Question 1

Question 1 :
Tailwind Traders uses the LAMP stack for several of its websites. Which option would be
ideal for migration?

Azure SQL Database

Azure Cosmos DB

Azure Database for MySQL
(Correct)

Azure Database for PostgreSQL
Explications
Azure Database for MySQL is the logical choice for existing LAMP stack applications.
Question 2 :
Which of the following options isn't a benefit of ExpressRoute?

Access to Microsoft cloud services

Redundant connectivity

Consistent network throughput

Encrypted network communication
(Correct)
Explications
ExpressRoute does provide private connectivity, but it isn't encrypted.
Question 3 : Correct
Consider the following scenario. Then choose the best response for each question that
follows. Then, select Check your answers.
Tailwind Traders is moving its online payment system from its datacenter to the cloud. The
payment system consists of virtual machines (VMs) and SQL Server databases.
Here are a few security requirements that the company identifies as it plans the migration:
It wants to ensure a good security posture across all of its systems, both on Azure and on-
premises.
In the datacenter, access to VMs requires a TLS certificate. The company needs a place to
safely store and manage its certificates.
Here are some additional requirements that relate to regulatory compliance:
Tailwind Traders must store certain customer data on-premises, in its datacenter.
For certain workloads, the company must be the only customer running VMs on the physical
hardware.
The company must only run approved business applications on each VM.
See the following diagram that shows the proposed architecture.
Image plus grande
On Azure, Tailwind Traders will use both standard VMs and VMs that run on dedicated
physical hardware. In the datacenter, the company will run VMs that can connect to databases
within its internal network.
Which is the best way for Tailwind Traders to safely store its certificates so that they're
accessible to cloud VMs?

Store them on a VM that's protected by a password.

Place the certificates on a network share.

Store the certificates in Azure Key Vault.
(Correct)
Explications
Azure Key Vault enables you to store your secrets in a single, central location. Key Vault
also makes it easier to enroll and renew certificates from public certificate authorities
(CAs).
Question 4 : Correct
Where can the team access details about the personal data Microsoft processes and how the
company processes it, including for Cortana?

Microsoft Privacy Statement
(Correct)

Microsoft compliance offerings

The Azure compliance documentation
Explications
The Microsoft Privacy Statement provides information that's relevant to specific
services, including Cortana.
Question 5 : Incorrect
premises.
hardware.
Image plus grande

What's the easiest way for Tailwind Traders to combine security data from all of its
monitoring tools into a single report that it can take action on?

Look through each security log daily and email a summary to your team.
(Incorrect)

Build a custom tool that collects security data, and displays a report through a web
application.

Collect security data in Azure Sentinel.
(Correct)
Explications
Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from
many different sources to provide additional capabilities for threat detection and
responding to threats.
Question 6 : Ignoré
You need to identify the content of product images to automatically create alt tags for images
formatted properly. Which product option is the best candidate?

Azure Bot Service

Azure Cognitive Services
(Correct)

Azure Machine Learning
Explications
Azure Cognitive Services includes Vision services that can identify the content of an
image. Azure Cognitive Services is the best candidate.
A company wants to quickly manage its individual IoT devices by using a web-based user
interface. Which IoT technology should it choose?

Azure Sphere

IoT Central
(Correct)

IoT Hub
Explications
IoT Central quickly creates a web-based management portal to enable reporting and
communication with IoT devices.
As an administrator, you need to retrieve the IP address from a particular VM by using Bash.
Which of the following tools should you use?

Azure PowerShell

ARM templates

The Azure CLI
(Correct)

The Azure portal
Explications
The Azure CLI enables you to use Bash to run one-off tasks on Azure.
premises.
hardware.
Image plus grande
How can Tailwind Traders enforce having only certain applications run on its VMs?

Periodically run a script that lists the running processes on each VM. The IT manager can
then shut down any applications that shouldn't be running.

Connect your VMs to Azure Sentinel.

Create an application control rule in Azure Security Center.
(Correct)
Explications
With Azure Security Center, you can define a list of allowed applications to ensure that
only applications you allow can run. Azure Security Center can also detect and block
malware from being installed on your VMs.
Tailwind Traders wants to create a secure communication tunnel between its branch offices.
Which of the following technologies can't be used?

Point-to-site virtual private network

Site-to-site virtual private network

Azure ExpressRoute

Implicit FTP over SSL
(Correct)
Explications
FTP over SSL can't be used to create a secure communication tunnel.
You need to create a human-computer interface that uses natural language to answer customer
questions. Which product option should you select as a candidate?



Azure Bot Service
(Correct)
Explications
Azure Bot Service creates virtual agent solutions that utilize natural language. It should
not be eliminated as a candidate.
premises.
hardware.
Image plus grande
How can Tailwind Traders ensure that certain VM workloads are physically isolated from
workloads being run by other Azure customers?

This is not possible. These workloads need to be run on-premises.

Configure the network to ensure that VMs on the same physical host are isolated.

Run the VMs on Azure Dedicated Host.
(Correct)
Explications
Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for
Windows and Linux.
Which service could help you manage the VMs that your developers and testers need to
ensure that your new app works across various operating systems?

Azure Repos

Azure Test Labs

Azure DevTest Labs
(Correct)
Explications
Azure DevTest Labs is used to manage VMs for testing, including configuration,
provisioning, and automatic de-provisioning.
Your team has limited experience with writing custom code, but it sees tremendous value in
automating several important business processes. Which of the following options is your
team's best option?

Azure Functions

Azure Logic Apps
(Correct)
Explications
Azure Logic Apps is best suited for users who are more comfortable in a visual
environment that allows them to automate their business processes. Logic Apps is the
best option in this scenario.
Which of the following options isn't a type of cloud computing?

Distributed cloud
(Correct)

Hybrid cloud

Public cloud

Private cloud
Explications
A distributed cloud isn't a valid type of cloud computing.
Which of the following services should be used when the primary concern is to perform work
in response to an event (often via a REST command) that needs a response in a few seconds?

Azure Container Instances

Azure Functions
(Correct)

Azure App Service
Explications
Azure Functions is used when you need to perform work in response to an event (often
via a REST request), timer, or message from another Azure service, and when that work
can be completed quickly, within seconds or less.
Tailwind Traders has millions of log entries that it wants to analyze. Which option would be
ideal for analysis?

Azure SQL Database


Azure Synapse Analytics
(Correct)

Azure Cosmos DB
Explications
Azure Synapse Analytics is the logical choice for analyzing large volumes of data.
Which of the following options can you use to link virtual networks?

Dynamic Host Configuration Protocol

Virtual network peering
(Correct)

Multi-chassis link aggregation

Network address translation
Explications
Virtual network peering can be used to link virtual networks.
Which Azure Storage option is better for storing data for backup and restore, disaster
recovery, and archiving?

Azure Blob Storage
(Correct)

Azure Disk Storage

Azure Files Storage
Explications
Azure Blob Storage is your best option for storing disaster recovery files and archives.
Which of the following statements is not true about cloud computing?

Cloud computing resources are usually limited to specific geographic regions.
(Correct)

IaaS, PaaS, and SaaS are examples of cloud computing service models.

Cloud computing typically decreases your operating expenses.

Three cloud computing deployment models are public cloud, private cloud, and hybrid
cloud.
Explications
Most cloud computing resources can be distributed to global datacenters.
Consider the following scenario. Then choose the best response for each question that follows
and select Check your answers.
Tailwind Traders is moving its online payment system to Azure. The processing of online
orders begins through a website, which Tailwind Traders manages through Azure App
Service. (App Service is a way to host web applications on Azure.)
The web application that runs the website passes order information to virtual machines
(VMs), which further process each order. These VMs exist on an Azure virtual network, but
they need to access the internet to retrieve software packages and system updates.
Here's a diagram that shows the basic architecture of the company's payment system:
Image plus grande
The security team wants to ensure that only valid network traffic reaches the company's Azure
resources. As an extra layer of defense, the team also wants to ensure that the VMs can reach
only trusted hosts on specific ports.
An attacker can bring down your website by sending a large volume of network traffic to your
servers. Which Azure service can help Tailwind Traders protect its App Service instance from
this kind of attack?

Azure DDoS Protection
(Correct)

Azure Firewall

Network security groups
Explications
DDoS Protection helps protect your Azure resources from DDoS attacks. A DDoS attack
attempts to overwhelm and exhaust an application's resources, making the application
slow or unresponsive to legitimate users.
True or false: In an IaaS environment, the cloud tenant is responsible for routine hardware
maintenance.

False
(Correct)

True
Explications
In an IaaS environment, the cloud provider is responsible for any hardware maintenance.
Which of the following statements is true?

With Operating Expenses (OpEx), you are only responsible for the computing resources
that you use.
(Correct)

With Capital Expenses (CapEx), you are only responsible for the computing resources that
you use.

With Operating Expenses (OpEx), you are responsible for purchasing and maintaining
your computing resources
Explications
With Operating Expenses (OpEx), you are only responsible for the computing resources
that you use.
Which of the following can be used to manage governance across multiple Azure
subscriptions?

Azure initiatives

Management groups
(Correct)

Resource groups
Explications
Management groups facilitate the hierarchical ordering of Azure resources into
collections, at a level of scope above subscriptions. Distinct governance conditions can be
applied to each management group, with Azure Policy and Azure role-based access
controls, to manage Azure subscriptions effectively. The resources and subscriptions
assigned to a management group automatically inherit the conditions applied to the
management group.
You're a developer who needs to set up your first VM to host a process that runs nightly.
Which of the following tools is your best choice?

ARM templates

The Azure CLI

The Azure portal
(Correct)

Azure PowerShell
Explications
The Azure portal is a great place for newcomers to learn about Azure and set up their
first resources.
Image plus grande
How can Tailwind Traders most easily implement a deny by default policy so that VMs can't
connect to each other?

Allocate each VM on its own virtual network.

Create a network security group rule that prevents access from another VM on the same
network.
(Correct)

Configure Azure DDoS Protection to limit network access within the virtual network.
Explications
A network security group rule enables you to filter traffic to and from resources by
source and destination IP address, port, and protocol.
Image plus grande

What's the best way for Tailwind Traders to limit all outbound traffic from VMs to known
hosts?

Ensure that all running applications communicate with only trusted ports and hosts.

Configure Azure DDoS Protection to limit network access to trusted ports and hosts.

Create application rules in Azure Firewall.
(Correct)
Explications
Azure Firewall enables you to limit outbound HTTP/S traffic to a specified list of fully
qualified domain names (FQDNs).
A company wants to build a new voting kiosk for sales to governments around the world.
Which IoT technologies should the company choose to ensure the highest degree of security?

Azure Sphere
(Correct)

IoT Central

IoT Hub
Explications
Azure Sphere provides the highest degree of security to ensure the device has not been
tampered with.
At Tailwind Traders, recall that retail employees are issued tablet devices from which they
can track orders and plan their work schedules.
Tailwind Traders also allows delivery drivers to use their own mobile devices to access
scheduling and logistics applications.
A stolen password might allow unauthorized access to company and customer data. Tailwind
Traders wants to extend its investments in Active Directory to secure all of its applications,
when accessed both from the intranet and from public networks.
The company is looking into how Azure Active Directory (Azure AD), single sign-on (SSO),
multifactor authentication, and Conditional Access can help it achieve those goals.
How can the IT department reduce the number of times users must authenticate to access
multiple applications?

Conditional Access

SSO
(Correct)

Multifactor authentication
Explications
SSO enables a user to remember only one ID and one password to access multiple
applications.
You want to be alerted when new recommendations to improve your cloud environment are
available. Which service will do this?

Azure Service Health

Azure Monitor

Azure Advisor
(Correct)
Explications
Azure Advisor can alert you when new recommendations are available.
At Tailwind Traders, recall that retail employees are issued tablet devices from which they
can track orders and plan their work schedules.
How can the IT department ensure that employees at the company's retail stores can access
company applications only from approved tablet devices?

SSO


Conditional Access
(Correct)
Explications
Conditional Access enables you to require users to access your applications only from
approved, or managed, devices.
Which Azure compute resource can be deployed to manage a set of identical virtual
machines?

None of These

Virtual machine availability zones

Virtual machine scale sets
(Correct)

Virtual machine availability sets
Explications
Virtual machine scale sets let you deploy and manage a set of identical virtual machines.
Your company has a team of remote workers that need to use Windows-based software to
develop your company's applications, but your team members are using various operating
systems like MacOS, Linux, and Windows. Which Azure compute service would help resolve
this scenario?

Azure Container Instances

Azure App Service

Windows Virtual Desktop
(Correct)
Explications
Windows Virtual Desktop enables your team members to run Windows in the cloud,
with access to the required applications for your company's needs.
Which service lacks features to assign individual developers tasks to work on?

Azure Pipelines
(Correct)

GitHub

Azure Boards
Explications
Azure Pipelines is a CI/CD tool for building an automated toolchain. It lacks features to
assign tasks for individual developers to work on. However, it can automate other tools
to assign tasks to users.
Which of the following choices would not be used to automate a CI/CD process?

Azure Boards
(Correct)

Azure Pipelines

GitHub Actions
Explications
Azure Boards is an agile project-management tool. It would not be used to automate a
CI/CD process.
You want to orchestrate a workflow by using APIs from several well-known services. Which
is the best option for this scenario?

Azure Functions

Azure Logic Apps
(Correct)
Explications
Azure Logic Apps makes it easy to create a workflow across well-known services with
less effort than writing code and manually orchestrating all the steps yourself.
Which of the following features doesn't apply to resource groups?

Resource groups can be nested.
(Correct)

Resources can be in only one resource group.

Role-based access control can be applied to the resource group.
Explications
Resource groups can't be nested.
Which of the following choices isn't a benefit of using cloud services?

High availability

Disaster recovery

Geographic isolation
(Correct)

Scalability
Explications
You can choose to create resources in a single region; however, one of the primary
advantages to cloud computing is geographic distribution.
Which of the following choices isn't a cloud computing category?

Networking-as-a-Service (NaaS)
(Correct)

Infrastructure-as-a-Service (IaaS)

Software-as-a-Service (SaaS)

Platform-as-a-Service (PaaS)
Explications
NaaS isn't a cloud computing category.
At Sangam Traders, the legal and IT departments want to better understand how Microsoft
handles personal data. They also want to better understand how Azure services can help them
meet their compliance goals.
Where can the IT department find reference blueprints that it can apply directly to its Azure
subscriptions?

Azure compliance documentation
(Correct)


Online Services Terms
Explications
The compliance documentation provides reference blueprints, or policy definitions, for
common standards that you can apply to your Azure subscription.
You need to process messages from a queue, parse them by using some existing imperative
logic written in Java, and then send them to a third-party API. Which serverless option should
you choose?

Azure Functions
(Correct)

Azure Logic Apps
Explications
Azure Functions is the correct choice because you can use existing Java code with
minimal modification.
Your development team is interested in writing Graph-based applications that take advantage
of the Gremlin API. Which option would be ideal for that scenario?

Azure Cosmos DB
(Correct)


Azure SQL Database

Azure Databricks
Explications
Azure Cosmos DB supports SQL, MongoDB, Cassandra, Tables, and Gremlin APIs.
True or false: You need to purchase an Azure account before you can use any Azure
resources.

True
(Incorrect)

False
(Correct)
Explications
You can use a free Azure account or a Microsoft Learn sandbox to create resources.
You need to predict future behavior based on previous actions. Which product option should
you select as a candidate?


Azure Bot Service

(Correct)
Explications
Azure Machine Learning enables you to build models to predict the likelihood of a
future result. It should not be eliminated as a candidate.
Which service is a platform that powers Application Insights, monitoring for VMs, containers,
and Kubernetes?

Azure Monitor
(Correct)

Azure Advisor

(Incorrect)
Explications
Azure Monitor is the platform used by Application Insights.
Which of the following is a logical unit of Azure services that links to an Azure account?

Resource group

Management group
(Incorrect)

Azure subscription
(Correct)
Explications
An Azure subscription is a logical unit of Azure services that links to an Azure account.
Which service provides official outage root cause analyses (RCAs) for Azure incidents?

Azure Advisor

Azure Monitor

(Correct)
Explications
Azure Service Health provides incident history and RCAs to share with your
stakeholders.
Where can the legal team access information around how the Microsoft cloud helps them
secure sensitive data and comply with applicable laws and regulations?


Trust Center
(Correct)

Online Services Terms
Explications
The Trust Center is a great resource for people in your organization who might play a
role in security, privacy, and compliance.
What is the best infrastructure-as-code option for quickly and reliably setting up your entire
cloud infrastructure declaratively?

The Azure portal

The Azure CLI

ARM templates
(Correct)

Azure PowerShell
Explications
ARM templates are the best infrastructure-as-code option for quickly and reliably
setting up your entire cloud infrastructure declaratively.
Tailwind Traders, recall that retail employees are issued tablet devices from which they can
track orders and plan their work schedules.
How can the IT department use biometric properties, such as facial recognition, to enable
delivery drivers to prove their identities?

SSO

(Correct)

Conditional Access
Explications
Authenticating through multifactor authentication can include something the user
knows, something the user has, and something the user is.
Which of the following statements is a valid statement about an Azure subscription?

You can't have more than one subscription.

An Azure subscription is a logical unit of Azure services.
(Correct)

Using Azure doesn't require a subscription.
Explications
A subscription is a set of Azure services bundled together for tracking and billing
purposes.
What is the first step that you would take in order to share an image file as a blob in Azure
Storage?

Upload the image file and create a container.

Use a Shared Access Signature (SAS) token to restrict access to the image.

Create an Azure Storage account.
(Correct)

Create an Azure Storage container to store the image.
Explications
You must create an Azure Storage account before you can use any Azure Storage
features.
You want to send messages from the IoT device to the cloud and vice versa. Which IoT
technology can send and receive messages?

IoT Central

Azure Sphere

IoT Hub
(Correct)
Explications
An IoT hub communicates to IoT devices by sending and receiving messages.
Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the
Microsoft cloud. Which of the following choices isn't an ExpressRoute model that Tailwind
Traders can use?

Any-to-any connection

Point-to-point Ethernet connection

Site-to-site virtual private network
(Correct)

CloudExchange colocation
Explications
A site-to-site virtual private network isn't an ExpressRoute model.

Question 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Question 1

Uploaded by

Copyright:

Available Formats

Question 1 :

Here are some additional requirements that relate to regulatory compliance:

See the following diagram that shows the proposed architecture.

Image plus grande

Here are some additional requirements that relate to regulatory compliance:

See the following diagram that shows the proposed architecture.

Image plus grande

Here are some additional requirements that relate to regulatory compliance:

See the following diagram that shows the proposed architecture.

Image plus grande

Here are some additional requirements that relate to regulatory compliance:

See the following diagram that shows the proposed architecture.

Image plus grande

Image plus grande

Image plus grande

Image plus grande

You might also like