Professional Documents
Culture Documents
LogicApps Practice Test
LogicApps Practice Test
LogicApps Practice Test
Question 1:
Skipped
What feature within Azure will make recommendations to you about reducing cost on
your account?
(Correct)
Azure Dashboard
Azure Service Health
Explanation
Azure Advisor analyzes your account usage and makes recommendations for you based on its
set rules
See: https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
Question 2:
Skipped
In the context of cloud computing and Azure services, how would you define 'compute
resources'?
They encompass Virtual Machines, Storage Accounts, and Virtual Networks.
They refer exclusively to Virtual Machines.
They are resources that execute tasks requiring CPU cycles.
(Correct)
In cloud computing, the term "compute" refers to the amount of computational power
required to process a task - essentially, it's anything that uses processing power (CPU cycles)
to perform operations. This includes, but is not limited to, running applications, executing
scripts, and processing data.
While virtual machines (VMs) are a common type of compute resource, they are not the only
type. Azure offers a wide variety of compute resources, like Azure Functions for serverless
computing, Azure Kubernetes Service for container-based applications, and Azure Batch for
parallel and high-performance computing tasks.
So, the definition of compute resources is broader than just VMs or certain resources listed in
the Azure Marketplace. It also includes more than VMs, Storage Accounts, and Virtual
Networks, as these other resources (storage and networking) have distinct roles separate from
the compute resources. Storage accounts deal with data storage while virtual networks are
concerned with networking aspects in Azure, not with performing tasks that require CPU
cycles. Therefore, "They are resources that execute tasks requiring CPU cycles" is the most
accurate answer.
See: https://azure.microsoft.com/en-us/product-categories/compute/
Question 3:
Skipped
What is a primary benefit of opting for a consumption-based pricing model over a time-based
pricing model in cloud services?
Significant cost savings when the resources aren't needed for constant use.
(Correct)
When compared to a time-based pricing model, where resources are billed on a fixed
schedule regardless of actual use (for example, hourly or monthly), consumption-based
pricing can result in significant cost savings if the resources are not used often or their usage
fluctuates.
While the other options can be true in certain cases, they aren't inherently beneficial aspects
of the consumption-based model. The cost predictability can be challenging due to the
variable nature of usage (Answer 1), it's not always cheaper (Answer 2) as it depends on the
resource usage pattern, and the simplicity of the pricing model (Answer 4) depends on the
specific terms and conditions of the service provider. Therefore, the most accurate and
generalizable benefit is the potential for cost savings with infrequent or variable resource use.
See: https://docs.microsoft.com/en-us/azure/azure-functions/functions-consumption-costs
Question 4:
Skipped
If you wanted to simply use Azure as an extension of your own datacenter, not
primarily hosting anything there but using it for extra storage or taking advantage of
some services, what hosting model is that called?
Hybrid cloud
(Correct)
Public cloud
Private cloud
Explanation
The correct answer is "Hybrid cloud." The scenario described in the question is a typical use
case for a hybrid cloud model, which integrates private cloud or on-premises infrastructure
with public cloud resources, such as those provided by Azure.
In a hybrid cloud model, businesses can keep sensitive data or critical applications on their
private cloud or on-premises datacenter for security and compliance reasons while using the
public cloud's vast resources for additional storage, computational power, or specific services
when necessary. This not only allows for greater flexibility and scalability, but also offers
potential cost savings.
In contrast, a purely public cloud model involves hosting all data and applications on a public
cloud provider's infrastructure, and a purely private cloud model involves hosting everything
on a business's own infrastructure or a rented, single-tenant infrastructure. The described
scenario of extending an on-premises datacenter with Azure services fits best with the hybrid
cloud model.
See: https://azure.microsoft.com/en-us/overview/what-is-hybrid-cloud-computing/
Question 5:
Skipped
Which major cloud provider offers the most international locations for customers to
provision virtual machines and other servers?
(Correct)
Amazon AWS
Explanation
Microsoft Azure offers the most extensive global coverage among major cloud providers
regarding geographical regions. This allows customers to provision virtual machines,
databases, and other services in various international locations closer to their user base, which
can enhance performance, reduce latency, and comply with local regulations regarding data
residency.
While AWS (Amazon Web Services) and GCP (Google Cloud Platform) also provide many
regions globally, Microsoft Azure has distinguished itself with the broadest regional
availability.
See: https://azure.microsoft.com/en-us/global-infrastructure/regions/
Question 6:
Skipped
In Microsoft Azure, what is the maximum number of virtual machines that can be included in
a single Virtual Machine Scale Set, as per Azure's standard guidelines and capabilities?
10000
1000
(Correct)
Unlimited
500
Explanation
The correct answer is 1000.
Azure Virtual Machine Scale Sets are a service provided by Azure that allows you to manage,
scale, and distribute large numbers of identical virtual machines. As per the limitations set by
Microsoft Azure, a single Virtual Machine Scale Set can support up to 1000 VM instances.
This capacity allows for high availability and network load balancing across a large number
of virtual machines, providing a robust and efficient solution for applications that require
heavy compute resources. However, if you are using custom VM images, this limit decreases
to 600 instances.
See: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
Question 7:
Skipped
Which feature within Azure collects all of the logs from various resources into a central
dashboard, where you can run queries, view graphs, and create alerts on certain events?
(Correct)
Explanation
Azure Monitor - a centralized dashboard that collects all the logs, metrics and events from
your resources
See: https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question 8:
Skipped
In the context of Azure's high availability solutions, what is the primary purpose of Azure
Availability Zones?
They are synonymous with an Azure region.
They allow manual selection of data centers for virtual machine placement to
achieve superior availability compared to other options.
(Correct)
They represent certain server racks within individual data centers, specifically
designed by Azure for higher uptime.
They serve as a folder structure in Azure used for organizing resources such as
databases, virtual machines, and virtual networks.
Explanation
The correct answer is: "They allow manual selection of data centers for virtual machine
placement to achieve superior availability compared to other options."
Azure Availability Zones are a high availability offering that protects applications and data
from datacenter failures. Each Azure region is composed of multiple datacenters, and each
datacenter is essentially an Availability Zone. They are unique physical locations within a
region, equipped with their own independent power, cooling, and networking.
By placing your resources across different Availability Zones within a region, you can protect
your apps and data from the failure of a single datacenter. If one datacenter goes down, the
resources in the other datacenters (Availability Zones) can continue to operate, providing
redundancy and increasing the overall availability of your applications.
It's important to note that these zones are not the same as Azure regions (which are
geographical areas containing one or more datacenters), nor are they equivalent to resource
groups (which are logical containers for resources deployed on Azure). They are also not
isolated to specific racks within a datacenter, but rather spread across different datacenters in
a region, offering a broader scope of protection.
See: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Question 9:
Skipped
What is Single Sign-On?
The ability to use an existing user id and password to sign in other applications,
and not have to create/memorize a new one.
(Correct)
When you sign in to an application, it remembers who you are the next time you
go there.
When an application outsources (federates) it's identity service to a third-party
platform
Explanation
Single Sign-On - the ability to use the same user id and password to log into every
application that your company has; enabled by Azure AD
See: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-
sign-on
Question 10:
Skipped
Who is responsible for the security of your Azure Storage account access keys?
(Correct)
Explanation
Customers are responsible to secure the access keys they are given and regenerate them if
they are exposed.
See: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage
Question 11:
Skipped
In the context of Azure's Service Level Agreement (SLA) for virtual machines, which of the
following deployment strategies would offer the highest level of availability?
Deploying a single virtual machine.
Deploying two or more virtual machines within an availability set.
Deploying two or more virtual machines within the same data center.
Deploying two or more virtual machines across different availability zones
within the same region.
(Correct)
Explanation
The correct answer is "Deploying two or more virtual machines across different availability
zones within the same region".
A single VM, even with premium storage, provides a lesser SLA compared to VMs deployed
in an Availability Set or across Availability Zones. While using an Availability Set (two or
more VMs in the same datacenter but across fault and update domains) provides a higher
SLA than a single VM, the highest SLA is provided when two or more VMs are deployed
across Availability Zones in the same region.
Availability Zones are unique physical locations within a region. Each zone is made up of
one or more datacenters equipped with independent power, cooling, and networking. They
are set up to be an isolation boundary - if one zone goes down, the other continues working.
This distribution of VMs across zones provides high availability and resiliency, hence
offering the highest SLA.
See: https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
Question 12:
Skipped
Which Azure service is meant to be a security dashboard that contains all the security and
threat protection in one place?
(Correct)
Explanation
Azure Security Center - unified security management and threat protection; a security
dashboard inside Azure Portal
See: https://azure.microsoft.com/en-us/services/security-center/
Question 13:
Skipped
Which Azure website tool is available for you to estimate the future costs of your Azure
products and services by adding products to a shopping basket and helping you
calculate the costs?
Microsoft Docs
Azure Advisor
Azure Pricing Calculator
(Correct)
Explanation
Azure Pricing Calculator lets you attempt to calculate your future bill based on resources you
select and your estimates of usage
See: https://azure.microsoft.com/en-us/pricing/calculator/
Question 14:
Skipped
What is the default amount of credits that you are given when you first create an Azure
Free account?
Azure does not give you any free credits when you create a free account
You are given $50 per month, for one year towards Azure services
The default is US$200
(Correct)
You can create 1 Linux VM, 1 Windows VM, and a number of other free
services for the first year.
Explanation
There are some other benefits to a free account, but you get US$200 to spend in the first
month.
See: https://azure.microsoft.com/free
Question 15:
Skipped
Which Azure Service contains pre-built machine learning models that you can use in your
own code, using an API?
App Services
Azure Blueprints
Azure Functions
Cognitive Services
(Correct)
Explanation
Cognitive Services is an API that Azure provides, that gives access to a set of pre-built
machine learning models including vision services, speech services, knowledge management
and chat bots.
Question 16:
Skipped
In the context of cloud computing, a virtual machine (VM) is primarily associated with which
type of cloud hosting model?
Software as a Service (SaaS)
Infrastructure as a Service (IaaS)
(Correct)
This is contrasted with the other options. In a Platform as a Service (PaaS) model, the
consumer only controls the applications and possibly some configuration settings for the
application-hosting environment, but does not manage the operating system, server hardware,
or network infrastructure. Similarly, in a Software as a Service (SaaS) model, the consumer
only uses the software and does not control any aspect of the infrastructure or platform where
the application runs.
Therefore, given that a virtual machine involves control over the operating system and
applications within a cloud-managed infrastructure, it aligns with the IaaS hosting model.
See: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 17:
Skipped
What is the name of the group of services inside Azure that hosts the Apache Hadoop big
data analysis tools?
(Correct)
Explanation
The correct answer is HDInsight. HDInsight is Microsoft Azure's offering for hosting the
Apache Hadoop big data analysis tools. Apache Hadoop is an open-source software platform
that supports data-intensive distributed applications. This platform enables processing large
amounts of data across clusters of computers.
Azure HDInsight is a cloud distribution of the Hadoop components from the Hortonworks
Data Platform. It allows Azure users to process vast amounts of data with popular open-
source frameworks such as Hadoop, Hive, HBase, Storm, and others. Additionally, the
HDInsight service also supports R, Python, Scala, and .NET. So, it's not just limited to
traditional Hadoop tools.
Options like 'Azure Hadoop Services' and 'Azure Data Factory' are incorrect as Azure doesn't
have a service named 'Azure Hadoop Services' and 'Azure Data Factory' is a cloud-based data
integration service. 'Azure Kubernetes Services' is a service for managing containerized
applications, not specifically for Hadoop.
See: https://azure.microsoft.com/en-us/services/hdinsight/
Question 18:
Skipped
Within the landscape of cloud service models, how would Microsoft's Outlook 365 be best
categorized?
Software as a Service (SaaS)
(Correct)
In a SaaS model, the service provider is responsible for the infrastructure, platform, and
software, and ensures their maintenance and updates. Users simply access the services via a
web browser or app, without needing to worry about the underlying infrastructure, platform,
or software updates.
This contrasts with Infrastructure as a Service (IaaS), where the user is responsible for
managing the operating systems, middleware, and applications, and Platform as a Service
(PaaS), where the user manages only the applications and data. In both these models, the
users have more responsibilities compared to SaaS.
Since Outlook 365 is a software application delivered over the web with all underlying
infrastructure and platform taken care of by Microsoft, it falls into the SaaS hosting model.
See: https://azure.microsoft.com/en-us/overview/what-is-saas/
Question 19:
Skipped
What is a DDoS attack?
An attempt to send SQL commands to the server in a way that it will execute
them against the database
An attempt to guess a user's password through brute force methods
A denial of service attack that sends so much traffic to a network that it cannot
respond fast enough; legitimate users become unable to use the service
(Correct)
An attempt to read the contents of a web page from another website, thereby
stealing the user's private information
Explanation
Distributed Denial of Service attacks (DDoS) -a type of attack that originates from the
Internet that attempts to overwhelm a network with millions of packets of bad traffic that
aims to prevent legitimate traffic from getting through
See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Question 20:
Skipped
True or false: there are no service level guarantees (SLA) when a service is in General
Availability (GA)
FALSE
(Correct)
TRUE
Explanation
False, most Azure GA services do have service level agreements
See: https://azure.microsoft.com/en-ca/support/legal/sla/
Question 21:
Skipped
Which Azure feature is specifically designed to help companies get their in-house developed
code from the code repository, through automated unit testing, and onto Azure using a service
called Pipelines?
Virtual Machines
GitHub
Azure DevOps
(Correct)
Azure Monitor
Explanation
Azure DevOps contains many services, one of which is Pipelines. Pipelines allows you to
build an automation that moves code (and all related dependencies) through various stages
from the development environment into deployment.
Question 22:
Skipped
What is the basic way of protecting an Azure Virtual Network subnet?
Azure Firewall
Application Gateway with WAF
Explanation
Network Security Group (NSG) - a fairly basic set of rules that you can apply to both
inbound traffic and outbound traffic that lets you specify what sources, destinations, and ports
are allowed to travel through from outside the virtual network to inside the virtual network
See: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question 23:
Skipped
True or false: You cannot have more than one Azure subscription per company
FALSE
(Correct)
TRUE
Explanation
You can have multiple subscriptions, as a way to separate out resources between billing units,
business groups, or for any reason you wish.
See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/
subscriptions/
Question 24:
Skipped
Which of the following is a feature of the cool access tier for Azure Storage?
(Correct)
Explanation
Cool access tier offers cost savings when you expect to store your files and not need to access
them often
See: https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?
tabs=azure-portal
Question 25:
Skipped
What type of container is used to collect log and metric data from various Azure Resources?
Managed Storage
Append Blob Storage
Log Analytics Workspace
(Correct)
Explanation
Log Analytics Workspace is required to collect logs and metrics
See: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-access
Question 26:
Skipped
Which of the following best describes the primary benefit of a Content Delivery Network
(CDN) in a cloud computing context?
For a nominal fee, Azure will manage your virtual machine, perform OS
updates, and ensure optimal performance.
It provides fast and inexpensive data retrieval for later use.
It enables temporary session information storage for web visitors, such as their
login ID or name.
It mitigates server load for static, unchanging files like images, videos, and PDFs
by distributing them across a network of servers.
(Correct)
Explanation
The correct answer, "It mitigates server load for static, unchanging files", is indeed the core
benefit of a Content Delivery Network (CDN). A CDN stores copies of a website's static files
on servers distributed globally. These static files could be anything that doesn't change
frequently, like images, CSS, JavaScript, videos, etc. When a user visits the site, they are
served these static files from the CDN server nearest to them geographically. This reduces the
latency, as the data has a shorter distance to travel. Additionally, it reduces the load on the
original server because the CDN handles a significant portion of the traffic. As a result, not
only is the user experience improved due to faster load times, but the operational efficiency
and performance of the original server are also enhanced. Therefore, CDNs are essential for
sites serving large amounts of static content to a geographically dispersed user base.
See: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question 27:
Skipped
True or false: you can create your own policies if built-in Azure Policy is not sufficient
to your needs
FALSE
TRUE
(Correct)
Explanation
True, you can create custom policies using JSON
See: https://docs.microsoft.com/en-us/azure/governance/policy/tutorials/create-custom-
policy-definition
Question 28:
Skipped
Which of the following Azure features is most likely to deliver the most immediate
savings when it comes to reducing Azure costs?
(Correct)
Explanation
Reserved Instances often offer 40% or more savings off of the price of pay-as-you-go virtual
machines
See: https://docs.microsoft.com/en-us/azure/cost-management-billing/reservations/save-
compute-costs-reservations
Question 29:
Skipped
Which of the following is something that Azure Cognitive Services API can currently
do?
Translate text from one language to another
Speak text in an extremely realistic way
Create text from audio
All of these! Azure can do it all!
(Correct)
See: https://docs.microsoft.com/en-us/azure/cognitive-services/welcome
Question 30:
Skipped
Which ways does the Azure Resource Manager model provide to deploy resources?
Azure Portal
(Correct)
Powershell
(Correct)
(Correct)
CLI
(Correct)
Explanation
Azure Resource Manager (ARM) is the deployment and management service for Azure. It
provides a management layer that enables you to create, update, and delete resources in your
Azure account. The ARM model allows you to work with resources in a consistent manner,
whether through Azure portal, PowerShell, REST APIs/SDKs, or the Command-Line
Interface (CLI).
Each of these methods supports the full set of Azure Resource Manager features, and you can
choose the one that best fits your workflow.
See: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview
Question 31:
Skipped
True or False: Azure is a public cloud, and has no private cloud offerings
FALSE
(Correct)
TRUE
Explanation
The correct answer is FALSE. While Azure is indeed widely recognized as a public cloud
provider, offering a vast array of services accessible via the internet on a multi-tenant basis, it
does also provide private cloud capabilities.
One notable offering is Azure Stack, an extension of Azure that allows businesses to run apps
in an on-premises environment and deliver Azure services in their datacenter. With Azure
Stack, you get the flexibility of using Azure’s cloud capabilities while maintaining your own
datacenter for privacy, regulatory compliance, or other requirements.
Additionally, Azure offers services such as Azure Private Link, which provides private
connectivity from a virtual network to Azure services, and Azure ExpressRoute, a service
that enables a private, dedicated network connection to Azure.
So, contrary to the statement, Azure does have private cloud offerings along with its public
cloud, making the statement FALSE.
See: https://azure.microsoft.com/en-us/overview/what-is-a-private-cloud/
Question 32:
Skipped
In Microsoft Azure, which tool or service allows for the organization and management of
multiple subscriptions within hierarchical structures?
Resource Groups
Azure Active Directory
RBAC (Role-Based Access Control)
Management Groups
(Correct)
Explanation
The correct answer is Management Groups. In Azure, Management Groups provide a way
to manage access, policies, and compliance for multiple subscriptions. They can be structured
into a hierarchy for the organization's needs. All subscriptions within a Management Group
automatically inherit the conditions applied to the Management Group, facilitating
governance on a large scale.
Resource Groups, on the other hand, are containers for resources deployed on Azure. They
do not provide management capabilities across multiple subscriptions.
Azure Active Directory is a service that provides identity and access management
capabilities but does not provide a direct mechanism for managing multiple subscriptions in
nested hierarchies.
Hence, Management Groups is the correct answer as it directly allows for the management
and organization of multiple subscriptions into nested hierarchies, which the other options do
not.
See: https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
Question 33:
Skipped
Your organization has implemented an Azure Policy that restricts the type of Virtual Machine
instances you can use. How can you create a VM that is blocked by the policy?
The only way is to remove the policy, create the resource and add the policy back
(Correct)
Explanation
You cannot perform a task that violates policy, so you have to remove the policy in order to
perform the task.
See: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question 34:
Skipped
Which tool within Azure helps you to track your compliance with various international
standards and government laws?
(Correct)
Explanation
Compliance Manager will track your own compliance with various standards and laws.
See: https://techcommunity.microsoft.com/t5/security-privacy-and-compliance/announcing-
compliance-manager-general-availability/ba-p/161922
Question 35:
Skipped
What is the name of Azure's hosted SQL database service?
Table Storage
Cosmos DB
SQL Server in a VM
Azure SQL Database
(Correct)
Explanation
SQL Database is a SQL Server compatible option in Azure, a database as a service
See: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-technical-overview
Question 36:
Skipped
Logic apps, functions, and service fabric are all examples of what model of compute
within Azure?
IaaS model
SaaS model
Serverless model
(Correct)
Explanation
The correct answer is the Serverless model. Azure Logic Apps, Azure Functions, and Azure
Service Fabric are all examples of serverless computing in Azure.
Serverless computing is a cloud computing model where the cloud provider automatically
manages the provisioning and allocation of servers, hence the term "serverless". The
serverless model allows developers to focus on writing the code and business logic rather
than worrying about the underlying infrastructure, its setup, maintenance, scaling, and
capacity planning.
Azure Logic Apps is a cloud service that allows developers to build workflows that integrate
apps, data, services, and systems. Azure Functions is an event-driven, compute-on-demand
experience that extends the existing Azure application platform with capabilities to
implement code triggered by events occurring in Azure or third-party services. Azure Service
Fabric is a distributed systems platform that makes it easy to package, deploy, and manage
scalable and reliable microservices.
In contrast, IaaS (Infrastructure as a Service) refers to cloud-based services where you rent IT
infrastructure—servers and virtual machines (VMs), storage, networks, and operating
systems—from a cloud provider on a pay-as-you-go basis. SaaS (Software as a Service) is a
software distribution model in which a third-party provider hosts applications and makes
them available to customers over the Internet, which doesn't align with the services
mentioned in the question. The App Services model is a platform for hosting web
applications, REST APIs, and mobile backends, but it's not strictly serverless as it doesn't
auto-scale in the same way.
See: https://azure.microsoft.com/en-us/solutions/serverless/
Question 37:
Skipped
Who is responsible for the security of the physical servers in an Azure data center?
(Correct)
Explanation
Azure is responsible for physical security
See: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security
Question 38:
Skipped
You have decided to subscribe to Azure DDoS Protection at the IP Protection Tier. This
provides advanced protection to defend against DDoS attacks. What type of DDoS attack
does DDoS Protection NOT protect against?
Transport (L4) level attacks
Application (L7) level attacks
(Correct)
Network-level attacks are attacks that target the network infrastructure, such as the
routers and switches that connect your Azure resources to the internet. Azure DDoS
Protection IP Protection Tier can protect against network-level attacks by absorbing
and rerouting excessive traffic, and by scrubbing malicious traffic.
Transport-level attacks are attacks that target the transport layer of the network
protocol stack, such as TCP and UDP. Azure DDoS Protection IP Protection Tier can
protect against transport-level attacks by absorbing and rerouting excessive traffic,
and by scrubbing malicious traffic.
Application-level attacks are attacks that target the application layer of the network
protocol stack, such as HTTP and DNS. Azure DDoS Protection IP Protection
Tier does not protect against application-level attacks, because it is designed to
protect against network and transport-level attacks.
To protect against application-level attacks, you need to use a web application firewall
(WAF). A WAF is a software appliance that sits in front of your application and filters out
malicious traffic. WAFs can be configured to protect against a wide variety of application-
level attacks, such as SQL injection, cross-site scripting, and denial of service attacks.
See: https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Question 39:
Skipped
Azure Services can go through several phases in a Service Lifecycle. What are the three
phases called?
Private Preview, Public Preview, and General Availability
(Correct)
(Correct)
The other options, while also benefits of the cloud, do not directly align with the concept of
agility. Spinning up new resources quickly (Answer 2) or growing capacity easily when full
(Answer 3) relate more to the cloud's scalability and elasticity. The ability to recover from a
region-wide failure rapidly (Answer 4) speaks to the cloud's resilience and disaster recovery
capabilities.
While these aspects can contribute to overall business agility, they don't encapsulate the
broader strategic meaning of agility - the capacity to quickly adjust to market changes, which
can include shifts in customer demand, competitive pressures, or regulatory changes, among
others. Hence, the ability to respond to and drive market change quickly is the most accurate
answer.
See: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/strategy/business-
outcomes/agility-outcomes
Question 41:
Skipped
Can you give someone else access to your Azure subscription without giving them your
user name and password?
NO
YES
(Correct)
Explanation
Yes, anyone can create their own Azure account and you can give them access to your
subscription with granular control as to permissions
See: https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Question 42:
Skipped
What is Azure's preferred Identity/authentication service?
Live Connect
Network Security Group
Azure Active Directory
(Correct)
Facebook Connect
Explanation
Azure Active Directory (Azure AD) - Microsoft’s preferred Identity as a Service solution
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis
Question 43:
Skipped
An IT administrator has the requirement to control access to a specific app resource using
multi-factor authentication. What Azure service satisfies this requirement?
Azure Authorization
Microsoft Entra ID
(Correct)
Azure Authentication
Azure Function
Explanation
You can use Microsoft Entra ID (new name for Azure AD) to control access to your apps and
your app resources, based on your business requirements. In addition, you can use Microsoft
Entra ID (Azure AD) to require multi-factor authentication when accessing important
organizational resources.
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad
Question 44:
Skipped
What is the MAIN management tool used for managing Azure resources with a
graphical user interface?
PowerShell
Azure Storage Explorer
Azure Portal
(Correct)
Explanation
Azure Portal is the website used to manage your resources in Azure
See: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
Question 45:
Skipped
True or false: Formal support is not included in private preview mode.
FALSE
TRUE
(Correct)
Explanation
True. Preview features are not fully ready and this phase does not include formal support.
See: https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
Question 46:
Skipped
True or False: Azure has the responsibility to manage the hardware in the Infrastructure as a
Service model
TRUE
(Correct)
FALSE
Explanation
The correct answer is TRUE. In an Infrastructure as a Service (IaaS) model, the cloud service
provider, in this case Microsoft Azure, is responsible for managing the underlying physical
hardware. This includes servers, storage, networking hardware, and the virtualization layer.
Azure ensures that these resources are available and maintained, providing capabilities like
automated backup, disaster recovery, and scaling.
The customer, on the other hand, is responsible for managing the software components of the
service, including the operating system, middleware, runtime, data, and applications. This
arrangement allows customers to focus on their core business and application development
without worrying about the physical infrastructure's procurement, management, and
maintenance.
It's important to remember that the division of responsibilities may change in other service
models like Platform as a Service (PaaS) or Software as a Service (SaaS), where the cloud
service provider manages more layers of the technology stack. But for IaaS, the provider
indeed manages the hardware, making the statement TRUE.
See: https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question 47:
Skipped
Which feature of Azure Active Directory will require users to have their mobile phone
in order to be able to log in?
(Correct)
Explanation
Multi-Factor Authentication (MFA) - the concept of having something additional to a
“password” that is required to log in; passwords are find-able or guessable; but having your
mobile phone on you to receive a phone call, text or run an app to get a code is harder for an
unknown hacker to get
See: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-
howitworks
Question 48:
Skipped
Which of the following characteristics of a cloud-based system primarily contributes to its
elasticity?
The system's ability to recover automatically after a crash.
The system's ability to dynamically increase and decrease capacity based on real-
time demand.
(Correct)
The other options, while important for overall system robustness, do not define elasticity.
Withstanding denial of service attacks pertains to security, maintaining availability during
updates refers to zero-downtime deployment or high availability, and self-healing after a
crash refers to resilience or fault tolerance. None of these are about dynamically adjusting
capacity based on demand, which is the hallmark of an elastic system.
See: https://azure.microsoft.com/en-us/overview/what-is-elastic-computing/
Question 49:
Skipped
When establishing a Site-to-Site VPN connection with Azure, what kind of network device
needs to be present or installed in your company's on-premises network infrastructure?
A compatible VPN Gateway device
(Correct)
In order to establish a site-to-site VPN connection with Azure, a VPN Gateway is required on
your company's internal network. A VPN Gateway is a specific type of virtual network
gateway that sends encrypted traffic across a public network, like the Internet.
While the name might suggest it's a purely virtual entity, in practice, the term "VPN
Gateway" often refers to a hardware device that's installed on-premises in your data center.
This device uses Internet Protocol security (IPsec) to establish a secure, encrypted connection
to the Azure VPN Gateway, which resides in the Azure virtual network.
This setup allows your local network and Azure to interact as if they're directly connected. In
contrast, virtual machines, virtual networks, and application gateways are other types of
Azure resources, but they do not facilitate creating a site-to-site VPN connection. It's
important to note that your company's internal network hardware and settings must meet
specific requirements to support a VPN Gateway.
See: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-
resource-manager-portal
Question 50:
Skipped
Which of the following characteristics is essential for a system to be considered highly
available in a cloud computing environment?
It's impossible to create a highly available system.
The system must be designed for resilience, with no single points of failure.
(Correct)
While high availability often aims for close to 100% uptime, the claim of maintaining 100%
availability is practically unrealistic due to factors like maintenance needs and unexpected
failures. Also, having a minimum of two VMs may contribute to high availability but isn't a
definitive requirement — it depends on the specifics of the system architecture.
Finally, the assertion that it's not possible to create a highly available system is incorrect.
There are established strategies and technologies for designing and operating highly available
systems, and they are widely used in mission-critical applications across many industries.
See: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/availability
(Correct)
It doesn't. Multi-Factor Authentication is more about access and authentication
than account security.
It requires users to be approved before they can log in for the first time.
It requires single sign-on functionality
Explanation
MFA requires that the user have access to their mobile phone for using SMS or an app.
Question 2:
Skipped
Which of the following cloud computing models requires the highest level of involvement in
maintaining the operating system and file system by the customer?
IaaS
(Correct)
FaaS
SaaS
PaaS
Explanation
IaaS or Infrastructure as a service requires you to keep your OS patched, close ports, and
generally protect your own server
Question 3:
Skipped
What does it mean if a service is in Public Preview mode?
The service is generally available for use, and Microsoft will provide support for
it
Anyone can use the service for any reason
Anyone can use the service but it must not be for production use
(Correct)
Explanation
Public Preview is for anyone to use, but it is not supported nor guaranteed to continue to be
available
Question 4:
Skipped
If you are a US federal, state, local, or tribal government entities and their solution
providers, which Azure option should you be looking to register for?
(Correct)
Explanation
Hopefully, it's clear that US Federal, State, Local and Tribal governments can use the US
Government portal
Question 5:
Skipped
What database service is specifically designed to be extremely fast in responding to
requests for small amounts of data (called low latency)?
(Correct)
Explanation
Cosmos DB - extremely low latency (fast) storage designed for smaller pieces of data
quickly; SaaS
Question 6:
Skipped
Which of the following scenarios would Azure Policy be a recommended method for
enforcement?
Prevent certain Azure Virtual Machine instance types from being used in a
resource group
(Correct)
Allow only one specific roles of users to have access to a resource group
Require a virtual machine to always update to the latest security patches
Add an additional prompt when creating a resource without a specific tag to ask
the user if they are really sure they want to continue?
Explanation
Azure Policy can add restrictions on storage account SKUs, virtual machine instance types,
and rules relating to tagging of resources and groups. It cannot prompt a user to ask them if
they are sure.
Question 7:
Skipped
Within the context of privacy and compliance, what does the acronym ISO stand for, in
English?
Instead of
International Organization for Standardization
(Correct)
Explanation
ISO is a standards body, International Organization for Standardization
Question 8:
Skipped
What is the benefit of using a command line tool like Powershell or CLI as opposed to
the Azure portal?
(Correct)
Cheaper
Explanation
The real benefit is automation. Being able to write a script to do something is better than
having to do it manually each time.
100%
99.99%
(Correct)
99.90%
99.95%
Explanation
99.99%
Question 10:
Skipped
Why is Azure App Services considered Platform as a Service?
(Correct)
You are responsible for keeping the operating system up to date with the latest
patches
Explanation
You give Azure the code and configuration, and you have no access to the underlying
hardware
Question 11:
Skipped
How many regions does Azure have in Brazil?
0
4
1
(Correct)
2
Explanation
There is 1 region in Brazil.
Question 12:
Skipped
True or false: Azure charges for bandwidth used "inbound" to Azure
FALSE
(Correct)
TRUE
Explanation
Ingress bandwidth is free. You pay for egress (outbound).
Question 13:
Skipped
What is the Azure SLA for two or more Virtual Machines in an Availability Set?
99.99%
100%
99.90%
99.95%
(Correct)
Explanation
99.95%
Question 14:
Skipped
What is the concept of Availability?
(Correct)
Explanation
Availability - what percentage of time does a system respond properly to requests, expressed
as a percentage over time
Question 15:
Skipped
In which US state is the East US 2 region?
Virginia
(Correct)
Iowa
California
Texas
Explanation
East US 2 is in the Eastern state of Virginia, close to Washington DC
Question 16:
Skipped
What is the benefit of using Powershell over CLI?
(Correct)
Explanation
There is no benefit, only a matter of personal choice.
Disable RDP access using the Windows Services control panel admin tool
Ensure strong passwords on your Windows admin accounts
Do not allow public Internet access over the RDP and SSH ports directly to the
server. Instead use a secure server like Bastion to control access to the servers
behind.
(Correct)
Explanation
You need to either control access to the RDP and SSH ports to a very specific range of IPs,
enable the ports only when you are using it, or use a Bastion server/jump box to protect those
servers.
Question 18:
Skipped
What is a benefit of economies of scale?
Big companies don't need to make a profit on the first product they sell you,
because they will make a profit on the second
The more you buy of something, the cheaper it is for you
(Correct)
Prices of cloud servers and services are always going down. It'll be cheaper next
year than it is this year.
Big companies don't need to make a profit on every sale
Explanation
Economies of Scale - the more of an item that you buy, the cheaper it is per unit
Question 19:
Skipped
What does ARM stand for in Azure?
Explanation
Azure Resource Manager (ARM) - this is the common resource deployment model that
underlies all resource creation or modification; no matter whether you use the portal,
powershell or the SDK, the Azure Resource Manager takes those commands and executes
them
Question 20:
Skipped
What is the maximum amount of Azure Storage space a single subscription can store?
500 GB
2 TB
Virtually unlimited
(Correct)
5 PB
Explanation
A single Azure subscription can have up to 250 storage accounts per region, and each storage
account can store up to 5 Petabytes. That is 31 million Terabytes. This is probably 15-20
times what Google, Amazon, Microsoft and Facebook use combined. That's a lot.
Question 21:
Skipped
What is the new data privacy and information protection regulation that took effect
across Europe in May 2018?
GDPR
(Correct)
PCI DSS
FedRAMP
ISO 9001:2015
Explanation
The General Data Protection Regulation (GDPR) took effect in Europe in May 2018.
For more info: https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr?view=o365-
worldwide
Question 22:
Skipped
What does it mean if a service is in General Availability (GA) mode?
The service has now reached public preview, and Microsoft will provide support
for it
Anyone can use the service for any reason
(Correct)
Explanation
Anyone can use a GA service. It is fully supported and can be used for production.
Question 23:
Skipped
Which of the following elements is considered part of the "perimeter" layer of security?
(Correct)
Explanation
Firewall is part of the perimeter security
Question 24:
Skipped
What would be a good reason to have multiple Azure subscriptions?
There is one person/credit card paying for resources, but many people who have
accounts in Azure, and you need to separate out resources between clients so that
there is absolutely no chance of resources being exposed between them.
(Correct)
There is one person/credit card paying for resources, and only one person who
logs into Azure to manage the resources, but you want to be able to know which
resources are used for which client project.
Explanation
Having multiple subscriptions can technically be done for any reason, but it only makes sense
if you have to separate billing directly, or have actual clients logging into the Portal to
manage their resources.
Question 25:
Skipped
How do you get access to services in Private Preview mode?
(Correct)
Explanation
Private Preview means you must apply to use them.
Question 26:
Skipped
Besides Azure Service Health, where else can you find out any issues that affect the
Azure global network that affect you?
(Correct)
Explanation
Each Virtual Machine has a Resource Health blade
Question 27:
Skipped
What is the concept of paired regions?
Each region of the world has one other region, usually in a completely separate
country and geography, where it makes the most sense to place your backups.
Like East US 2 is paired with South Korea.
Azure employees in those regions sometimes go on picnics together.
When you deploy your code to one region of the world, it is automatically
deployed to the paired region as an emergency backup.
Each region in the world has at least one other region in which is shares an
extremely high speed connection, and where there is coordinated action by Azure
not to do anything that will bring them both down at the same time.
(Correct)
Explanation
Paired regions are usually in the same geo (not always) but are the most logical place to store
backups because they have a high speed connection and Azure staggers the service updates to
those regions.
Question 28:
Skipped
Where do you go within the Azure Portal to find all of the third-party virtual machine
and other offers?
(Correct)
Explanation
Azure Marketplace contains thousands of services you can rent within the cloud
Question 29:
Skipped
Which of the following is considered a downside to using Capital Expenditure (CapEx)?
(Correct)
Question 30:
Skipped
Application Gateway contains what additional optional security feature over a regular
Load Balancer?
(Correct)
Multi-Factor Authentication
Azure AD Advanced Information Protection
Advanced DDoS Protection
Explanation
Application Gateways also comes with an optional Web Application Firewall (or WAF) as a
security benefit
Question 31:
Skipped
What types of files can a Content Delivery Network speed up the delivery of?
PDFs
(Correct)
Images
(Correct)
JavaScript files
(Correct)
Videos
(Correct)
Explanation
All of them. Any static file that doesn't change.
For more info: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question 32:
Skipped
Which of the following is not a feature of Azure Functions?
(Correct)
Can edit the code right in the Azure Portal using a code editor
Explanation
Functions are designed for short pieces of code that start and end quickly.
Question 33:
Skipped
What two types of DDoS protection services does Azure provide? Select two.
DDoS Network Protection
(Correct)
DDoS IP Protection
(Correct)
Question 34:
Skipped
Why is a user id and password sometimes not enough to prove someone is who they say they
are?
Passwords must be encrypted before being stored
Passwords are usually easy to forget
Some people might choose the same user id and password
User id and password can be used by anyone such as a co-worker, ex-employee
or hacker half-way around the world
(Correct)
Explanation
The truth is that someone can find a way to get a user id and password, even guess it, and that
can be used by another person.
Question 35:
Skipped
Select the way(s) to increase the security of a traditional user id and password system?
(Correct)
Do not allow users to log into an application except using a company registered
device.
(Correct)
(Correct)
(Correct)
Explanation
All of these are ways to increase the security on an account.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-
ban-bad
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/password-policy
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy
Question 36:
Skipped
Which of the following is not an example of Infrastructure as a Service?
(Correct)
SQL Server in a VM
Virtual Machine Scale Sets
Virtual Network
Virtual Machine
Explanation
With Azure SQL Database, the infrastructure is not in your control
Question 37:
Skipped
What Azure product allows you to autoscale virtual machines from 1 to 1000 instances,
and also provides load balancing services built in?
(Correct)
Application Gateway
Azure App Services
Explanation
Virtual Machine Scale Sets - these are a set of identical virtual machines (from 1 to 1000
instances) that are designed to auto-scale up and down based on user demand; IaaS
Question 38:
Skipped
What makes estimating the cost of an unmanaged storage account difficult?
You are charged for data coming into Azure, and it's difficult to predict that
There is no way to predict the amount of data in the account
The cost of storage changes frequently
You are charged for data leaving Azure, and it's difficult to predict that
(Correct)
Explanation
There is a cost for egress (bandwidth out) and it's hard to estimate how many bytes will be
counted leaving an Azure network
Question 39:
Skipped
What is the concept of being able to get your applications and data running in another
environment quickly?
Azure Devops
Reproducible deployments
Business Continuity / Disaster Recovery (BC/DR)
(Correct)
Azure Blueprint
Explanation
Disaster Recovery - the ability to recover from a big failure within an acceptable period of
time, with an acceptable amount of data lost
Question 40:
Skipped
True or false: Azure Cloud Shell allows access to the Bash and Powershell consoles in the
Azure Portal
TRUE
(Correct)
FALSE
Explanation
Cloud Shell - allows access to the Bash and Powershell consoles in the Azure Portal
Question 41:
Skipped
Approximately how many regions does Azure have around the world?
60+
(Correct)
40
25
10
Explanation
There are 60+ Azure regions currently, in 10+ geographies
Question 42:
Skipped
What Azure resource allows you to evenly split traffic coming in and direct it to several
identical virtual machines to do the work and respond to the request?
(Correct)
Virtual Network
Azure Logic Apps
Explanation
This is the core feature of either a Load Balancer or Application Gateway
Question 43:
Skipped
Which tool within Azure is comprised of : Azure Status, Service Health and Resource
Health?
Azure Advisor
Azure Dashboard
Azure Service Health
(Correct)
Azure Monitor
Explanation
Azure Service Health - lets you know about any Azure-related service issues including
region-wide downtime
Question 44:
Skipped
Which Azure service is the recommended Identity-as-a-Service offering inside Azure?
(Correct)
Explanation
Azure AD is the identity service designed for web protocols, that you can use for your
applications.
Question 45:
Skipped
Which free Azure security service checks all traffic travelling over a subnet against a set
of rules before allowing it in, or out.
(Correct)
Azure Firewall
Advanced Threat Protection (ARP)
Explanation
Network Security Group (NSG) - a fairly basic set of rules that you can apply to both
inbound traffic and outbound traffic that lets you specify what sources, destinations and ports
are allowed to travel through from outside the virtual network to inside the virtual network
Question 46:
Skipped
Each person has their own user id and password to log into Azure. But how many
subscriptions can a single account be associated with?
10
No limit
(Correct)
One
250 per region
Explanation
There is not a limit to the number of subscriptions a single user can be included on.
Question 47:
Skipped
What is the concept of Big Data?
(Correct)
A small sensor or other device that constantly sends it's status and other data to
the cloud
Explanation
Big Data - a set of open source (Apache Hadoop) products that can do analysis on millions
and billions of rows of data; current tools like SQL Server are not good for this scale
Question 48:
Skipped
Select all features part of Azure AD?
Log Alert Rule
Smart lockout
(Correct)
(Correct)
Device Management
(Correct)
Single sign-on
(Correct)
Explanation
The Log Alert Rule is not a feature of Azure AD.
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad
Question 49:
Skipped
What is the minimum charge for having an Azure Account each month, even if you
don't use any resources?
$0
(Correct)
Explanation
An Azure account can cost nothing if you don't use any resources or only use free resources
Question 50:
Skipped
Which of the following is a good example of a Hybrid cloud?
Your users are inside your corporate network but your applications and data are
in the cloud.
Technology that allows you to grow living tissue on top of an exoskeleton,
making Terminators impossible to spot among humans.
A server runs in your own environment, but places files in the cloud so that it
can extend the amount of storage it has access to.
(Correct)
Your code is a mobile app that runs on iOS and Android phones, but it uses a
database in the cloud.
Explanation
Hybrid Cloud - A mixture between your own private networks and servers, and using the
public cloud for some things. Typically used to take advantage of the unlimited, inexpensive
growth benefits of the public cloud.
It is the level at which services are billed. All resources created under a
subscription are billed to that subscription.
(Correct)
Each user account is associated with a unique subscription. If you need more
than one subscription, you need to create multiple user accounts.
Explanation
Subscription is the level at which things get billed. Multiple users can be associated with a
subscription at various permission levels.
For more
info: https://docs.microsoft.com/en-us/services-hub/health/azure_sponsored_subscription
Question 2:
Skipped
Which of the following elements is considered part of the "network" layer of network
security?
Keeping operating systems up to date with patches
All of the above
Separate servers into distinct subnets by role
(Correct)
Explanation
Subnets is part of network security
and
https://en.wikipedia.org/wiki/OSI_model
Question 3:
Skipped
How do you stop your Azure account from incurring costs above a certain level without
your knowledge?
Set up a billing alert to send you an email when it reaches a certain level
Switch to Azure Reserved Instances with Hybrid Benefit for VMs
Only use Azure Functions which have a significant free limit
Explanation
If you don't want to spend over a certain amount, implement a spending limit in the account
center
Question 4:
Skipped
Where can you go to see what standards Microsoft is in compliance with?
Trust Center
(Correct)
Explanation
The list of standards that Azure has been certified to meet is in the Trust Center
Question 5:
Skipped
What software is used to synchronize your on premises AD with your Azure AD?
LDAP
Azure AD Domain Services
Azure AD Federation Services
AD Connect
(Correct)
Explanation
AD Connect is used to synchronize your corporate AD with Azure AD.
Question 6:
Skipped
Which of the following services would NOT be considered Infrastructure as a Service?
Virtual Network
Azure Functions App
(Correct)
Explanation
Functions are small pieces of code that you give to Azure to run for you, and you have no
access to the underlying infrastructure.
Question 7:
Skipped
What type of documents does the Microsoft Service Trust Portal provide?
(Correct)
Explanation
A list of standards that Microsoft follows, pen test results, security assessments, white papers,
faqs, and other documents that can be used to show Microsoft's compliance efforts
Question 8:
Skipped
How many minutes per month downtime is 99.99% availability?
100
1
40
4
(Correct)
Explanation
99.99% is 4 minutes per month of downtime
For more info: https://azure.microsoft.com/en-us/support/legal/sla/summary/
Question 9:
Skipped
True or false: If your feature is in the General Availability phase, then your feature will
receive support from all Microsoft support channels.
FALSE
TRUE
(Correct)
Explanation
This is true. Do not use preview features in production apps.
Question 10:
Skipped
Which database product offers "sub 5 millisecond" response times as a feature?
(Correct)
Explanation
Cosmos DB is low latency, and even offers sub 5-ms response times at some levels.
Question 11:
Skipped
Which of the following are one of the advantages of running your cloud in a private
cloud?
Assurance that your code, data and applications are running on isolated
hardware, and on an isolated network.
(Correct)
You own the hardware, so you can change private cloud hosting providers easily.
Private cloud is significantly cheaper than the public cloud.
Explanation
Private cloud generally means that you are running your code on isolated computing, not
mixed in with other companies.
Question 12:
Skipped
For tax optimization, which type of expense is preferable?
CapEx
OpEx
(Correct)
Explanation
Operating Expenditure is thought to be preferable because you can fully deduct expenses
when they are incurred.
Question 13:
Skipped
If you wanted to get an alert every time a new virtual machine is created, where could
you create that?
Azure Dashboard
Azure Monitor
(Correct)
Subscription settings
Azure Policy
Explanation
The best place to track events at the resource level is Azure Monitor.
Question 14:
Skipped
Which feature within Azure alerts you to service issues that happen in Azure itself, not
specifically related to your own resources?
(Correct)
Azure Security Center
Azure Portal Dashboard
Azure Monitor
Explanation
Azure Service Health - lets you know about any Azure-related service issues including
region-wide downtime
Question 15:
Skipped
What is the significance of the Azure region? Why is it important?
Region is just a folder structure in which you organize resources, much like file
folders on a computer.
Even though you have to choose a region when creating resources, there's
generally no consequence of what you select. You can create a network in one
region and then create virtual machines for that network in another region.
Once you select a region, you cannot create resources outside of that region. So
selecting the right region is an important decision.
You must select a region when creating most resources, and the region is the
area of the world where those resources will be physically located.
(Correct)
Explanation
The region is the area of the world where resources get created. You can create resources in
any region that you have access to. But there are sometimes restrictions when creating a
resource in one region that related resources like networks must also be in the same region for
logical reasons.
Question 16:
Skipped
Which style of computing is easiest when migrating an existing hosted application from
your own data center into the cloud?
FaaS
Serverless
IaaS
(Correct)
PaaS
Explanation
Infrastructure as a service is the easiest to migrate into, from an existing hosted app - lift and
shift
Question 17:
Skipped
Why should you divide your application into multiple subnets as opposed to having all
your web, application and database servers running on the same subnet?
There are only a limited number of IP addresses available per subnet, so you
need multiple subnets over a certain number.
Separating your application into multiple subnets allows you to have different
NSG security rules for each subnet, which can make it harder for a hacker to get
from one compromised server onto another.
(Correct)
Each server type of your application requires its own subnet. It's not possible to
mix web servers, database servers and application servers on the same subnet.
Explanation
For security purposes, you should not allow "port 80" web traffic to reach certain servers, and
you do that by having separate NSG rules on each subnet.
Question 18:
Skipped
With Azure public cloud, anyone with a valid credit card can sign up and get services
immediately
TRUE
(Correct)
FALSE
Explanation
Yes, Azure public cloud is open to the public in all countries that Azure supports.
Question 19:
Skipped
What is the service level agreement for two or more Azure Virtual Machines that have
been placed into the same Availability Set in the same region?
100%
99.90%
99.95%
(Correct)
99.99%
Explanation
99.95%
Question 20:
Skipped
What is the name of the open source project run by the Apache foundation that maps to
the HDInsight tools within Azure?
Apache Jazz
Apache Hadoop
(Correct)
Apache Jaguar
Apache Cayenne
Explanation
Hadoop is open source home of the HDInsight tools
Question 21:
Skipped
What does it mean if a service is in Private Preview mode?
Anyone can use the service but it must not be for production use
The service is generally available for use, and Microsoft will provide support for
it
Anyone can use the service for any reason
You have to apply to get selected in order to use that service
(Correct)
Explanation
Private Preview means you have to apply to use a service, and you may or may not be
selected
Servers have become a commodity and Microsoft doesn't even need to even fix
servers that fail within Azure.
You can serve users better during peak traffic periods by automatically adding
more capacity.
(Correct)
(Correct)
You can do more regular backups and you won't lose as much when that backup
gets restored
Explanation
Elasticity saves you money during slow periods (over night, over the weekend, over the
summer, etc) and also allows you to handle the highest peak of traffic.
Question 23:
Skipped
True or false: Azure PowerShell scripts and Command Line Interface (CLI) scripts are
entirely compatible with each other?
TRUE
FALSE
(Correct)
Explanation
No, PowerShell is it's own language, different than CLI
Question 24:
Skipped
TRUE OR FALSE: Azure Tenant is a dedicated and trusted instance of Azure Active
Directory that's automatically created when your organization signs up for a Microsoft cloud
service subscription.
TRUE
(Correct)
FALSE
Explanation
Yes, Azure Tenant is a dedicated and trusted instance of Azure AD that's automatically
created when your organization signs up for a Microsoft cloud service subscription.
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad
Question 25:
Skipped
What operating systems does an Azure Virtual Machine support?
Windows
Linux
Windows and Linux
(Correct)
macOS
Windows, Linux and macOS
Explanation
Azure Virtual Machines support Windows and Linux
Question 26:
Skipped
Deploying Azure App Services applications consists of what two components? Pick two.
Packaged code
(Correct)
Database scripts
Managing operating system updates
Configuration
(Correct)
Explanation
Azure App Services, platform as a service, consists of code and configuration.
Question 27:
Skipped
If you have an Azure free account, with a $200 credit for the first month, what happens
when you reach the $200 limit?
You cannot create any more resources until you add more credits to the account.
All services are stopped and you must decide whether you want to convert to a
paid account or not.
(Correct)
Explanation
Using up the free credits causes all your resources to be stopped until you decide to get a paid
account.
Question 28:
Skipped
What advantage does an Application Gateway have over a Load Balancer?
Application Gateway can be scaled so that two, three or more instances of the
gateway can support your application.
Application gateway understands the HTTP protocol and can interpret the URL
and make decisions based on the URL.
(Correct)
Explanation
Application gateway can make load balancing decisions based on the URL path, while a load
balancer can't.
Question 29:
Skipped
How does Multi-Factor Authentication make a system more secure?
It requires the user to have access to their verified phone in order to log in
(Correct)
Question 30:
Skipped
What is the recommended way within Azure to store secrets such as private
cryptographic keys?
(Correct)
Explanation
Azure Key Vault - the modern way to store cryptographic keys, signed certificates and
secrets in Azure
Question 31:
Skipped
Which of the following would be an example of an Internet of Things (IoT) device?
A video game, installed on Windows clients around the world, that keep user
scores in the cloud.
A refrigerator that monitors how much milk you have left and sends you a text
message when you are running low
(Correct)
Explanation
An IoT device is not a standard computing device but connects to a network to report data on
a regular basis. A web server, a personal computer, or a mobile app is not an IoT device.
Question 32:
Skipped
TRUE OR FALSE: If you wanted to deploy a virtual machine to China, you would just
choose the China region from the drop down.
FALSE
(Correct)
TRUE
Explanation
Some regions of the world require special contracts with the local provider such as Germany
and China.
Question 33:
Skipped
What data format are ARM templates created in?
XML
JSON
(Correct)
HTML
YAML
Explanation
ARM templates are created in JSON
Question 34:
Skipped
TRUE OR FALSE: Through Azure Active Directory one can control access to an application
but not the resources of the application.
FALSE
(Correct)
TRUE
Explanation
Azure AD can control the access of both the apps and the app resources.
See: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-
whatis#which-features-work-in-azure-ad
Question 35:
Skipped
How many hours are available free when using the Azure B1S General Purpose Virtual
Machines under a Azure free account in the first 12 months?
750 hrs
(Correct)
Question 36:
Skipped
What are resource groups?
Within Azure security model, users are organized into groups, and those groups
are granted permissions to resources
Based on the tag assigned to a resource by the deployment script, it is assigned to
a group
Automatically assigned groups of resources that all have the same type (virtual
machine, app service, etc)
A folder structure in Azure in which you organize resources like databases,
virtual machines, virtual networks, or almost any resource
(Correct)
Explanation
Resource Groups - a folder structure in Azure in which you organize resources like databases,
virtual machines, virtual networks, or almost any resource
Question 37:
Skipped
What are groups of subscriptions called?
Subscription Groups
ARM Groups
Azure Policy
Management Groups
(Correct)
Explanation
Subscriptions can be nested and placed into management groups to make managing them
easier.
Question 38:
Skipped
Which two features does Virtual Machine Scale Sets provide as part of the core
product? Pick two.
(Correct)
Firewall
Content Delivery Network
Autoscaling of virtual machines
(Correct)
Explanation
VMSS provides autoscale features and has a built in load balancer. You still need to have a
way to deploy your code to the new servers, as you do with regular VMs.
Question 39:
Skipped
What does it mean that security is a "shared model" in Azure?
(Correct)
Explanation
The shared security model means that, depending on the application model, you and Azure
both have roles in ensuring a secure environment.
Question 40:
Skipped
What is the name of the collective set of APIs that provide machine learning and
artificial intelligence services to your own applications like voice recognition, image
tagging, and chat bot?
(Correct)
Explanation
Azure Cognitive Services is the set of Machine Learning and AI API's
Question 41:
Skipped
What happens if Azure does not meet its own Service Level Agreement guarantee
(SLA)?
(Correct)
Explanation
Microsoft offers a refund of 10% or 25% depending on how badly they miss their service
guarantee
Question 42:
Skipped
Which of the following resources are not considered Compute resources?
Function Apps
Azure Batch
Load Balancer
(Correct)
Explanation
A load balancer is a networking product, and does not execute your code.
For more info: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Question 43:
Skipped
What is a policy initiative in Azure?
(Correct)
Explanation
The ability to group policies together
For more
info: https://docs.microsoft.com/en-us/azure/governance/policy/overview#initiative-
definition
Question 44:
Skipped
What is the goal of a DDoS attack?
To overwhelm and exhaust application resources
(Correct)
Explanation
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the
application’s availability and its ability to handle legitimate requests.
Question 45:
Skipped
Which tool within the Azure Portal will make specific recommendations based on your
actual usage for how you can improve your use of Azure?
Azure Dashboard
Azure Advisor
(Correct)
Explanation
Azure Advisor - a tool that will analyze your use of Azure and make you specific
recommendations based on your usage across availability, security, performance and cost
categories
Question 46:
Skipped
Which Azure service can be enabled to enable Multi-Factor Authentication for
administrators but not require it for regular users?
Azure Firewall
Advanced Threat Protection
Privileged Identity Management
(Correct)
Azure AD B2B
Explanation
Privileged Identity Management can be used to ensure privileged users have to jump through
additional verification because of their role.
Question 47:
Skipped
What is the core problem that you need to solve in order to have a high-availability
application?
You need to ensure the capacity of your server exceeds your highest number of
expected concurrent users
You need to avoid single points of failure
(Correct)
Explanation
You'll want to avoid single points of failure, so that any component that fails does not cause
the entire application to fail.
For more info: https://docs.microsoft.com/en-us/azure/architecture/guide/design-principles/
redundancy
Question 48:
Skipped
Which Azure service, when enabled, will automatically block traffic to or from known
malicious IP addresses and domains?
Azure Firewall
(Correct)
Explanation
Azure Firewall has a threat-intelligence option that will automatically block traffic to/from
bad actors on the Internet.
Question 49:
Skipped
Which Azure management tool analyzes your usage of Azure and makes suggestions
specifically targeted to help you optimize your usage of Azure regarding cost, security and
performance?
Azure Service Health
Azure Advisor
(Correct)
Azure Firewall
Azure Mobile App
Explanation
Azure Advisor analyzes your specific usage of Azure and makes helpful suggestions on how
it can be improved.
Question 50:
Skipped
What does the letter R in RBAC stand for?
Rule
Role
(Correct)
Rights
Review
Explanation
RBAC is role based access control