing the operating systems, middleware, and applications, and Platform as a Service
(PaaS), where the user manages only the applications and data. In both these models, the
users have more responsibilities compared to SaaS.
Since Outlook 365 is a software application delivered over the web with all underlying
infrastructure and platform taken care of by Microsoft, it falls into the SaaS hosting model.
See: https://azure.microsoft.com/en-us/overview/what-is-saas/
Question 19:
Skipped
What is a DDoS attack?
 An attempt to send SQL commands to the server in a way that it will execute
them against the database
 An attempt to guess a user's password through brute force methods
 A denial of service attack that sends so much traffic to a network that it cannot
respond fast enough; legitimate users become unable to use the service
(Correct)
 An attempt to read the contents of a web page from another website, thereby
stealing the user's private information
Explanation
Distributed Denial of Service attacks (DDoS) -a type of attack that originates from the
Internet that attempts to overwhelm a network with millions of packets of bad traffic that
aims to prevent legitimate traffic from getting through
See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Question 20:
Skipped
True or false: there are no service level guarantees (SLA) when a service is in General
Availability (GA)
 FALSE
(Correct)
 TRUE
Explanation
False, most Azure GA services do have service level agreements
See: https://azure.microsoft.com/en-ca/support/legal/sla/
Question 21:
Skipped
Which Azure feature is specifically designed to help companies get their in-house developed
code from the code repository, through automated unit testing, and onto Azure using a service
called Pipelines?
 Virtual Machines
 GitHub
 Azure DevOps
(Correct)
 Azure Monitor
Explanation
Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to
build an automation that moves code (and all related dependencies) through various stages
from the development environment into deployment.
Question 22:
Skipped
What is the basic way of protecting an Azure Virtual Network subnet?
 Azure DDos Standard protection

 Network Security Group
(Correct)
 Azure Firewall
 Application Gateway with WAF
Explanation
Network Security Group (NSG) - a fairly basic set of rules that you can apply to both
inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports
are allowed to travel through from outside the virtual network to inside the virtual network
See: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 23:
Skipped
True or false: You cannot have more than one Azure subscription per company
 FALSE
(Correct)
 TRUE
Explanation
You can have multiple subscriptions, as a way to separate out resources between billing units,
business groups, or for any reason you wish.
See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/
subscriptions/
Question 24:
Skipped
Which of the following is a feature of the cool access tier for Azure Storage?
 Significant delays in accessing your data, up to several hours

 Cheapest option when it comes to bandwidth costs to access your files
 Most expensive option when it comes to bandwidth cost to access your files
 Much cheaper to store your files than the hot access tier
(Correct)
Explanation
Cool access tier offers cost savings when you expect to store your files and not need to access
them often
See: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?
tabs=azure-portal
Question 25:
Skipped
What type of container is used to collect log and metric data from various Azure Resources?
 Managed Storage
 Append Blob Storage
 Log Analytics Workspace
(Correct)
 Azure Monitor account
Explanation
Log Analytics Workspace is required to collect logs and metrics
See: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access
Question 26:
Skipped
Which of the following best describes the primary benefit of a Content Delivery Network
(CDN) in a cloud computing context?
 For a nominal fee, Azure will manage your virtual machine, perform OS
updates, and ensure optimal performance.
 It provides fast and inexpensive data retrieval for later use.
 It enables temporary session information storage for web visitors, such as their
login ID or name.
 It mitigates server load for static, unchanging files like images, videos, and PDFs
by distributing them across a network of servers.
(Correct)
Explanation
The correct answer, "It mitigates server load for static, unchanging files", is indeed the core
benefit of a Content Delivery Network (CDN). A CDN stores copies of a website's static files
on servers distributed globally. These static files could be anything that doesn't change
frequently, like images, CSS, JavaScript, videos, etc. When a user visits the site, they are
served these static files from the CDN server nearest to them geographically. This reduces the
latency, as the data has a shorter distance to travel. Additionally, it reduces the load on the
original server because the CDN handles a significant portion of the traffic. As a result, not
only is the user experience improved due to faster load times, but the operational efficiency
and performance of the original server are also enhanced. Therefore, CDNs are essential for
sites serving large amounts of static content to a geographically dispersed user base.
See: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question 27:
Skipped
True or false: you can create your own policies if built-in Azure Policy is not sufficient
to your needs
 FALSE
 TRUE
(Correct)
Explanation
True, you can create custom policies using JSON
See: https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-custom-
policy-definition
Question 28:
Skipped
Which of the following Azure features is most likely to deliver the most immediate
savings when it comes to reducing Azure costs?
 Using Azure Policy to restrict the user of expensive VM SKUs

 Changing your storage accounts from globally redundant (GRS) to locally
redundant (LRS)
 Auto shutdown of development and QA servers over night and on weekends
 Using Azure Reserved Instances for most of your virtual machines
(Correct)
Explanation
Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual
machines
See: https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/save-
compute-costs-reservations
Question 29:
Skipped
Which of the following is something that Azure Cognitive Services API can currently
do?
 Translate text from one language to another
 Speak text in an extremely realistic way
 Create text from audio
 All of these! Azure can do it all!
(Correct)
 Recognize text in an image

Explanation
Azure can do all of them, of course.
See: https://docs.microsoft.com/en-us/azure/cognitive-services/welcome
Question 30:
Skipped
Which ways does the Azure Resource Manager model provide to deploy resources?
 Azure Portal
(Correct)
 Powershell
(Correct)
 REST API / SDK
(Correct)
 CLI
(Correct)
Explanation
Azure Resource Manager (ARM) is the deployment and management service for Azure. It
provides a management layer that enables you to create, update, and delete resources in your
Azure account. The ARM model allows you to work with resources in a consistent manner,
whether through Azure portal, PowerShell, REST APIs/SDKs, or the Command-Line
Interface (CLI).
1. Azure Portal: This is a web-based, unified console that provides an alternative to

command-line tools. You can manage your Azure resources directly through a GUI.
2. PowerShell: Azure PowerShell is a module that provides cmdlets to manage Azure
through Windows PowerShell and PowerShell Core. You can use it to build scripts
for managing and automating your Azure resources.
3. REST API / SDK: Azure provides comprehensive REST APIs that can be used
directly or via Azure SDKs available in multiple languages. This allows developers to
integrate Azure services in their applications, services, or tools.
4. CLI: Azure CLI is a cross-platform command-line program that connects to Azure
and executes administrative commands on Azure resources. It's designed to make
scripting easy, authenticate with Azure platform, and quickly run commands to
perform common administrative tasks or deploy to Azure.
Each of these methods supports the full set of Azure Resource Manager features, and you can
choose the one that best fits your workflow.
See: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
Question 31:
Skipped
True or False: Azure is a public cloud, and has no private cloud offerings
 FALSE
(Correct)
 TRUE
Explanation
The correct answer is FALSE. While Azure is indeed widely recognized as a public cloud
provider, offering a vast array of services accessible via the internet on a multi-tenant basis, it
does also provide private cloud capabilities.
One notable offering is Azure Stack, an extension of Azure that allows businesses to run apps
in an on-premises environment and deliver Azure services in their datacenter. With Azure
Stack, you get the flexibility of using Azure’s cloud capabilities while maintaining your own
datacenter for privacy, regulatory compliance, or other requirements.
Additionally, Azure offers services such as Azure Private Link, which provides private
connectivity from a virtual network to Azure services, and Azure ExpressRoute, a service
that enables a private, dedicated network connection to Azure.
So, contrary to the statement, Azure does have private cloud offerings along with its public
cloud, making the statement FALSE.
See: https://azure.microsoft.com/en-us/overview/what-is-a-private-cloud/
And see: https://azure.microsoft.com/en-us/global-infrastructure/government/
And see: https://azure.microsoft.com/en-us/overview/azure-stack/
Question 32:
Skipped
In Microsoft Azure, which tool or service allows for the organization and management of
multiple subscriptions within hierarchical structures?
 Resource Groups
 Azure Active Directory
 RBAC (Role-Based Access Control)
 Management Groups
(Correct)
Explanation
The correct answer is Management Groups. In Azure, Management Groups provide a way
to manage access, policies, and compliance for multiple subscriptions. They can be structured
into a hierarchy for the organization's needs. All subscriptions within a Management Group
automatically inherit the conditions applied to the Management Group, facilitating
governance on a large scale.
Resource Groups, on the other hand, are containers for resources deployed on Azure. They
do not provide management capabilities across multiple subscriptions.
RBAC (Role-Based Access Control) is a system that provides fine-grained access

management to Azure resources but it doesn't inherently support the organization of
subscriptions into hierarchies.
Azure Active Directory is a service that provides identity and access management
capabilities but does not provide a direct mechanism for managing multiple subscriptions in
nested hierarchies.
Hence, Management Groups is the correct answer as it directly allows for the management
and organization of multiple subscriptions into nested hierarchies, which the other options do
not.
See: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
Question 33:
Skipped
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine
instances you can use. How can you create a VM that is blocked by the policy?
 The only way is to remove the policy, create the resource and add the policy back
(Correct)
 Subscription Owners (Administrators) can create resources regardless of what

the policy restricts
 Use an account that has Contributor or above permissions to the resource group
Explanation
You cannot perform a task that violates policy, so you have to remove the policy in order to
perform the task.
See: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question 34:
Skipped
Which tool within Azure helps you to track your compliance with various international
standards and government laws?
 Service Trust Portal

 Microsoft Privacy Statement
 Compliance Manager
(Correct)
 Azure Government Services
Explanation
Compliance Manager will track your own compliance with various standards and laws.
See: https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-
compliance-manager-general-availability/ba-p/161922
Question 35:
Skipped
What is the name of Azure's hosted SQL database service?
 Table Storage
 Cosmos DB
 SQL Server in a VM
 Azure SQL Database
(Correct)
Explanation
SQL Database is a SQL Server compatible option in Azure, a database as a service
See: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-technical-overview
Question 36:
Skipped
Logic apps, functions, and service fabric are all examples of what model of compute
within Azure?
 IaaS model
 SaaS model
 Serverless model
(Correct)
 App Services Model
Explanation
The correct answer is the Serverless model. Azure Logic Apps, Azure Functions, and Azure
Service Fabric are all examples of serverless computing in Azure.
Serverless computing is a cloud computing model where the cloud provider automatically
manages the provisioning and allocation of servers, hence the term "serverless". The
serverless model allows developers to focus on writing the code and business logic rather
than worrying about the underlying infrastructure, its setup, maintenance, scaling, and
capacity planning.
Azure Logic Apps is a cloud service that allows developers to build workflows that integrate
apps, data, services, and systems. Azure Functions is an event-driven, compute-on-demand
experience that extends the existing Azure application platform with capabilities to
implement code triggered by events occurring in Azure or third-party services. Azure Service
Fabric is a distributed systems platform that makes it easy to package, deploy, and manage
scalable and reliable microservices.
In contrast, IaaS (Infrastructure as a Service) refers to cloud-based services where you rent IT
infrastructure—servers and virtual machines (VMs), storage, networks, and operating
systems—from a cloud provider on a pay-as-you-go basis. SaaS (Software as a Service) is a
software distribution model in which a third-party provider hosts applications and makes
them available to customers over the Internet, which doesn't align with the services
mentioned in the question. The App Services model is a platform for hosting web
applications, REST APIs, and mobile backends, but it's not strictly serverless as it doesn't
auto-scale in the same way.
See: https://azure.microsoft.com/en-us/solutions/serverless/
Question 37:
Skipped
Who is responsible for the security of the physical servers in an Azure data center?
 I am responsible for securing the physical data centers

 Azure is responsible for securing the physical data centers
(Correct)
Explanation
Azure is responsible for physical security
See: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security
Question 38:
Skipped
You have decided to subscribe to Azure DDoS Protection at the IP Protection Tier. This
provides advanced protection to defend against DDoS attacks. What type of DDoS attack
does DDoS Protection NOT protect against?
 Transport (L4) level attacks
 Application (L7) level attacks
(Correct)
 Network (L3) level attacks

Explanation
The correct answer is "Application level attacks":
 Network-level attacks are attacks that target the network infrastructure, such as the
routers and switches that connect your Azure resources to the internet. Azure DDoS
Protection IP Protection Tier can protect against network-level attacks by absorbing
and rerouting excessive traffic, and by scrubbing malicious traffic.
 Transport-level attacks are attacks that target the transport layer of the network
protocol stack, such as TCP and UDP. Azure DDoS Protection IP Protection Tier can
protect against transport-level attacks by absorbing and rerouting excessive traffic,
and by scrubbing malicious traffic.
 Application-level attacks are attacks that target the application layer of the network
protocol stack, such as HTTP and DNS. Azure DDoS Protection IP Protection
Tier does not protect against application-level attacks, because it is designed to
protect against network and transport-level attacks.
To protect against application-level attacks, you need to use a web application firewall
(WAF). A WAF is a software appliance that sits in front of your application and filters out
malicious traffic. WAFs can be configured to protect against a wide variety of application-
level attacks, such as SQL injection, cross-site scripting, and denial of service attacks.
See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Question 39:
Skipped
Azure Services can go through several phases in a Service Lifecycle. What are the three
phases called?
 Private Preview, Public Preview, and General Availability
(Correct)
 Preview Phase, General Availability Phase, and Unpublished

 Development phase, QA phase, and Live phase
 Announced, Coming Soon, and Live
Explanation
Private Preview, Public Preview, and General Availability
Question 40:
Skipped
In the context of cloud computing, how is the benefit of 'agility' best described?
 It refers to the ability to quickly respond to and drive changes in the market.
(Correct)
 It refers to the ability to rapidly provision new resources.

 It refers to the system's ability to easily scale up when it reaches full capacity.
 It refers to the ability to swiftly recover from a large-scale regional failure.
Explanation
The correct answer is "It refers to the ability to quickly respond to and drive changes in the
market". Agility, in the context of cloud computing, refers to the ability of an organization to
rapidly adapt to market and environmental changes in productive and cost-effective ways. It
involves quickly adjusting and adapting strategic and operational capabilities to respond to
and take advantage of changes in the business environment.
The other options, while also benefits of the cloud, do not directly align with the concept of
agility. Spinning up new resources quickly (Answer 2) or growing capacity easily when full
(Answer 3) relate more to the cloud's scalability and elasticity. The ability to recover from a
region-wide failure rapidly (Answer 4) speaks to the cloud's resilience and disaster recovery
capabilities.
While these aspects can contribute to overall business agility, they don't encapsulate the
broader strategic meaning of agility - the capacity to quickly adjust to market changes, which
can include shifts in customer demand, competitive pressures, or regulatory changes, among
others. Hence, the ability to respond to and drive market change quickly is the most accurate
answer.
See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-
outcomes/agility-outcomes
Question 41:
Skipped
Can you give someone else access to your Azure subscription without giving them your
user name and password?
 NO
 YES
(Correct)
Explanation
Yes, anyone can create their own Azure account and you can give them access to your
subscription with granular control as to permissions
See: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Question 42:
Skipped
What is Azure's preferred Identity/authentication service?
 Live Connect
(Correct)
 Facebook Connect
Explanation
Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis
Question 43:
Skipped
An IT administrator has the requirement to control access to a specific app resource using
multi-factor authentication. What Azure service satisfies this requirement?
 Azure Authorization
 Microsoft Entra ID
(Correct)
 Azure Authentication
 Azure Function
Explanation
You can use Microsoft Entra ID (new name for Azure AD) to control access to your apps and
your app resources, based on your business requirements. In addition, you can use Microsoft
Entra ID (Azure AD) to require multi-factor authentication when accessing important
organizational resources.
whatis#which-features-work-in-azure-ad
Question 44:
Skipped
What is the MAIN management tool used for managing Azure resources with a
graphical user interface?
 PowerShell
 Azure Storage Explorer
 Azure Portal
(Correct)
 Remote Desktop Protocol (RDP)
Explanation
Azure Portal is the website used to manage your resources in Azure
See: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
Question 45:
Skipped
True or false: Formal support is not included in private preview mode.
 FALSE
 TRUE
(Correct)
Explanation
True. Preview features are not fully ready and this phase does not include formal support.
See: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
Question 46:
Skipped
True or False: Azure has the responsibility to manage the hardware in the Infrastructure as a
Service model
 TRUE
(Correct)
 FALSE
Explanation
The correct answer is TRUE. In an Infrastructure as a Service (IaaS) model, the cloud service
provider, in this case Microsoft Azure, is responsible for managing the underlying physical
hardware. This includes servers, storage, networking hardware, and the virtualization layer.
Azure ensures that these resources are available and maintained, providing capabilities like
automated backup, disaster recovery, and scaling.
The customer, on the other hand, is responsible for managing the software components of the
service, including the operating system, middleware, runtime, data, and applications. This
arrangement allows customers to focus on their core business and application development
without worrying about the physical infrastructure's procurement, management, and
maintenance.
It's important to remember that the division of responsibilities may change in other service
models like Platform as a Service (PaaS) or Software as a Service (SaaS), where the cloud
service provider manages more layers of the technology stack. But for IaaS, the provider
indeed manages the hardware, making the statement TRUE.
See: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 47:
Skipped
Which feature of Azure Active Directory will require users to have their mobile phone
in order to be able to log in?
 Azure Information Protection (AIP)

 Advanced Threat Protection (ATP)
 Multi-Factor Authentication
(Correct)
Explanation
Multi-Factor Authentication (MFA) - the concept of having something additional to a
“password” that is required to log in; passwords are find-able or guessable; but having your
mobile phone on you to receive a phone call, text or run an app to get a code is harder for an
unknown hacker to get
See: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-
howitworks
Question 48:
Skipped
Which of the following characteristics of a cloud-based system primarily contributes to its
elasticity?
 The system's ability to recover automatically after a crash.
 The system's ability to dynamically increase and decrease capacity based on real-
time demand.
(Correct)
 The system's ability to withstand denial-of-service attacks.

 The system's ability to maintain availability while updates are being
implemented.
Explanation
The correct answer is "The ability to increase and reduce capacity based on actual demand."
This characteristic refers to the concept of elasticity in cloud computing. An elastic system is
one that can automatically adjust its resources (compute, storage, etc.) in response to
changing workloads and demands. This is done to ensure optimal performance and cost-
effectiveness. When demand increases, the system can scale out by adding more resources,
and when demand decreases, it can scale in by reducing resources, all without significant
manual intervention.
The other options, while important for overall system robustness, do not define elasticity.
Withstanding denial of service attacks pertains to security, maintaining availability during
updates refers to zero-downtime deployment or high availability, and self-healing after a
crash refers to resilience or fault tolerance. None of these are about dynamically adjusting
capacity based on demand, which is the hallmark of an elastic system.
See: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/
Question 49:
Skipped
When establishing a Site-to-Site VPN connection with Azure, what kind of network device
needs to be present or installed in your company's on-premises network infrastructure?
 A compatible VPN Gateway device
(Correct)
 A dedicated virtual machine

 An Azure Virtual Network
 An Application Gateway
Explanation
The correct answer is a compatible VPN Gateway device.
In order to establish a site-to-site VPN connection with Azure, a VPN Gateway is required on
your company's internal network. A VPN Gateway is a specific type of virtual network
gateway that sends encrypted traffic across a public network, like the Internet.
While the name might suggest it's a purely virtual entity, in practice, the term "VPN
Gateway" often refers to a hardware device that's installed on-premises in your data center.
This device uses Internet Protocol security (IPsec) to establish a secure, encrypted connection
to the Azure VPN Gateway, which resides in the Azure virtual network.
This setup allows your local network and Azure to interact as if they're directly connected. In
contrast, virtual machines, virtual networks, and application gateways are other types of
Azure resources, but they do not facilitate creating a site-to-site VPN connection. It's
important to note that your company's internal network hardware and settings must meet
specific requirements to support a VPN Gateway.
See: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-
resource-manager-portal
Question 50:
Skipped
Which of the following characteristics is essential for a system to be considered highly
available in a cloud computing environment?
 It's impossible to create a highly available system.
 The system must be designed for resilience, with no single points of failure.
(Correct)
 The system must operate on a minimum of two virtual machines.

 The system must maintain 100% availability at all times.
Explanation
The correct answer is "A system specifically designed to be resilient, with no single point of
failures". High availability in a system means that it is designed to operate continuously
without failure for a long period of time. This is achieved by building redundancy into the
system, eliminating single points of failure, and enabling rapid recovery from any failures
that do occur. In other words, even if a component of the system fails, there are other
components that can take over, allowing the system to continue operating seamlessly.
While high availability often aims for close to 100% uptime, the claim of maintaining 100%
availability is practically unrealistic due to factors like maintenance needs and unexpected
failures. Also, having a minimum of two VMs may contribute to high availability but isn't a
definitive requirement — it depends on the specifics of the system architecture.
Finally, the assertion that it's not possible to create a highly available system is incorrect.
There are established strategies and technologies for designing and operating highly available
systems, and they are widely used in mission-critical applications across many industries.
See: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/availability
AZ-900 Practice Test B

Question 1:
Skipped
In what way does Multi-Factor Authentication increase the security of a user account?
 It requires the user to possess something like their phone to read an SMS, use a
mobile app, or biometric identification.
(Correct)
 It doesn't. Multi-Factor Authentication is more about access and authentication
than account security.
 It requires users to be approved before they can log in for the first time.
 It requires single sign-on functionality
Explanation
MFA requires that the user have access to their mobile phone for using SMS or an app.
For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/

concept-mfa-howitworks
Question 2:
Skipped
Which of the following cloud computing models requires the highest level of involvement in
maintaining the operating system and file system by the customer?
 IaaS
(Correct)
 FaaS
 SaaS
 PaaS
Explanation
IaaS or Infrastructure as a service requires you to keep your OS patched, close ports, and
generally protect your own server
For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 3:
Skipped
What does it mean if a service is in Public Preview mode?
 The service is generally available for use, and Microsoft will provide support for
it
 Anyone can use the service for any reason
 Anyone can use the service but it must not be for production use
(Correct)
 You have to apply to get selected in order to use that service
Explanation
Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be
available
For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
Question 4:
Skipped
If you are a US federal, state, local, or tribal government entities and their solution
providers, which Azure option should you be looking to register for?
 Azure Department of Defence

 Azure Public Portal
 Azure Government
(Correct)
 Azure is not available for government officials
Explanation
Hopefully, it's clear that US Federal, State, Local and Tribal governments can use the US
Government portal
For more info: https://docs.microsoft.com/en-us/azure/azure-government/documentation-

government-welcome
Question 5:
Skipped
What database service is specifically designed to be extremely fast in responding to
requests for small amounts of data (called low latency)?
 SQL Data Warehouse

 SQL Database
 Cosmos DB
(Correct)
Explanation
Cosmos DB - extremely low latency (fast) storage designed for smaller pieces of data
quickly; SaaS
For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/
Question 6:
Skipped
Which of the following scenarios would Azure Policy be a recommended method for
enforcement?
 Prevent certain Azure Virtual Machine instance types from being used in a
resource group
(Correct)
 Allow only one specific roles of users to have access to a resource group
 Require a virtual machine to always update to the latest security patches
 Add an additional prompt when creating a resource without a specific tag to ask
the user if they are really sure they want to continue?
Explanation
Azure Policy can add restrictions on storage account SKUs, virtual machine instance types,
and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if
they are sure.
For more info: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question 7:
Skipped
Within the context of privacy and compliance, what does the acronym ISO stand for, in
English?
 Instead of
 International Organization for Standardization
(Correct)
 Information Systems Officer

 Intelligence and Security Office
Explanation
ISO is a standards body, International Organization for Standardization
For more info: https://www.iso.org/about-us.html
Question 8:
Skipped
What is the benefit of using a command line tool like Powershell or CLI as opposed to
the Azure portal?
 Quicker to deploy VMs

 Automation
(Correct)
 Cheaper
Explanation
The real benefit is automation. Being able to write a script to do something is better than
having to do it manually each time.
For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?

view=azure-cli-latest
For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?

view=azps-4.5.0
Question 9:
Skipped
What is the service level agreement for two or more Azure Virtual Machines that have
been manually placed into different Availability Zones in the same region?
 100%
 99.99%
(Correct)
 99.90%
 99.95%
Explanation
99.99%
For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
Question 10:
Skipped
Why is Azure App Services considered Platform as a Service?
 Azure App Services is not PaaS, it's Software as a Service.

 You can decide on what type of virtual machine it runs - A-series, or D-series, or
even H-series
 You give Azure the code and configuration, and you have no access to the
underlying hardware
(Correct)
 You are responsible for keeping the operating system up to date with the latest
patches
Explanation
You give Azure the code and configuration, and you have no access to the underlying
hardware
For more info: https://docs.microsoft.com/en-us/azure/app-service/overview
Question 11:
Skipped
How many regions does Azure have in Brazil?
 0
 4
 1
(Correct)
 2
Explanation
There is 1 region in Brazil.
For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/
Question 12:
Skipped
True or false: Azure charges for bandwidth used "inbound" to Azure
 FALSE
(Correct)
 TRUE
Explanation
Ingress bandwidth is free. You pay for egress (outbound).
For more info: https://azure.microsoft.com/en-us/pricing/details/bandwidth/
Question 13:
Skipped
What is the Azure SLA for two or more Virtual Machines in an Availability Set?
 99.99%
 100%
 99.90%
 99.95%
(Correct)
Explanation
99.95%
Question 14:
Skipped
What is the concept of Availability?
 The percentage of time a system responds properly to requests, expressed as a

percentage over time
(Correct)
 A system must have 100% uptime to be considered available

 A system that can scale up and scale down depending on customer demand
 A system that has a single point of failure
Explanation
Availability - what percentage of time does a system respond properly to requests, expressed
as a percentage over time
For more information on region and availability zones

see: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
For more information on availability options for virtual machines

see: https://docs.microsoft.com/en-us/azure/virtual-machines/availability
Question 15:
Skipped
In which US state is the East US 2 region?
 Virginia
(Correct)
 Iowa
 California
 Texas
Explanation
East US 2 is in the Eastern state of Virginia, close to Washington DC
For more info: https://azure.microsoft.com/en-us/global-infrastructure/data-residency/
Question 16:
Skipped
What is the benefit of using Powershell over CLI?
 No benefit, it's the same
(Correct)
 Quicker to deploy VMs

 Cheaper
 More powerful commands
Explanation
There is no benefit, only a matter of personal choice.
For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?

view=azure-cli-latest
For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?

view=azps-4.5.0
Question 17:
Skipped
Windows servers use "remote desktop protocol" (RDP) in order for administrators to get
access to manage the server. Linux servers use SSH. What is the recommendation for
ensuring the security of these protocols?
 Disable RDP access using the Windows Services control panel admin tool
 Ensure strong passwords on your Windows admin accounts
 Do not allow public Internet access over the RDP and SSH ports directly to the
server. Instead use a secure server like Bastion to control access to the servers
behind.
(Correct)
 Do not enable SSH access for Linux servers
Explanation
You need to either control access to the RDP and SSH ports to a very specific range of IPs,
enable the ports only when you are using it, or use a Bastion server/jump box to protect those
servers.
For more info: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview
Question 18:
Skipped
What is a benefit of economies of scale?
 Big companies don't need to make a profit on the first product they sell you,
because they will make a profit on the second
 The more you buy of something, the cheaper it is for you
(Correct)
 Prices of cloud servers and services are always going down. It'll be cheaper next
year than it is this year.
 Big companies don't need to make a profit on every sale
Explanation
Economies of Scale - the more of an item that you buy, the cheaper it is per unit
For more info: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/

3b-economies-of-scale
Question 19:
Skipped
What does ARM stand for in Azure?
 Account Resource Manager

 Availability, Reliability, Maintainability
 Azure Resource Manager
(Correct)
 Advanced RISC Machine
Explanation
Azure Resource Manager (ARM) - this is the common resource deployment model that
underlies all resource creation or modification; no matter whether you use the portal,
powershell or the SDK, the Azure Resource Manager takes those commands and executes
them
For more info: https://docs.microsoft.com/en-us/azure/azure-resource-manager/

management/overview
Question 20:
Skipped
What is the maximum amount of Azure Storage space a single subscription can store?
 500 GB
 2 TB
 Virtually unlimited
(Correct)
 5 PB
Explanation
A single Azure subscription can have up to 250 storage accounts per region, and each storage
account can store up to 5 Petabytes. That is 31 million Terabytes. This is probably 15-20
times what Google, Amazon, Microsoft and Facebook use combined. That's a lot.

management/azure-subscription-service-limits#storage-limits
Question 21:
Skipped
What is the new data privacy and information protection regulation that took effect
across Europe in May 2018?
 GDPR
(Correct)
 PCI DSS
 FedRAMP
 ISO 9001:2015
Explanation
The General Data Protection Regulation (GDPR) took effect in Europe in May 2018.
For more info: https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr?view=o365-
worldwide
Question 22:
Skipped
What does it mean if a service is in General Availability (GA) mode?
 The service has now reached public preview, and Microsoft will provide support
for it
(Correct)

Explanation
Anyone can use a GA service. It is fully supported and can be used for production.
Question 23:
Skipped
Which of the following elements is considered part of the "perimeter" layer of security?
 Locks on the data center doors

 Use a firewall
(Correct)
 Separate servers into distinct subnets by role

 Keep operating systems up to date with patches
Explanation
Firewall is part of the perimeter security
For more information on the layered approach to network

security: https://docs.microsoft.com/en-us/learn/modules/intro-to-security-in-azure/5-
network-security
Question 24:
Skipped
What would be a good reason to have multiple Azure subscriptions?
 There is one person/credit card paying for resources, but many people who have
accounts in Azure, and you need to separate out resources between clients so that
there is absolutely no chance of resources being exposed between them.
(Correct)
 There is one person/credit card paying for resources, and only one person who
logs into Azure to manage the resources, but you want to be able to know which
resources are used for which client project.
Explanation
Having multiple subscriptions can technically be done for any reason, but it only makes sense
if you have to separate billing directly, or have actual clients logging into the Portal to
manage their resources.
For more info: https://docs.microsoft.com/en-us/microsoft-365/enterprise/subscriptions-

licenses-accounts-and-tenants-for-microsoft-cloud-offerings?view=o365-worldwide
Question 25:
Skipped
How do you get access to services in Private Preview mode?
 You must agree to a terms of use first.

 They are available in the marketplace. You simply use them.
 You cannot use private preview services.
 You must apply to use them.
(Correct)
Explanation
Private Preview means you must apply to use them.
Question 26:
Skipped
Besides Azure Service Health, where else can you find out any issues that affect the
Azure global network that affect you?
 Azure Updates Blog

 Install the Azure app on your phone
 Each Virtual Machine has a Resource Health blade
(Correct)
 Azure will email you
Explanation
Each Virtual Machine has a Resource Health blade
For more info: https://docs.microsoft.com/en-us/azure/service-health/resource-health-

overview
Question 27:
Skipped
What is the concept of paired regions?
 Each region of the world has one other region, usually in a completely separate
country and geography, where it makes the most sense to place your backups.
Like East US 2 is paired with South Korea.
 Azure employees in those regions sometimes go on picnics together.
 When you deploy your code to one region of the world, it is automatically
deployed to the paired region as an emergency backup.
 Each region in the world has at least one other region in which is shares an
extremely high speed connection, and where there is coordinated action by Azure
not to do anything that will bring them both down at the same time.
(Correct)
Explanation
Paired regions are usually in the same geo (not always) but are the most logical place to store
backups because they have a high speed connection and Azure staggers the service updates to
those regions.
For more info: https://docs.microsoft.com/en-us/azure/best-practices-availability-paired-

regions
Question 28:
Skipped
Where do you go within the Azure Portal to find all of the third-party virtual machine
and other offers?
 Azure mobile app

 Azure Marketplace
(Correct)
 Choose an image when creating a VM

 Bing
Explanation
Azure Marketplace contains thousands of services you can rent within the cloud
For more info: https://azuremarketplace.microsoft.com/en-us
Question 29:
Skipped
Which of the following is considered a downside to using Capital Expenditure (CapEx)?
 You can deduct expenses as they occur

 You must wait over a period of years to depreciate that investment on your taxes
(Correct)
 You are not guaranteed to make a profit

 It does not require a lot of up front money
Explanation
One of the downsides of CapEx is that the money invested cannot be deducted immediately
from your taxes
For more info: https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/

3c-capex-vs-opex
Question 30:
Skipped
Application Gateway contains what additional optional security feature over a regular
Load Balancer?
 Web Application Firewall (or WAF)
(Correct)
 Multi-Factor Authentication
 Azure AD Advanced Information Protection
 Advanced DDoS Protection
Explanation
Application Gateways also comes with an optional Web Application Firewall (or WAF) as a
security benefit
For more info: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-

overview
Question 31:
Skipped
What types of files can a Content Delivery Network speed up the delivery of?
 PDFs
(Correct)
 Images
(Correct)
 JavaScript files
(Correct)
 Videos
(Correct)
Explanation
All of them. Any static file that doesn't change.
For more info: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question 32:
Skipped
Which of the following is not a feature of Azure Functions?
 Can possibly cost you nothing as there is a generous free tier

 Can trigger the function based off of Azure events such as a new file being saved
to a storage account blob container
 Designed for backend batch applications that are continuously running
(Correct)
 Can edit the code right in the Azure Portal using a code editor
Explanation
Functions are designed for short pieces of code that start and end quickly.
For more info: https://docs.microsoft.com/en-us/azure/azure-functions/
Question 33:
Skipped
What two types of DDoS protection services does Azure provide? Select two.
 DDoS Network Protection
(Correct)
 DDoS IP Protection
(Correct)
 DDoS Premium Protection

 DDoS Advanced Protection
Explanation
Azure DDoS Protection offers two types of DDoS protection services:
 Network Protection protects against volumetric attacks that target the network
infrastructure. This type of protection is available for all Azure resources that are
deployed in a virtual network.
 IP Protection protects against volumetric and protocol-based attacks that target
specific public IP addresses. This type of protection is available for public IP
addresses that are not deployed in a virtual network.
For more info: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-

overview
Question 34:
Skipped
Why is a user id and password sometimes not enough to prove someone is who they say they
are?
 Passwords must be encrypted before being stored
 Passwords are usually easy to forget
 Some people might choose the same user id and password
 User id and password can be used by anyone such as a co-worker, ex-employee
or hacker half-way around the world
(Correct)
Explanation
The truth is that someone can find a way to get a user id and password, even guess it, and that
can be used by another person.
For more information on other ways to prove self-identification such as Multi-Factor

Authentication: https://docs.microsoft.com/en-us/azure/active-directory/authentication/
Question 35:
Skipped
Select the way(s) to increase the security of a traditional user id and password system?
 Use multi-factor authentication which requires an additional device (something

you have) to verify identity.
(Correct)
 Do not allow users to log into an application except using a company registered
device.
(Correct)
 Require longer and more complex passwords.
(Correct)
 Require users to change their passwords more frequently.
(Correct)
Explanation
All of these are ways to increase the security on an account.
For more info:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-
ban-bad
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/password-policy
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
Question 36:
Skipped
Which of the following is not an example of Infrastructure as a Service?
(Correct)
 Virtual Machine Scale Sets
 Virtual Network
 Virtual Machine
Explanation
With Azure SQL Database, the infrastructure is not in your control
For more info: https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-

is-overview
Question 37:
Skipped
What Azure product allows you to autoscale virtual machines from 1 to 1000 instances,
and also provides load balancing services built in?
 Azure Virtual Machines

(Correct)
 Application Gateway
 Azure App Services
Explanation
Virtual Machine Scale Sets - these are a set of identical virtual machines (from 1 to 1000
instances) that are designed to auto-scale up and down based on user demand; IaaS
For more info: https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/
Question 38:
Skipped
What makes estimating the cost of an unmanaged storage account difficult?
 You are charged for data coming into Azure, and it's difficult to predict that
 There is no way to predict the amount of data in the account
 The cost of storage changes frequently
 You are charged for data leaving Azure, and it's difficult to predict that
(Correct)
Explanation
There is a cost for egress (bandwidth out) and it's hard to estimate how many bytes will be
counted leaving an Azure network
For more info: https://azure.microsoft.com/en-us/pricing/details/storage/page-blobs/
Question 39:
Skipped
What is the concept of being able to get your applications and data running in another
environment quickly?
 Azure Devops
 Reproducible deployments
 Business Continuity / Disaster Recovery (BC/DR)
(Correct)
 Azure Blueprint
Explanation
Disaster Recovery - the ability to recover from a big failure within an acceptable period of
time, with an acceptable amount of data lost
For more info on Backup and Disaster

Recovery: https://azure.microsoft.com/en-us/solutions/backup-and-disaster-recovery/
For more info on Azure’s built-in disaster recovery as a service

(DRaaS): https://azure.microsoft.com/en-us/services/site-recovery/
Question 40:
Skipped
True or false: Azure Cloud Shell allows access to the Bash and Powershell consoles in the
Azure Portal
 TRUE
(Correct)
 FALSE
Explanation
Cloud Shell - allows access to the Bash and Powershell consoles in the Azure Portal
For more info: https://docs.microsoft.com/en-us/azure/cloud-shell/overview
Question 41:
Skipped
Approximately how many regions does Azure have around the world?
 60+
(Correct)
 40
 25
 10
Explanation
There are 60+ Azure regions currently, in 10+ geographies
For more info: https://docs.microsoft.com/en-us/azure/availability-zones/az-region
Question 42:
Skipped
What Azure resource allows you to evenly split traffic coming in and direct it to several
identical virtual machines to do the work and respond to the request?
 Azure App Services

 Load Balancer or Application Gateway
(Correct)
 Virtual Network
 Azure Logic Apps
Explanation
This is the core feature of either a Load Balancer or Application Gateway
For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Question 43:
Skipped
Which tool within Azure is comprised of : Azure Status, Service Health and Resource
Health?
 Azure Advisor
 Azure Dashboard
(Correct)
 Azure Monitor
Explanation
Azure Service Health - lets you know about any Azure-related service issues including
region-wide downtime
For more info: https://docs.microsoft.com/en-us/azure/service-health/
Question 44:
Skipped
Which Azure service is the recommended Identity-as-a-Service offering inside Azure?
 Azure Active Directory (AD)
(Correct)
 Identity and Access Management (IAM)

 Azure Front Door
 Azure Portal
Explanation
Azure AD is the identity service designed for web protocols, that you can use for your
applications.
For more info: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-

directory-whatis
Question 45:
Skipped
Which free Azure security service checks all traffic travelling over a subnet against a set
of rules before allowing it in, or out.
 Azure DDoS Protection

(Correct)
 Azure Firewall
 Advanced Threat Protection (ARP)
Explanation
Network Security Group (NSG) - a fairly basic set of rules that you can apply to both
inbound traffic and outbound traffic that lets you specify what sources, destinations and ports
are allowed to travel through from outside the virtual network to inside the virtual network
For more info: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 46:
Skipped
Each person has their own user id and password to log into Azure. But how many
subscriptions can a single account be associated with?
 10
 No limit
(Correct)
 One
 250 per region
Explanation
There is not a limit to the number of subscriptions a single user can be included on.

management/azure-subscription-service-limits
Question 47:
Skipped
What is the concept of Big Data?
 A form of artificial intelligence (AI) that allows systems to automatically learn

and improve from experience without being explicitly programmed.
 A set of Azure services that allow you to use execute code in the cloud but don’t
require (or even allow) you to manage the underlying server
 An extremely large set of data that you want to ingest and do analysis on;
traditional software like SQL Server cannot handle Big Data as efficiently as
specialized products
(Correct)
 A small sensor or other device that constantly sends it's status and other data to
the cloud
Explanation
Big Data - a set of open source (Apache Hadoop) products that can do analysis on millions
and billions of rows of data; current tools like SQL Server are not good for this scale
For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/architecture-styles/

big-data
Question 48:
Skipped
Select all features part of Azure AD?
 Log Alert Rule
 Smart lockout
(Correct)
 Custom banned password list
(Correct)
 Device Management
(Correct)
 Single sign-on
(Correct)
Explanation
The Log Alert Rule is not a feature of Azure AD.
Question 49:
Skipped
What is the minimum charge for having an Azure Account each month, even if you
don't use any resources?
 $0
(Correct)
 Negotiated with your enterprise manager

 $1
 $200
Explanation
An Azure account can cost nothing if you don't use any resources or only use free resources
For more info: https://azure.microsoft.com/en-us/pricing/
Question 50:
Skipped
Which of the following is a good example of a Hybrid cloud?
 Your users are inside your corporate network but your applications and data are
in the cloud.
 Technology that allows you to grow living tissue on top of an exoskeleton,
making Terminators impossible to spot among humans.
 A server runs in your own environment, but places files in the cloud so that it
can extend the amount of storage it has access to.
(Correct)
 Your code is a mobile app that runs on iOS and Android phones, but it uses a
database in the cloud.
Explanation
Hybrid Cloud - A mixture between your own private networks and servers, and using the
public cloud for some things. Typically used to take advantage of the unlimited, inexpensive
growth benefits of the public cloud.
For more info: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/

AZ-900 Practice Test C
Question 1:
Skipped
What is an Azure Subscription?
 It is the level at which services are billed. All resources created under a
subscription are billed to that subscription.
(Correct)
 Each user account is associated with a unique subscription. If you need more
than one subscription, you need to create multiple user accounts.
Explanation
Subscription is the level at which things get billed. Multiple users can be associated with a
subscription at various permission levels.
For more
info: https://docs.microsoft.com/en-us/services-hub/health/azure_sponsored_subscription
Question 2:
Skipped
Which of the following elements is considered part of the "network" layer of network
security?
 Keeping operating systems up to date with patches
 All of the above
 Separate servers into distinct subnets by role
(Correct)
 Locks on the data center doors
Explanation
Subnets is part of network security
For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-

practices
and
https://en.wikipedia.org/wiki/OSI_model
Question 3:
Skipped
How do you stop your Azure account from incurring costs above a certain level without
your knowledge?
 Implement the Azure spending limit in the Account Center

(Correct)
 Set up a billing alert to send you an email when it reaches a certain level
 Switch to Azure Reserved Instances with Hybrid Benefit for VMs
 Only use Azure Functions which have a significant free limit
Explanation
If you don't want to spend over a certain amount, implement a spending limit in the account
center
For more info: https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/

spending-limit
Question 4:
Skipped
Where can you go to see what standards Microsoft is in compliance with?
 Trust Center
(Correct)

 Azure Privacy Page
Explanation
The list of standards that Azure has been certified to meet is in the Trust Center
For more info: https://www.microsoft.com/en-us/trust-center
Question 5:
Skipped
What software is used to synchronize your on premises AD with your Azure AD?
 LDAP
 Azure AD Domain Services
 Azure AD Federation Services
 AD Connect
(Correct)
Explanation
AD Connect is used to synchronize your corporate AD with Azure AD.
For more info: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-

ad-connect
Question 6:
Skipped
Which of the following services would NOT be considered Infrastructure as a Service?
 Virtual Network
 Azure Functions App
(Correct)
 Virtual Network Interface Card (NIC)

 Virtual Machine
Explanation
Functions are small pieces of code that you give to Azure to run for you, and you have no
access to the underlying infrastructure.
For more info: https://docs.microsoft.com/en-us/azure/azure-functions/
Question 7:
Skipped
What type of documents does the Microsoft Service Trust Portal provide?
 A tool that helps you manage your compliance to various standards

 A list of standards that Microsoft follows, pen test results, security assessments,
white papers, faqs, and other documents that can be used to show Microsoft's
compliance efforts
(Correct)
 Documentation on the individual Azure services and solutions

 Specific recommendations about your usage of Azure and ways you can improve
Explanation
A list of standards that Microsoft follows, pen test results, security assessments, white papers,
faqs, and other documents that can be used to show Microsoft's compliance efforts
For more info: https://servicetrust.microsoft.com/
Question 8:
Skipped
How many minutes per month downtime is 99.99% availability?
 100
 1
 40
 4
(Correct)
Explanation
99.99% is 4 minutes per month of downtime
For more info: https://azure.microsoft.com/en-us/support/legal/sla/summary/
Question 9:
Skipped
True or false: If your feature is in the General Availability phase, then your feature will
receive support from all Microsoft support channels.
 FALSE
 TRUE
(Correct)
Explanation
This is true. Do not use preview features in production apps.
Question 10:
Skipped
Which database product offers "sub 5 millisecond" response times as a feature?

 Cosmos DB
(Correct)
 SQL Data Warehouse

Explanation
Cosmos DB is low latency, and even offers sub 5-ms response times at some levels.
For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
Question 11:
Skipped
Which of the following are one of the advantages of running your cloud in a private
cloud?
 Assurance that your code, data and applications are running on isolated
hardware, and on an isolated network.
(Correct)
 You own the hardware, so you can change private cloud hosting providers easily.
 Private cloud is significantly cheaper than the public cloud.
Explanation
Private cloud generally means that you are running your code on isolated computing, not
mixed in with other companies.
For more info: https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-

clouds/
Question 12:
Skipped
For tax optimization, which type of expense is preferable?
 CapEx
 OpEx
(Correct)
Explanation
Operating Expenditure is thought to be preferable because you can fully deduct expenses
when they are incurred.
For more info: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/

business-outcomes/fiscal-outcomes
Question 13:
Skipped
If you wanted to get an alert every time a new virtual machine is created, where could
you create that?
 Azure Dashboard
 Azure Monitor
(Correct)
 Subscription settings
 Azure Policy
Explanation
The best place to track events at the resource level is Azure Monitor.
For more info: https://docs.microsoft.com/en-us/azure/azure-monitor/
Question 14:
Skipped
Which feature within Azure alerts you to service issues that happen in Azure itself, not
specifically related to your own resources?
(Correct)
 Azure Monitor
Explanation
Azure Service Health - lets you know about any Azure-related service issues including
region-wide downtime
For more info: https://docs.microsoft.com/en-us/azure/service-health/
Question 15:
Skipped
What is the significance of the Azure region? Why is it important?
 Region is just a folder structure in which you organize resources, much like file
folders on a computer.
 Even though you have to choose a region when creating resources, there's
generally no consequence of what you select. You can create a network in one
region and then create virtual machines for that network in another region.
 Once you select a region, you cannot create resources outside of that region. So
selecting the right region is an important decision.
 You must select a region when creating most resources, and the region is the
area of the world where those resources will be physically located.
(Correct)
Explanation
The region is the area of the world where resources get created. You can create resources in
any region that you have access to. But there are sometimes restrictions when creating a
resource in one region that related resources like networks must also be in the same region for
logical reasons.
For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/

#overview
Question 16:
Skipped
Which style of computing is easiest when migrating an existing hosted application from
your own data center into the cloud?
 FaaS
 Serverless
 IaaS
(Correct)
 PaaS
Explanation
Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and
shift
For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 17:
Skipped
Why should you divide your application into multiple subnets as opposed to having all
your web, application and database servers running on the same subnet?
 There are only a limited number of IP addresses available per subnet, so you
need multiple subnets over a certain number.
 Separating your application into multiple subnets allows you to have different
NSG security rules for each subnet, which can make it harder for a hacker to get
from one compromised server onto another.
(Correct)
 Each server type of your application requires its own subnet. It's not possible to
mix web servers, database servers and application servers on the same subnet.
Explanation
For security purposes, you should not allow "port 80" web traffic to reach certain servers, and
you do that by having separate NSG rules on each subnet.
For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-

practices
Question 18:
Skipped
With Azure public cloud, anyone with a valid credit card can sign up and get services
immediately
 TRUE
(Correct)
 FALSE
Explanation
Yes, Azure public cloud is open to the public in all countries that Azure supports.
For more info: https://docs.microsoft.com/en-us/learn/modules/create-an-azure-account/
Question 19:
Skipped
What is the service level agreement for two or more Azure Virtual Machines that have
been placed into the same Availability Set in the same region?
 100%
 99.90%
 99.95%
(Correct)
 99.99%
Explanation
99.95%
Question 20:
Skipped
What is the name of the open source project run by the Apache foundation that maps to
the HDInsight tools within Azure?
 Apache Jazz
 Apache Hadoop
(Correct)
 Apache Jaguar
 Apache Cayenne
Explanation
Hadoop is open source home of the HDInsight tools
For more info: https://docs.microsoft.com/en-us/azure/hdinsight/hadoop/apache-hadoop-

introduction
Question 21:
Skipped
What does it mean if a service is in Private Preview mode?
 The service is generally available for use, and Microsoft will provide support for
it
(Correct)
Explanation
Private Preview means you have to apply to use a service, and you may or may not be
selected
For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms

Question 22:
Skipped
What two advantages does cloud computing elasticity give to you? Pick two.
 Servers have become a commodity and Microsoft doesn't even need to even fix
servers that fail within Azure.
 You can serve users better during peak traffic periods by automatically adding
more capacity.
(Correct)
 You can save money.
(Correct)
 You can do more regular backups and you won't lose as much when that backup
gets restored
Explanation
Elasticity saves you money during slow periods (over night, over the weekend, over the
summer, etc) and also allows you to handle the highest peak of traffic.
For more info: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/
Question 23:
Skipped
True or false: Azure PowerShell scripts and Command Line Interface (CLI) scripts are
entirely compatible with each other?
 TRUE
 FALSE
(Correct)
Explanation
No, PowerShell is it's own language, different than CLI
For more info: https://docs.microsoft.com/en-us/powershell/azure/?view=azps-4.5.0
Question 24:
Skipped
TRUE OR FALSE: Azure Tenant is a dedicated and trusted instance of Azure Active
Directory that's automatically created when your organization signs up for a Microsoft cloud
service subscription.
 TRUE
(Correct)
 FALSE
Explanation
Yes, Azure Tenant is a dedicated and trusted instance of Azure AD that's automatically
created when your organization signs up for a Microsoft cloud service subscription.
Question 25:
Skipped
What operating systems does an Azure Virtual Machine support?
 Windows
 Linux
 Windows and Linux
(Correct)
 macOS
 Windows, Linux and macOS
Explanation
Azure Virtual Machines support Windows and Linux
For more info: https://docs.microsoft.com/en-us/azure/virtual-machines/
Question 26:
Skipped
Deploying Azure App Services applications consists of what two components? Pick two.
 Packaged code
(Correct)
 Database scripts
 Managing operating system updates
 Configuration
(Correct)
Explanation
Azure App Services, platform as a service, consists of code and configuration.
For more info: https://docs.microsoft.com/en-us/azure/app-service/
Question 27:
Skipped
If you have an Azure free account, with a $200 credit for the first month, what happens
when you reach the $200 limit?
 You cannot create any more resources until you add more credits to the account.
 All services are stopped and you must decide whether you want to convert to a
paid account or not.
(Correct)
 Your credit card is automatically billed.

 Your account is automatically closed.
Explanation
Using up the free credits causes all your resources to be stopped until you decide to get a paid
account.
For more info: https://azure.microsoft.com/en-us/free/free-account-faq/
Question 28:
Skipped
What advantage does an Application Gateway have over a Load Balancer?
 Application Gateway can be scaled so that two, three or more instances of the
gateway can support your application.
 Application gateway understands the HTTP protocol and can interpret the URL
and make decisions based on the URL.
(Correct)
 Application Gateway is more like an enterprise-grade product. You should not

use a load balancer in production.
Explanation
Application gateway can make load balancing decisions based on the URL path, while a load
balancer can't.
For more info: https://docs.microsoft.com/en-us/azure/application-gateway/overview
Question 29:
Skipped
How does Multi-Factor Authentication make a system more secure?
 It requires the user to have access to their verified phone in order to log in
(Correct)
 It doesn't make it more secure

 It is another password that a user has to memorize, making it more secure
 It allows the user to log in without a password because they have already
previously been validated using a browser cookie
Explanation
Multi-Factor Authentication (MFA) - the concept of having something additional to a
“password” that is required to log in; passwords are find-able or guessable; but having your
mobile phone on you to receive a phone call, text or run an app to get a code is harder for an
unknown hacker to get
For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/

Question 30:
Skipped
What is the recommended way within Azure to store secrets such as private
cryptographic keys?
 Azure Key Vault
(Correct)
 Within the application code

 In an Azure Storage account private blob container
 Azure Advanced Threat Protection (ATP)
Explanation
Azure Key Vault - the modern way to store cryptographic keys, signed certificates and
secrets in Azure
For more info: https://docs.microsoft.com/en-us/azure/key-vault/
Question 31:
Skipped
Which of the following would be an example of an Internet of Things (IoT) device?
 A video game, installed on Windows clients around the world, that keep user
scores in the cloud.
 A refrigerator that monitors how much milk you have left and sends you a text
message when you are running low
(Correct)
 A web application that people use to perform their banking tasks

 A mobile application that is used to watch online video courses
Explanation
An IoT device is not a standard computing device but connects to a network to report data on
a regular basis. A web server, a personal computer, or a mobile app is not an IoT device.
For more info: https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-introduction
Question 32:
Skipped
TRUE OR FALSE: If you wanted to deploy a virtual machine to China, you would just
choose the China region from the drop down.
 FALSE
(Correct)
 TRUE
Explanation
Some regions of the world require special contracts with the local provider such as Germany
and China.
For more info: https://docs.microsoft.com/en-us/azure/china/overview-checklist
Question 33:
Skipped
What data format are ARM templates created in?
 XML
 JSON
(Correct)
 HTML
 YAML
Explanation
ARM templates are created in JSON

management/overview
Question 34:
Skipped
TRUE OR FALSE: Through Azure Active Directory one can control access to an application
but not the resources of the application.
 FALSE
(Correct)
 TRUE
Explanation
Azure AD can control the access of both the apps and the app resources.
Question 35:
Skipped
How many hours are available free when using the Azure B1S General Purpose Virtual
Machines under a Azure free account in the first 12 months?
 750 hrs
(Correct)
 Indefinite amount of hrs

 500 hrs
 300 hrs
Explanation
Each Azure free account includes 750 hours free for Azure B1S General Purpose Virtual
Machines for the first 12 months.
For more info: https://azure.microsoft.com/en-us/free/free-account-faq/
Question 36:
Skipped
What are resource groups?
 Within Azure security model, users are organized into groups, and those groups
are granted permissions to resources
 Based on the tag assigned to a resource by the deployment script, it is assigned to
a group
 Automatically assigned groups of resources that all have the same type (virtual
machine, app service, etc)
 A folder structure in Azure in which you organize resources like databases,
virtual machines, virtual networks, or almost any resource
(Correct)
Explanation
Resource Groups - a folder structure in Azure in which you organize resources like databases,
virtual machines, virtual networks, or almost any resource

management/manage-resource-groups-portal
Question 37:
Skipped
What are groups of subscriptions called?
 Subscription Groups
 ARM Groups
 Azure Policy
 Management Groups
(Correct)
Explanation
Subscriptions can be nested and placed into management groups to make managing them
easier.
For more info: https://docs.microsoft.com/en-us/azure/governance/management-groups/

overview
Question 38:
Skipped
Which two features does Virtual Machine Scale Sets provide as part of the core
product? Pick two.
 Load balancing between virtual machines
(Correct)
 Firewall
 Content Delivery Network
 Autoscaling of virtual machines
(Correct)
 Automatic installation of supporting apps and deployment of custom code
Explanation
VMSS provides autoscale features and has a built in load balancer. You still need to have a
way to deploy your code to the new servers, as you do with regular VMs.
For more info: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/
Question 39:
Skipped
What does it mean that security is a "shared model" in Azure?
 Azure takes no responsibility for security.

 Azure takes care of security completely.
 You must keep your security keys private and ensure it doesn't get out.
 Both users and Azure have responsibilities for security.
(Correct)
Explanation
The shared security model means that, depending on the application model, you and Azure
both have roles in ensuring a secure environment.
For more info: https://docs.microsoft.com/en-us/azure/security/fundamentals/shared-

responsibility
Question 40:
Skipped
What is the name of the collective set of APIs that provide machine learning and
artificial intelligence services to your own applications like voice recognition, image
tagging, and chat bot?
 Natural Language Service, LUIS

 Azure Batch
 Cognitive Services
(Correct)
 Azure Machine Learning Studio
Explanation
Azure Cognitive Services is the set of Machine Learning and AI API's
For more info: https://docs.microsoft.com/en-us/azure/cognitive-services/
Question 41:
Skipped
What happens if Azure does not meet its own Service Level Agreement guarantee
(SLA)?
 It's not possible. Azure will always meet it's SLA?

 You will be financially refunded a small amount of your monthly fee
(Correct)
 The service will be free that month
Explanation
Microsoft offers a refund of 10% or 25% depending on how badly they miss their service
guarantee
For more info: https://azure.microsoft.com/en-us/support/legal/sla/
Question 42:
Skipped
Which of the following resources are not considered Compute resources?
 Function Apps
 Azure Batch
 Load Balancer
(Correct)

 Virtual Machines
Explanation
A load balancer is a networking product, and does not execute your code.
For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
For more information on compute resources: https://azure.microsoft.com/en-us/product-

categories/compute/
Question 43:
Skipped
What is a policy initiative in Azure?
 A custom designed policy

 Requiring all resources in Azure to use tags
 The ability to group policies together
(Correct)
 Assigning permissions to a role in Azure
Explanation
The ability to group policies together
For more
info: https://docs.microsoft.com/en-us/azure/governance/policy/overview#initiative-
definition
Question 44:
Skipped
What is the goal of a DDoS attack?
 To overwhelm and exhaust application resources
(Correct)
 To crack the password from administrator accounts

 To trick users into giving up personal information
 To extract data from a database
Explanation
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the
application’s availability and its ability to handle legitimate requests.
For more info: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-

overview
Question 45:
Skipped
Which tool within the Azure Portal will make specific recommendations based on your
actual usage for how you can improve your use of Azure?
 Azure Dashboard
 Azure Advisor
(Correct)

 Azure Monitor
Explanation
Azure Advisor - a tool that will analyze your use of Azure and make you specific
recommendations based on your usage across availability, security, performance and cost
categories
For more info: https://docs.microsoft.com/en-us/azure/advisor/
Question 46:
Skipped
Which Azure service can be enabled to enable Multi-Factor Authentication for
administrators but not require it for regular users?
 Azure Firewall
 Advanced Threat Protection
 Privileged Identity Management
(Correct)
 Azure AD B2B
Explanation
Privileged Identity Management can be used to ensure privileged users have to jump through
additional verification because of their role.
For more info: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-

management/pim-configure
Question 47:
Skipped
What is the core problem that you need to solve in order to have a high-availability
application?
 You need to ensure the capacity of your server exceeds your highest number of
expected concurrent users
 You need to avoid single points of failure
(Correct)
 You should have a backup copy of your application on standby, ready to be

started up when the main application fails.
 You need to ensure your server has a lot of RAM and a lot of CPUs
Explanation
You'll want to avoid single points of failure, so that any component that fails does not cause
the entire application to fail.
For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/
redundancy
Question 48:
Skipped
Which Azure service, when enabled, will automatically block traffic to or from known
malicious IP addresses and domains?
 Azure Firewall
(Correct)

 Load Balancer
 Network Security Groups
Explanation
Azure Firewall has a threat-intelligence option that will automatically block traffic to/from
bad actors on the Internet.
For more info: https://docs.microsoft.com/en-us/azure/firewall/
Question 49:
Skipped
Which Azure management tool analyzes your usage of Azure and makes suggestions
specifically targeted to help you optimize your usage of Azure regarding cost, security and
performance?
 Azure Advisor
(Correct)
 Azure Firewall
 Azure Mobile App
Explanation
Azure Advisor analyzes your specific usage of Azure and makes helpful suggestions on how
it can be improved.
Question 50:
Skipped
What does the letter R in RBAC stand for?
 Rule
 Role
(Correct)
 Rights
 Review
Explanation
RBAC is role based access control
For more info: https://docs.microsoft.com/en-us/azure/role-based-access-control/

LogicApps Practice Test

Uploaded by

Copyright:

Available Formats

You might also like

LogicApps Practice Test

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LogicApps Practice Test

Uploaded by

Copyright:

Available Formats

AZ-900 Practice Test A

 Azure Security Center

 They include all resources listed in the Azure Marketplace.

 A simpler and easier-to-understand pricing model.

 Google Cloud Platform

This functionality is part of Azure's Infrastructure as a Service (IaaS) offerings, providing

 Azure Portal Dashboard

 Azure is responsible for securing the access keys

Service Level Agreement (SLA) is a commitment by a service provider on the level of

 Azure Key Vault

 Platform as a Service (PaaS)

 Azure Hadoop Services

 Azure Kubernetes Services

 Platform as a Service (PaaS)

 Azure DDos Standard protection

 Significant delays in accessing your data, up to several hours

 Azure Monitor account

 Using Azure Policy to restrict the user of expensive VM SKUs

 Recognize text in an image

 REST API / SDK

1. Azure Portal: This is a web-based, unified console that provides an alternative to

And see: https://azure.microsoft.com/en-us/global-infrastructure/government/

And see: https://azure.microsoft.com/en-us/overview/azure-stack/

RBAC (Role-Based Access Control) is a system that provides fine-grained access

 Subscription Owners (Administrators) can create resources regardless of what

 Service Trust Portal

 Azure Government Services

 App Services Model

 I am responsible for securing the physical data centers

 Network (L3) level attacks

 Preview Phase, General Availability Phase, and Unpublished

 It refers to the ability to rapidly provision new resources.

 Remote Desktop Protocol (RDP)

 Azure Information Protection (AIP)

 Azure Security Center

 The system's ability to withstand denial-of-service attacks.

 A dedicated virtual machine

 The system must operate on a minimum of two virtual machines.

AZ-900 Practice Test B

For more info: https://docs.microsoft.com/en-us/azure/active-directory/authentication/

For more info: https://azure.microsoft.com/en-us/overview/what-is-iaas/

 You have to apply to get selected in order to use that service

For more info: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/

 Azure Department of Defence

 Azure is not available for government officials

For more info: https://docs.microsoft.com/en-us/azure/azure-government/documentation-

 SQL Data Warehouse

For more info: https://docs.microsoft.com/en-us/azure/cosmos-db/

For more info: https://docs.microsoft.com/en-us/azure/governance/policy/overview

 Information Systems Officer

For more info: https://www.iso.org/about-us.html

 Quicker to deploy VMs

For more info on Azure CLI: https://docs.microsoft.com/en-us/cli/azure/what-is-azure-cli?

For more info on Azure Powershell: https://docs.microsoft.com/en-us/powershell/azure/?

For more info: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/

 Azure App Services is not PaaS, it's Software as a Service.

For more info: https://docs.microsoft.com/en-us/azure/app-service/overview

For more info: https://azure.microsoft.com/en-us/global-infrastructure/geographies/

For more info: https://azure.microsoft.com/en-us/pricing/details/bandwidth/