Qbank Quiz April 6, 2022: Question #1 of 42

AZ-900 Exam Simulation https://www.kaplanlearn.com/education/test/print/58416382?testId=204...
QBank Quiz April 6, 2022 Test ID: 204495171
Question #1 of 42 Question ID: 1425465
Your company’s Chief Financial Officer wants to have a tighter control on spending for the cloud infrastructure.
She wants to have a tool to apply data analysis to the existing monthly costs of Azure. An associate recommends
that she use Azure Advisor.
Will this solution meet the CFO’s needs?
A) Yes
B) No
Explanation
Azure Cost Management is a tool that can perform that task. Azure Advisor finds unused resources such as VMs
and receives recommendations about Azure reserved instance purchases. Azure Advisor does not apply data
analysis to the existing monthly costs of Azure.
Azure Cost Management consists of Cost Management + Billing, which is a suite of tools that optimizes, analyzes,
and manages your workload costs. You can use these tools to perform the following tasks:
Streamline bill paying tasks

Managing costs
Download cost and usage data from your invoice
Use data analysis to monthly costs
Limit spending through the use of thresholds
Find opportunities for changes in workloads that can reduce spending
Objective:
Describe Azure cost management and Service Level Agreements
Sub-Objective:
Describe methods for planning and management of costs
References:
Overview of Azure Cost Management + Billing | Microsoft Docs
Pricing Calculator | Microsoft Azure
1 av 60 06.04.2022, 12:51
Your company’s Chief Financial Officer wants to have a tighter control on spending for the cloud infrastructure.
She wants to have a tool to estimate the up-front costs associate with the Azure cloud. An associate recommends
that she use Azure Cost Management.
Will this solution meet the CFO’s needs?
A) Yes
B) No
Explanation
Azure Cost Management does not estimate your up-front cloud costs. The Azure Pricing Calculator is a tool that can
perform that task.
Azure Cost Management consists of Cost Management + Billing, which is a suite of tools that optimizes, analyzes,
and manages your workload costs. You can use these tools to perform the following tasks:
Streamline bill paying tasks

Managing costs
Download cost and usage data from your invoice
Use data analysis to monthly costs
Limit spending through the use of thresholds
Find opportunities for changes in workloads that can reduce spending
Objective:
Sub-Objective:
References:
Overview of Azure Cost Management + Billing | Microsoft Docs
Pricing Calculator | Microsoft Azure
2 av 60 06.04.2022, 12:51
Examine each statement and place the statement on the right into the Yes column if it is true. If it is false, place the
statement in the No column.
{UCMS id=5685239953227776 type=Activity}
Explanation
You should choose the following:
A Public Preview, not a Private Preview, is a service in beta that can be tried out by anyone with an Azure
subscription. A Private Preview is only available to specific Azure customers, but a Public Preview is available to all
Azure customers to evaluate the service.
General Availability (GA), not Public Preview, means the service is in production and can be used by anyone with an
Azure subscription. Public Preview is in beta at the time of this writing, not in production.
Services that are in Private Preview are generally less expensive than the services that are in GA. Services that are
in Private Preview are tested by specific customers. As an incentive to the customers to try and test the services,
the services are discounted.
Objective:
Sub-Objective:
Describe Azure Service Level Agreements (SLAs) and service lifecycles
References:
FAQ Azure Services
Azure - Access public and private preview features
Microsoft Azure > Supplemental Terms of Use for Microsoft Azure Previews
3 av 60 06.04.2022, 12:51
Your company plans to develop Artificial Intelligence applications. You need a tool to publish models as web
services that can be consumed by custom apps or BI tools such as Excel.
What should you use?
A) Azure Compute
B) Microsoft Azure Machine Learning Studio
C) Azure Machine Learning service
D) Azure Blockchain
Explanation
You would use Microsoft Azure Machine Learning Studio. This is a tool from Azure Machine Learning service that
allows you to have an interactive workspace, allowing you to create, test, and deploy predictive analytics solutions
with your data. This tool publishes models as web services that can be used in BI tools or custom applications.
You would not use Azure Machine Learning service. This service can train and manage learning models. This
service can be used to forecast future behaviors. The question asked is for the tool, not the service.
You would not use Azure Blockchain. This service allows you to configure a blockchain infrastructure. A blockchain
keeps a list of records that are linked by cryptography. A cryptographic hash keeps the timestamp of the transaction
data.
You would not use Azure Compute. Azure Compute is a hosting model for the computing resources that hosts your
applications.
Objective:
Describe core solutions and management tools on Azure
Sub-Objective:
Describe core solutions available on Azure
References:
Microsoft Azure > Studio > What is Machine Learning Studio (classic)?
4 av 60 06.04.2022, 12:51
The Nutex Corporation wants to migrate its on-premises applications and services to Azure. You are the analyst
tasked to investigate the benefits of this migration to Azure.
Which of the following statements about the Azure TCO Calculator is TRUE?
A) Azure TCO Calculator calculates on-premises infrastructure costs based

on three criteria: hardware, software, and networking costs.
B) Customers interested in migrating from on-premises deployments to Azure

must focus their calculations around the Compute, Storage, and Network
requirements on Azure in order to evaluate the costs accurately.
C) The Azure TCO Calculator application can be downloaded from the Azure
website.
D) The Azure Pipelines service is not available with the Azure Government
offering.
E) Azure TCO Calculator primarily evaluates the total cost incurred to migrate on-
premises application workloads to Microsoft Azure.
Explanation
Customers interested in migrating from on-premises deployments to Azure must focus their calculations around the
Compute, Storage, and Network requirements on Azure in order to evaluate the costs accurately.
Unfortunately, not all cloud TCO calculations are accurate enough to let you make an informed decision. Many are
ballpark estimates because they have failed to account for all performance metrics essential for rightsizing, and they
may rely on metrics that have been averaged instead of considering peaks and valleys. These imprecise
assessment methods may cause you to estimate a configuration scenario that is not suited to your performance
requirements.
Metrics such as peak CPU utilization, allocated and peak RAM usage, observed storage on-premises (capacity and
current occupancy), disk IOPS and bandwidth, throughput, and usage patterns must be analyzed. This approach
focuses on three areas: Compute, Storage, and Network.
The following statements are not true:
Azure TCO Calculator primarily evaluates the total cost incurred to migrate on-premises application workloads
to Microsoft Azure.
Azure TCO Calculator calculates on-premises infrastructure costs based on three criteria: hardware, software,
and networking costs.
The Azure TCO Calculator application can be downloaded from the Azure website.
Microsoft’s Azure Total Cost of Ownership (TCO) Calculator allows you to evaluate potential cost savings if you
migrate on-premises application workloads to Microsoft Azure. You must specify the details of your existing
5 av 60 06.04.2022, 12:51
infrastructure and various cost assumptions that you want the tool to work with. You receive a report that shows your
on-premises costs compared to Microsoft Azure costs. While you may get a report of cost savings, TCO will NOT
give you the total costs incurred to migrate on-premises application workloads to Microsoft Azure. TCO may allow
you to compare costs on databases, storage, and networking, but does NOT calculate the labor rate that may be
involved with the migration.
The Azure TCO Calculator calculates the on-premises infrastructure costs based on more than three criteria. It
takes the following costs into consideration:
Hardware
Software (for Windows as an OS)
Electricity
Data center
Networking
Disk storage
IT labor
Virtualization
Azure TCO Calculator is an online calculator that can be accessed on the Azure website. Customers can use it to
check their TCO but only the results can be downloaded.
At the time of this writing, Azure Pipelines service is not available with the Azure Government offering.
Objective:
Sub-Objective:
References:
Schneider > Microsoft Azure Total Cost of Ownership (TCO) Calculator
Cloud vs. On-Premises: Cost (TCO) Calculator
The Two Cloud TCO Calculation Mistakes You Didn’t Know You Were Making (And What They Can Cost You)
The Nutex Corporation wants to adopt Azure to deploy applications and resources. You are the Azure administrator
and you need to buy some Azure service. First you need to understand the level definitions of the Azure services.
Match the service level definition on the left with its appropriate service on the right.
6 av 60 06.04.2022, 12:51
Explanation
You would map the service level definitions with the services as follows:
For virtual machines, the main issue is downtime. You want to ensure that the data, application, or service on the
virtual machine is available.
Of the available choices, "Read Error Rate" would apply to Azure Cosmos DB. Azure Cosmos DB is a database
service with global distribution and multi-master replication. For Azure Cosmos DB, the Read Error Rate is the total
number of Failed Read Requests divided by the number of Total Read Requests across all resources in an Azure
subscription during a given one-hour interval. If the Total Read Requests in the interval is zero, the Read Error Rate
for that interval will be 0%.
Of the available choices, "Failover Minutes" would apply to Azure Site Recovery. Azure Site Recovery can be used
for disaster recovery by replicating workloads running on physical and virtual machines to a secondary location. For
Azure Site Recovery, Failover Minutes is the total number of minutes in a billing month during which a failover of a
protected instance configured for On-Premises-to-On-Premises replication has been attempted but not completed.
Of the available choices, "Deployment Minutes" would apply to Traffic Manager. Traffic Manager routes incoming
traffic for high performance and high availability with multiple automatic failover options. For the Traffic Manager
service, Deployment Minutes is the total number of minutes that a given Traffic Manager Profile has been deployed
in Microsoft Azure during a billing month.
Objective:
7 av 60 06.04.2022, 12:51
Sub-Objective:
References:
Microsoft Azure > Service Level Agreements
Your organization has offices in multiple locations in France. Teams are distributed across the country. Your
organization uses a private cloud storage solution to synchronize work-related data and make it available to
employees across locations. Employees must manually synchronize the data on the cloud with that on their
computers.
You are asked to plan for a solution that automatically synchronizes data, reduces costs and eliminates the
dependency on Internet speeds to synchronize data. You plan to use Azure File Storage.
Which of the following are mandatory requirements to implement Azure File Storage and accomplish the goal of the
plan? (Select all that apply.)
A) Create a Sync Group and add the on-premises servers as Server

Endpoints on the Azure portal.
B) Create ExpressRoute circuit(s) for the Azure File Sync solution.
C) Create an Azure File Share on the Azure portal.
D) Deploy Azure File Sync on the on-premises servers.
E) Install Windows Deployment Services on-premises
F) Register the on-premises servers with the Storage Sync Service.
G) Prep on-premises servers that meet the requirements to deploy Azure File
Sync.
Explanation
The following are mandatory requirements:
Deploy Azure File Sync on the on-premises servers.

Create an Azure File Share on the Azure portal.
Prep on-premises servers that meet the requirements to deploy Azure File Sync.
Register the on-premises servers with the Storage Sync Service.
Create a Sync Group and add the on-premises servers as Server Endpoints on the Azure portal.
One of the purposes of Azure File Storage is for file shares in the cloud. You can use Azure File Storage to create
8 av 60 06.04.2022, 12:51
file shares without worrying about overhead of a physical server, device, or appliance. The following are the steps
you must perform to set up Azure File Storage and the planned solution:
1. Create a File Share by using the Azure portal, PowerShell, or CLI and specify the maximum limit of the File
Share.
2. Identify servers or on-premises virtual machines that will synchronize and download the files to the on-premises
locations by using Azure File Sync.
Although Azure File Sync is not a mandatory requirement to use Azure File Storage effectively, in the desired
solution for this question, automatic synchronization, caching and reducing bandwidth costs, and eliminate
dependency on Internet speeds. So, Azure File Sync must be used.
First, deploy Azure File Sync agent on the on-premises resources you’ve prepped. Next, register the on-premises
servers with the Storage Sync service to establish a trust relationship. Lastly, create a Sync Group to define the
sync topology for a set of files. Endpoints within a sync group are kept in sync with each other.
A sync group must contain one cloud endpoint, which represents an Azure file share and one or more server
endpoints. Also, add the on-premises servers as the Server Endpoints.
Azure ExpressRoute is not a mandatory requirement. Azure ExpressRoute is a feature that allows you to extend
your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider.
So, this is NOT a mandatory requirement to make Azure File Storage and Azure File Sync.
Windows Deployment Services (WDS) is not a mandatory requirement. WDS is a server role that allows you to
deploy Windows operating systems remotely.
Objective:
Describe core Azure services
Sub-Objective:
Describe core resources available in Azure
References:
Azure > Files > Deploy Azure File SyncAzure > Storage > Deploy Azure File Sync
Azure > ExpressRoute > Create and modify an ExpressRoute circuit
You are the administrator of the Nutex Corporation. You build a Web API 2 HTTP API (hosted on-premises) for the
NutexApp application, which is responsible for managing shipping orders. The identity management for the app has
to be outsourced to Azure Active Directory B2C.
9 av 60 06.04.2022, 12:51
Service consumers will rely on Azure Active Directory B2C to add features to the app that will support sign up and
sign-in for new accounts using identity providers like Facebook, Google, Amazon, LinkedIn, or using Microsoft
accounts. Users should be able to sign in with their individual credentials. The consumer does not have to edit the
profile attribute, but you want to allow the option to reset the password.
Which kind of policies should you create to meet the requirements with the least amount of effort? (Choose two.)
A) Sign-in policy
B) Profile editing policy
C) Sign-up or sign-in policy
D) Password reset policy
E) Sign-up policy
Explanation
You should create a sign-up or sign-in policy and a password reset policy. The sign-up or sign-in policy controls the
consumer sign-up and sign-in experiences with a single policy. The sign-up or sign-in policy allows users to choose
the right path for either sign-up or sign-in with identity provider credentials, depending on the context. This policy
also describes the contents of tokens used for sign-ups or sign-ins from the application.
The password reset policy allows you to enable a fine-grained password reset on your application. Note that the
tenant-wide password reset option that has been specified is still applicable for sign-in policies.
After creating a sign-in policy (with local accounts) or a sign-up policy, the user should see on the first page of the
experience a link for "Forgot Password" reminder. If the user clicks the link, the link will not automatically trigger a
password reset policy. It will generate a specific error code AADB2C90118, which is returned back to your app. You
must write logic into your app to handle this error and invoke a specific password reset policy.
You should not configure a separate sign-in policy and a separate sign-up policy. For the least administrative effort,
you should configure a sign-in or sign-up policy.
You should not create a profile editing policy. In this scenario, you do not have to edit the profile attribute. The profile
editing policy enables profile editing on your application. This policy describes the experiences that consumers will
go through during profile editing, to edit profiles, and to view the contents of tokens that the application will receive
on successful completion.
Objective:
Describe identity, governance, privacy, and compliance features
Sub-Objective:
Describe core Azure identity services
10 av 60 06.04.2022, 12:51
References:
Azure > Active Directory B2C > Azure AD B2C: Build a Windows desktop app
Azure > Active Directory B2C > Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in,
profile edit, and password reset
The Nutex Corporation wants to use Azure Key Vault to encrypt the cloud resources, apps, and solutions they use
on Azure. This is to ensure that security requirements are met.
Which of the following statements about Azure Key Vault are TRUE? (Select all that apply.)
A) When a service threshold is exceeded, Azure Key Vault limits any further
requests from that client for a period of time and returns HTTP status code 408
(Request Timeout).
B) If an Azure region is down and unavailable, the requests made to an

Azure Key Vault in that region are automatically routed (failed over) to a
secondary region and all requests are processed.
C) A backup of a key taken from a key vault in one Azure location can be
restored to a key vault in another Azure location if both key vaults belong
to the same Azure subscription.
D) Exchange Online and SharePoint Online are trusted services that can access
the Azure Key Vault if the Allow trusted services option is enabled.
E) Azure Key Vaults and Key Vault objects that were accidentally deleted can only
be recovered from the Azure portal.
Explanation
The following statements are true:
A backup of a key taken from a key vault in one Azure location can be restored to a key vault in another Azure
location if both key vaults belong to the same Azure subscription. Both Azure locations would also have to be in
the same geographical location.
Exchange Online and SharePoint Online are trusted services that can access the Azure Key Vault if the Allow
trusted services option is enabled.
The following services are trusted services that can access the Azure Key Vault if the Allow trusted services
option is enabled:
11 av 60 06.04.2022, 12:51
Azure Virtual Machines deployment service

Azure Resource Manager template deployment service
Azure Disk Encryption volume encryption service
Azure Backup
Exchange Online and SharePoint Online
Azure Information Protection
Azure App Service
Azure SQL Database
Azure Storage
Azure Data Lake Storage
Azure Databricks
Azure Key Vaults and Key Vault objects that were accidentally deleted CANNOT be recovered from the Azure portal.
They can only be recovered through the CLI or PowerShell.
Azure Key Vault supports the Throttling feature to limit the number of concurrent calls to prevent the overuse of
resources. Key Vault limits any further requests from that client for a period of time after a service threshold is
exceeded. When this happens, an HTTP status code 429 (too many requests) is issued by the Key Vault and the
requests fail. These failed requests count towards the throttle limits tracked by Key Vault.
If an Azure region is down and unavailable, the requests made to an Azure Key Vault in that region are
automatically routed (failed over) to a secondary region, but the key vault will be in read-only mode. Only the
following requests are supported:
List key vaults

Get properties of key vaults
List secrets
Get secrets
List keys
Get (properties of) keys
Encrypt
Decrypt
Wrap
Unwrap
Verify
Sign
Backup.
Objective:
Describe security, privacy, compliance, and trust
12 av 60 06.04.2022, 12:51
Sub-Objective:
Describe Azure security features
References:
Microsoft Azure > Key Vault > Azure Key Vault soft-delete overview
Microsoft Azure > Key Vault > Azure Key Vault security worlds and geographic boundaries
Microsoft Azure > Key Vault > Azure Key Vault throttling guidance
Microsoft Azure > Key Vault > Azure Key Vault availability and redundancy
Microsoft Azure > Key Vault > Virtual network service endpoints for Azure Key Vault
Microsoft Azure has datacenters in several locations in North America, Europe, and Asia.
Which of the following statements describes an Azure region?
A) A geographical area containing at least one, but potentially multiple,

datacenters that are in close proximity and networked together through the
Internet
B) A geographical area containing more than one datacenter in close proximity

networked together with a low-latency network
C) A geographical area containing one or more datacenters networked

together with a low-latency network and are in close proximity
D) A geographical area containing only one datacenter
Explanation
An Azure region is a geographical area containing one or more datacenters that are networked together with a low-
latency network and are in close proximity.
Azure has some special regions used for compliance or legal purposes:
Regions such as US DoD Central, US Gov Virginia, and US Gov Iowa are physical and logical network-isolated
instances of Azure for use by US government agencies and their partners. They are operated by screened US
persons. These regions contain additional compliance certifications.
Regions are available in Asia, China East, China North, and certain other countries through a unique
partnership between Microsoft and 21Vianet. Microsoft does not directly maintain the datacenters.
Germany Central and Germany Northeast regions are available through a data trustee model whereby customer
13 av 60 06.04.2022, 12:51
data remains in Germany under control of T-Systems, a German Telekom company, acting as the data trustee.
Any user or enterprise that needs their data to reside in Germany can use this service.
Azure has regional pairing, which are two or more regions within the same geography. The lone exception is Brazil
South, which is not paired with another region in the same geography. With regional pairing, platform updates
(planned maintenance) are performed so that only one paired region is updated at a time. At least one region in
each pair will be prioritized for recovery in the event of an outage affecting multiple regions.
Some services or virtual machine features are only available in certain regions.
Objective:
Sub-Objective:
Understand the core Azure architectural components
References:
YouTube video > AZ900T01 M2L2 Regions Jan19
Microsoft Azure > Azure global infrastructure > Azure Regions
Microsoft Azure > Business continuity and disaster recovery (BCDR): Azure Paired Regions > What are paired
regions?
The Nutex Corporation is anticipating that they will participate in the Reviews program from Azure to evaluate the
new features that Microsoft releases for Azure.
Which of the following statements about Azure’s Reviews program is TRUE? Choose two.
A) Once you turn on the Preview feature on the Azure portal, you cannot turn it
off.
B) Features in Private Preview are available to all Azure customers.
C) You can find the list of Preview features on the

https://azure.microsoft.com/en-us/updates/ page.
D) Features in Public Preview are available to all Azure customers as part of

their default Azure product set.
Explanation
14 av 60 06.04.2022, 12:51
You can navigate to the https://azure.microsoft.com/en-us/updates/ page to activate specific preview features. The
features that are available for evaluation are listed on this page. Click the Try it button to preview a relevant feature.
It is not true that once you turn on the Preview feature on the Azure portal, you cannot turn it off. To turn off preview
features, open the New blade and type the word “preview”. This will list the available preview features. Each feature
with the word enabled next to it has been activated. Choose disable to turn off a preview feature.
It is true that features in Public Preview are available to all Azure customers as part of their default Azure product
set. A Public Preview Azure feature is available to any user with an Azure subscription for evaluation purposes.
Previews can be enabled through the preview features page.
It is not true that features in Private Preview are available to all Azure customers. A Private Preview Azure feature is
available only to specific Azure subscribers for evaluation purposes. Azure customers are invited to evaluate the
features and the invitation is issued directly by the product team responsible for the new feature or service.
Objective:
Sub-Objective:
References:
Access public and private preview features – daryusman (wordpress.com)
Microsoft Azure > Supplemental Terms of Use for Microsoft Azure Previews
The Nutex Corporation needs to create, assign, and manage policies.
Which of the following statements about Azure Policy are TRUE? (Choose two.)
A) A new Policy Definition can be added from the PowerShell by using the
New-PolicyDefinition cmdlet.
B) Remediation tasks created to remediate non-compliant resources use the

Audit policy effect.
C) A virtual machine that does not log into a specified Log Analytics workspace is
deemed non-compliant.
D) A Policy Definition is a collection of Initiative Definitions that achieve a common

goal.
15 av 60 06.04.2022, 12:51
E) Guest Configuration uses Desired State Configuration v2 to audit the

settings of a Windows virtual machine.
Explanation
Guest Configuration uses Desired State Configuration v2 to audit the settings of a Windows virtual machine.
A virtual machine that does not log into a specified Log Analytics workspace is deemed non-compliant.
Azure Policy can audit settings inside a machine. The validation is performed by the Guest Configuration extension
and client. The extension, through the client, validates settings such as the configuration of the operating system,
the configuration of the application, and the environment settings. To audit settings inside a machine, a virtual
machine extension is enabled. The extension downloads applicable policy assignment and the corresponding
configuration definition. You can use the Microsoft Desired State Configuration v2 utility to audit the settings of a
Windows virtual machine.
Virtual machines are deemed as noncompliant if they are logging to the Log Analytics workspace specified in the
policy or initiative assignment. Azure Monitor feature reports this.
A Policy Definition is not a collection of Initiative Definitions that achieve a common goal. A Policy Definition contains
the conditions under which it is enforced and a defined effect that takes place if the conditions are met. An Initiative
Definition is a collection of policy definitions that are tailored towards achieving a singular overarching goal.
The cmdlet used to add a new Policy Definition is New-AzPolicyDefinition not the New-PolicyDefinition cmdlet.
The New-PolicyDefinition cmdlet is a legacy cmdlet that is not used any more to create policy definitions.
Remediation tasks created to remediate non-compliant resources do not use the Audit policy effect. Resources that
are non-compliant to a deployIfNotExists policy can be put into a compliant state through Remediation. Remediation
is accomplished by instructing Azure Policy to run the deployIfNotExists effect or the tag operations of the assigned
policy on your existing resources. The Audit policy effect generates a warning event in the activity log but doesn't fail
the request.
Objective:
Sub-Objective:
Describe Azure governance features
References:
Azure > Overview of the Azure Policy service
Azure > Policy > Understand Azure Policy's Guest Configuration
16 av 60 06.04.2022, 12:51
Azure > Policy > Understand Azure Policy effects
Azure > Enable Azure Monitor for VMs (preview) by using Azure Policy
Azure > Remediate non-compliant resources with Azure Policy
You are the administrator of the Nutex Corporation. Your Sales department's users report that they always have to
use their smartcards and PIN to access their Azure AD applications, named App1, App2, and App3. Users are not
allowed to use app passwords for Outlook, which is installed locally on their computers.
They can access the applications from inside the company from the internal subnet without problem. When they are
traveling outside the office, they want to access these three apps without their smartcard and PIN if they are in the
corporate intranet.
What setting should you configure?
A) Skip multi-factor authentication for requests from federated users on my

intranet.
B) Allow users to create app passwords to sign in to non-browser apps.
C) Allow users to suspend MFA authentication by causing a device to be

remembered.
D) Skip multi-factor authentication for requests from following range of IP address

subnets.
Explanation
You have to set Skip multi-factor authentication for requests from federated users on my intranet under Multi-
factor authentication in the Azure management portal allows the Sales department user to access the applications
App1, App2 and App3 without using their smartcard & PIN, if they are in the company intranet network.
17 av 60 06.04.2022, 12:51
You do not have to set Allow users to create app passwords to sign in to non-browser apps under Multi-factor
authentication in the Azure management portal. If a user has been enabled for multi-factor authentication and the
user attempts to use a non-browser app, he will be unable to do so. An app password allows a user to sign in to a
non-browser app. In this scenario, the apps are browser-based apps and you want the Sales department users to
access the applications without MFA if they are in the intranet. App passwords will not achieve this objective.
You do not have to set Skip multi-factor authentication for requests from following range of IP address
subnets because the sales department users want to access the application from the intranet, not from a specific
subnet. This setting contains an IP whitelist you can use to define a subnet or range of subnets that grant access to
18 av 60 06.04.2022, 12:51
the application without multi-factor authentication.
You do not have to set Allow users to suspend MFA authentication by causing a device to be remembered
because when the admin enables this feature, end users can choose to have Azure AD remember the device and
browser they are signing in from when completing a successful MFA. The MFA suspension lasts between 1 to 60
days based on administrator configuration. The feature is available for all flavors of Azure multi-factor authentication,
including multi-factor authentication for Office 365 and multi-factor authentication for Azure admins.
Objective:
Sub-Objective:
References:
TechNet Blogs > Enhancing Azure MFA with Contextual IP Address Whitelisting
TechNet Blogs > Suspend MFA on a Remembered Device now in Preview!
Azure Documentation > Multi-Factor Authentication > Configuring Azure Multi-Factor Authentication
Azure Documentation > Azure Active Directory > Authentication Scenarios for Azure AD
You have an important application with a lot of online transactions where the application performs many small
transactions at a low latency level.
What storage account type will you suggest for this application?
A) Hot
B) Premium block blobs
C) Archive
D) Standard general-purpose v2
E) Cool
Explanation
You would select Premium block blobs because it is ideal for sensitive applications with high throughput, such as
online transactions, and is suited for workloads where an application performs many small transactions at a low
19 av 60 06.04.2022, 12:51
latency level.
You should not choose Standard general-purpose v2. This storage account type is used for file shares, blobs,
queues, and tables. It can be used for most applications, but not recommended for sensitive applications with high
throughput, such as online transactions.
Hot, cool, and archive are not storage account types, but are access tiers:
Hot – tier used for data that is frequently accessed. It is more expensive to store data here compared to the
Cool and Archive tiers, but cheaper to access.
Cool – tier used for storing less frequently accessed data, such as archived files, backups, and raw or
unprocessed data. Cool is designed for data that is likely to be stored for at least 30 days. Cool storage costs
less than Hot storage per GB.
Archive –the most cost-effective tier for storing data but is typically more expensive for data retrieval than Hot
and Cool tiers. Archive is designed for data that is likely to be stored for at least 180 days, and for systems or
scenarios where retrieval latency can be tolerated.
Objective:
Sub-Objective:
Describe core resources available in Azure
References:
Microsoft Azure > Storage > Blobs > Performance tiers for block blob storage
Metroil Corporation's developers have been using Microsoft Team Foundation Server (TFS) on-premises as part of
their collaborative software development tools. As Metroil's other IT areas have been moved to the Azure cloud, the
developers are considering the same. As their consultant, you suggest that Azure DevOps Services meet, and in
fact, exceed their current capabilities.
Match the functionalities to the DevOps service that delivers them.
Explanation
20 av 60 06.04.2022, 12:51
Azure Test Plans let you improve code quality using planned and exploratory testing services. You can test across
both desktop and web apps to assess quality throughout the development lifecycle.
Azure Boards allow you to track ideas with team dashboards and custom reporting. You can track Kanban boards
and backlogs. You can add over a thousand extensions from the Extensions Marketplace.
Azure Pipelines let you continuously build, test, and deploy to any platform. You can automate your builds and
deployments. Azure Pipelines are cloud-hosted, but you can deploy to both cloud and on-premises.
Azure Repos offers unlimited private Git repository hosting. Repos allows you to collaborate to build better code.
You can add fully integrated package management to your repository.
Azure Artifacts is designed to easily share code packages across your development teams. You can add fully
integrated package management to your continuous integration/continuous delivery pipelines.
Azure Kubernetes is orchestration software used for deploying and managing containers. It is not a DevOps service.
Note that Team Foundation Server is now called Azure DevOps Server. It is the on-premises set of collaborative
software development tools.
Objective:
Sub-Objective:
References:
Azure DevOps > Get started > Start using Azure DevOps > What is Azure DevOps?
Azure DevOps
21 av 60 06.04.2022, 12:51
The worldwide growth of Verigon Corporation has more than doubled its Azure subscriptions and resource usage.
The increased complexity has made it difficult to forecast departmental expenses. Verigon needs a more granular
method to track individual Azure resource usage costs by department.
What do you suggest as the first cost management step to obtain this information?
A) Create a resource group for each department.
B) Under Cost Management in the Azure Portal, choose Cost Analysis.
C) Create a management group for each department.
D) Under Cost Management in the Azure Portal, create a monthly budget for
each department.
E) Use the Azure portal to apply a tag to each resource.
Explanation
Verigon needs to first tag each resource so it can be associated with the appropriate project and/or department.
Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the
same tag to multiple resources and resource groups. Tags can be applied via the portal, the Azure (CLI) command-
line interface, or the Powershell New-AzTag cmdlet. The Tag Contributor role, or higher, is needed for access.
Creating a budget under Cost Management would be a good way to monitor subscription usage and costs.
However, resources must be tagged as the first step in correlating the data in cost reporting.
A resource group is a container that holds related resources for an Azure solution. It is not designed for cost tracking
or management. However, a tag can be assigned to a resource group.
A management group is a container used for more efficient control subscriptions. That is not the focus of this
scenario.
Choosing Cost Management, Cost Analysis would be a good way to monitor subscription usage and costs.
However, resources must be tagged as the first step in correlating the data in cost reporting.
Objective:
22 av 60 06.04.2022, 12:51
Sub-Objective:
References:
Azure > Cloud Adoption Framework > Reference > Decision guides > Resource naming and tagging decision guide
Azure > Resource Manager > Management > Use tags to organize your Azure resources and management
hierarchy
The Nutex Corporation needs to track and verify the organization's regulatory compliance activities related to Office
365. Nutex plans to use Azure Compliance Manager.
Which of the following statements about Azure Compliance Manager are TRUE? Drag the statement from the left to
the appropriate column on the right.
Explanation
Azure Compliance Manager is a workflow-based risk assessment tool that lets you track, and assign regulatory
compliance activities related to Microsoft 365, Office 365, or Azure Active Directory subscription. Compliance
Manager is free and provides you with a holistic view of your data protection and compliance posture when using
Microsoft cloud services. With Compliance Manager, you can assess your organization’s Office 365 compliance
posture for ISO 27001, ISO 27018, and the GDPR, apply recommended actions to improve your data protection
23 av 60 06.04.2022, 12:51
capabilities and compliance posture, and streamline compliance and auditing workflow with the built-in control
management and audit-ready reporting tools.
The statement “Compliance Manager can assess only Office 365.” is not true. It can track Microsoft 365 and Azure
Active Directory as well.
Compliance Score is an intelligent scoring feature that is calculated based on the analysis of the controls for the
impact to the confidentiality, availability, and integrity of protected data, as well as external drivers in order to weigh
controls based on their impact. Compliance Score is currently available ONLY for Office 365 Assessments.
The statement “ Compliance Manager includes two types of controls – Microsoft Managed Controls and Customer
Managed Controls.“ is true. Compliance is a shared responsibility between Microsoft and its customers. Microsoft
maintains, implements, and tests information associated with the Microsoft Managed Controls. Customers must
manage, implement and test information associated with the Customer Managed Controls.
The statement “Compliance Manager can provide the compliance posture of Microsoft and non-Microsoft services
hosted on Microsoft Azure.” Is false. Compliance Manager does NOT assess non-Microsoft products.
Compliance Score is not derived from two key factors. Compliance Score is based on three key factors: the essence
of the control, the level of risk of the control based on the kinds of threats, and the external drivers for the control.
It is not true that Compliance Manager can assess only Office 365. Compliance Manager can assess Microsoft 365,
Office 365, or Azure Active Directory subscription.
Objective:
Sub-Objective:
Describe privacy and compliance resources
References:
Service Trust Portal FAQ
Microsoft 365 > Use Compliance Manager to help meet data protection and regulatory requirements when using
Microsoft cloud services
Your company needs to increase or decrease resources for a workload. You need to provide additional resources to
service a workload, or add additional capabilities to manage an increase in demand to the existing resource. The
provision of additional resources does not have to be done automatically.
24 av 60 06.04.2022, 12:51
Which cloud feature is needed in this scenario?
A) Disaster recovery
B) Scalability
C) Fault tolerance
D) Agility
E) High availability
F) Elasticity
G) Economy of scale
Explanation
You would choose scalability. This feature can increase (scale-up) or decrease (scale-down) resources that are
assigned to a workload. As demand increases, you can add additional resources or capabilities to manage the
increase in demand (known as scaling up). Scalability does not have to be done automatically.
You would not choose high availability. This feature allows services to run for extended periods, with very little
downtime, depending on the service.
You would not choose elasticity. This feature increases or decreases resources as needed, but unlike scalability,
elasticity is done automatically. Elastic resources are based on the current needs and resources are added or
removed dynamically to meet those needs, from the most advantageous geographic location. A distinction between
scalability and elasticity is that elasticity is done automatically.
You would not choose agility. Agility is the ability to react quickly. Cloud services can allocate and deallocate
resources quickly. These are on-demand services that are provisioned in minutes. There is no manual intervention
in provisioning or deprovisioning services.
You would not choose fault tolerance. Fault tolerance is the ability to remain up and running in the event of a
component or service that is no longer functioning. Typically, redundancy is built into cloud services architecture so
that if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.
You would not choose disaster recovery. This feature allows you to recover from a cloud service outage caused by
an event. Cloud services disaster recovery can happen very quickly with automation, with resources being readily
available for use.
You would not choose economy of scale. The concept of economy of scale is the ability to do business cheaper and
more efficiently when operating on a larger scale, in comparison to operating on a smaller scale.
Objective:
Cloud Computing Concepts
25 av 60 06.04.2022, 12:51
Sub-Objective:
Describe the benefits and considerations of using cloud services
References:
Agility on Cloud - A Vital Part of Cloud Computing - Sysfore Blog
TutorialsPoint > Microsoft Azure - Scalability
Wiki > High Availability
IBM Knowledge Center > High availability versus fault tolerance
YouTube Video > AZ900T01 M1L1 CloudServices Jan19
The Nutex Corporation wants to migrate apps to Azure. Before the migration, they want you to create security rules
to filter traffic in and out of their network.
Which of the following statements about the Azure network security groups are TRUE? (Choose three.)
A) Flow logs do not work with storage accounts if the storage accounts
have a firewall enabled.
B) Azure provides diagnostics to track the number of times a rule has been
applied.
C) Network security groups cannot be moved between Azure regions.
D) Rules with higher priority numbers are processed before the ones with lower
priority numbers.
Explanation
Azure provides diagnostics to track the number of times a rule has been applied.
Flow Logs do not work with storage accounts if the storage accounts have a firewall enabled.
Network security groups cannot be moved between Azure regions.
A network security group includes rules that allow or deny traffic to a virtual network subnet, network interface, or
both. When diagnostic logging is enabled for a network security group, categories of information can be obtained for
Event (entries for which rules are applied to VMs, based on MAC address), and Rule counter (the number of times a
rule has been applied to deny or allow traffic). The status of these rules is collected every 60 seconds.
26 av 60 06.04.2022, 12:51
A network security group filters inbound traffic to and outbound traffic from a virtual machine. Network traffic that
flows through a network security group can be logged by using the Network Watcher's NSG flow log capability.
Network security group flow log data is written to an Azure Storage account. Flow Logs do not work with storage
accounts if the storage accounts have a firewall enabled, or if the storage accounts have hierarchical namespace
enabled.
You can create a new network security group in one region and associate it with the resources in another, target
region. Network security group configuration can be exported from a region and deployed as a template to create a
network security group in another region. However, the network security group itself cannot be moved between
Azure regions.
It is not true that rules with higher priority numbers are processed before the ones with lower priority numbers. The
opposite is true. Priority is a property of the network security group that can be assigned values between 100 and
4096. Rules are processed in priority order, with lower numbers processed before higher numbers, because lower
numbers have higher priority. Once traffic matches a rule, processing stops. As a result, rules with lower priorities
(higher numbers) that have the same attributes as rules with higher priorities are not processed.
Objective:
Sub-Objective:
Describe Azure network security
References:
Microsoft Azure > Virtual Network > Security groups
Microsoft Azure > Virtual Network > Diagnostic logging for a network security group
Microsoft Azure > Virtual Network > Tutorial: Log network traffic to and from a virtual machine using the Azure portal
Microsoft Azure > Virtual Network > Move Azure network security group (NSG) to another region using the Azure
portal
The Nutex Corporation wants to implement Azure locks to prevent administrators from accidentally deleting
subscriptions and resources.
Which of the following statements about Azure locks are TRUE? (Choose two.)
27 av 60 06.04.2022, 12:51
A) Applying an Azure lock to a parent scope enforces the lock on the

resources within the scope.
B) Only Owner and User Access Administrator roles are granted

permissions to create or delete Azure locks.
C) A CanNotModify lock prevents a user from modifying a resource but the user is
able to delete the resource.
D) Applying an Azure lock to an Azure database permits changes but not

operations on the resource.
E) A user with the appropriate permissions to modify or delete a resource can

override an Azure lock and modify or delete a resource.
Explanation
Only Owner and User Access Administrator roles are granted permissions to create or delete Azure locks.
These are the only roles which have access to Microsoft.Authorization/* and
Microsoft.Authorization/locks/* actions by which locks can be created and deleted.
Applying an Azure lock to a parent scope enforces the lock on the resources within the scope. When you apply
a lock to a parent scope, all resources within that scope inherit the same lock, even if they are added after the
lock was applied. The most restrictive lock in the inheritance takes precedence.
Azure locks apply only to operations that occur in the management plane. Resource operations are not restricted;
only resource changes are restricted. For example, a ReadOnly lock on an SQL Database does not prevent users
from creating, updating, or deleting data in the database. It only prevents them from deleting or modifying the
database.
Even if a user has all the permissions allowed in Azure, they cannot bypass or override the Azure locks. Azure locks
are not bound to RBAC permissions.
CanNotModify is not a valid type of Azure lock. There are two types of Azure locks, ReadOnly and CanNotDelete.
ReadOnly locks make the resource read-only, no changes can be made to the resource and it cannot be deleted.
CanNotDelete locks prevent a resource from being deleted, although it can be modified.
Objective:
Sub-Objective:
References:
28 av 60 06.04.2022, 12:51
Microsoft Azure > Resource Manager > Lock resources to prevent unexpected changes
TechGenix > Don’t be this guy: Avoid accidental deletions with Microsoft Azure locks
Which Azure feature makes the use of AI possible?
A) Azure Functions
B) Azure Machine Learning Studio
C) Azure CAPEX
D) Azure Cosmos DB
Explanation
Azure Machine Learning Studio is a visual tool that incorporates drag and drop functionality that builds, tests, and
deploys predictive analytics (using AI).
Azure Functions allows you to write serverless code in your language of preference to handle events at scale, with
minimal overhead and cost. It does not make the use of AI possible.
Azure Cosmos DB is a NoSQL database that can be used when developing apps. It does not make the use of AI
possible.
CAPEX is an expenditure model not unique to Azure. In this model, you pay upfront for services and hardware, and
the cost remains constant regardless of how efficiently you use the resources.
Objective:
Sub-Objective:
References:
Azure Product Documentation > Azure Machine Learning > Overview > What is Azure Machine Learning studio?
Your company has a Microsoft 365 subscription. The company has over 100 users that will use Microsoft 365. This
29 av 60 06.04.2022, 12:51
is an example of which of the following types of cloud services?
A) IaaS
B) SaaS
C) FaaS
D) PaaS
Explanation
You would choose Software as a service (SaaS). SaaS is software that is hosted in the cloud and managed by the
cloud provider for the customer. The customer can configure the software according to their needs. SaaS allows
users to connect to and use cloud-based apps over the Internet. Common examples are email, calendars, and office
tools. SaaS is typically licensed through a monthly or annual subscription. Microsoft Office 365 is an example of
SaaS software.
You would not choose Infrastructure as a service (IaaS). IaaS is a category of cloud computing services that is used
by many cloud providers. With IaaS, you pay for resources such as servers, virtual machines (VMs), storage,
networks, and operating systems from a cloud provider on a pay-as-you-go basis. These resources are provisioned
and managed over the Internet.
You would not choose Platform as a service (PaaS). PaaS provides a company with an environment for developing,
running, debugging, testing, patching, and deploying software applications. PaaS allows you to quickly create an
application without having to worry about managing the underlying infrastructure. PaaS eliminates the need to install
an operating system, web server, server patches, or other infrastructure to create applications. PaaS creates a
complete deployment environment in the cloud that has tools to deliver simple cloud-based apps or sophisticated
cloud-enabled enterprise applications. The tools and resources are purchased from the service provider on a pay-
as-you-go basis.
You would not choose Function as a service (FaaS). This type of service uses a service-hosted remote procedure
call. It uses serverless computing in the cloud to enable deployment of the functions that run in response to events
that occur in the cloud.
Objective:
Sub-Objective:
Describe the differences between categories of cloud service
References:
YouTube video > AZ900T01 M1L3 TypesofCloudServices Jan19
Microsoft Azure > Overview > What is IaaS?
30 av 60 06.04.2022, 12:51
Microsoft Azure > Overview > What is PaaS?
Microsoft Azure > Overview > What is SaaS?
The Nutex Corporation has deployed multiple subscriptions and multiple resources and resource groups on Azure.
You are part of the Azure management team who must simplify policy management on Azure.
Which of the following statements about the Initiatives feature in Azure are TRUE? (Choose three.)
A) Initiative parameters help simplify initiative management by reducing

redundancy.
B) The scope for an initiative definition must either be a management group

or a subscription.
C) An initiative definition is a collection of policy definitions that can be

used for a common overarching goal.
D) The maximum allowed initiative definitions for a tenant is 100.
Explanation
An initiative definition is a collection of policy definitions that can be used as a common overarching goal. Definitions
group a set of policies as one single item that can be assigned to scopes.
The scope for an initiative definition must either be a management group or a subscription:
Subscription – Resources within that subscription can be assigned the policy.

Management group – Resources within child management groups and child subscriptions can be assigned the
policy. The location must be a management group that contains those subscriptions if you plan to apply the
policy definition to several subscriptions.
Initiative parameters help simplify initiative management by reducing redundancy. They are used within the
initiative’s policy definition, and include allowedLocations (type=array) and allowedSingleLocation (string).
It is not true that the maximum number of allowed initiative definitions for a tenant is 100. The following is the
maximum counts of policy objects you can create per scope or tenant:
Policy definitions per scope – 500

Initiative definitions per scope – 100
Initiative definitions per tenant – 1,000
Policy or initiative assignments per scope – 100
31 av 60 06.04.2022, 12:51
Parameters per policy definition – 20

Policies per initiative definition – 100
Parameters per initiative definition – 100
Objective:
Sub-Objective:
References:
Microsoft Azure > Governance > What is Azure Policy?
Microsoft Azure > Governance > Azure Policy definition structure > Definition location
Microsoft Azure > Governance > What is Azure Policy? > Initiative parameters
You need to design a multi-factor authentication (MFA) for your Azure deployment. You need to secure the following
with a second method of authentication.
First-party Microsoft apps

Web applications published through Azure AD App Proxy
You are using Azure Active Directory and on-premises Active Directory. You will use Azure AD Connect with
password sync. You want to have a phone call as a second factor for MFA.
You use Multi-Factor Authentication (MFA) Server on-premises to design a multi-factor authentication (MFA) for your
Azure deployment.
Does your solution meet the requirement?
A) Yes
B) No
Explanation
You should not use Multi-Factor Authentication (MFA) Server on-premises to design a multi-factor authentication
(MFA) for your Azure deployment. You should use Azure Multi-Factor Authentication in the cloud instead. You can
determine which of these two choices would be best by determining what objects that you want to secure, where
32 av 60 06.04.2022, 12:51
your users are located, and what features of MFA that you want.
The following illustrations shows what objects can be secured with a second a method of authentication with Multi-
Factor Authentication (MFA) Server on-premises or Azure Multi-Factor Authentication in the cloud.
The following illustration shows which MFA method Microsoft recommends.
In this scenario, users will in Azure Active Directory and on-premises Active Directory, and you will use Azure AD
Connect with password sync.
Objective:
Sub-Objective:
References:
Azure > Multi-Factor Authentication > Choose the Azure Multi-Factor Authentication solution for you
You want a user's attempts to sign into Active Directory to be monitored by Microsoft.
Which of the following makes this possible?
A) Azure AD Connect
B) SSO
33 av 60 06.04.2022, 12:51
C) AD Multi-Factor Authentication
D) Conditional access
Explanation
When you use on-premises Active Directory only, Microsoft does not monitor sign-in attempts. When you use Azure
AD Connect, Microsoft can help protect you by detecting suspicious sign-in attempts. Azure AD Connect
synchronizes user identities between on-premises Active Directory and Azure AD, thereby making monitoring by
Microsoft possible.
AD Multi-Factor Authentication is when a user is prompted during the sign-in process for multiple identification
factors, such as a token and a PIN. It does not cause login attempts to be monitored by Microsoft.
Conditional access is a feature of Azure AD that allows or denies access to resources based on identity signals.
These signals include who the user is, where the user is, and what device the user requests access from. It does
not cause login attempts to be monitored by Microsoft.
Single sign-on (SSO) is a capability of a directory service not unique to Azure that allows a single password to
authenticate a user to all resources. It does not cause login attempts to be monitored by Microsoft.
Objective:
Sub-Objective:
References:
Microsoft Docs > Learn > Browse > Secure access to your applications by using Azure identity services > What is
Azure Active Directory?
The Nutex Corporation has plans to acquire some companies soon. The companies develop apps that generate a
large amount of analytics data.
Match the attribute or setting for Azure HDInsight with its appropriate description.
Explanation
You would map the attributes or settings for Azure HDInsight with their descriptions as follows:
34 av 60 06.04.2022, 12:51
HDInsight includes cluster types and cluster customization capabilities, such as the capability to add components,
utilities, and languages. The cluster types include, Apache Hadoop, Apache Spark, Apache HBase, ML Services,
Apache Storm, Apache Interactive Query, and Apache Kafka.
ZooKeeper nodes are used to elect the leader of master services on head nodes. They are also used to ensure that
services, data (worker) nodes, and gateways know which head node a master service is active on. By default,
HDInsight provides three ZooKeeper nodes.
Clamscan is the antivirus software that is used by Azure security (azsecd) to protect clusters from virus attacks and
runs on the HDInsight cluster. Microsoft recommends that users use the default Clamscan configuration and do not
make changes to the configuration. The Clamscan process does not interfere with or take any cycles away from
other processes.
The head node in a Storm cluster in named Nimbus.
Monitoring the health and performance of an HDInsight detects and addresses cluster configuration errors and user
code issues. A colored health indicator represents a host's operating status:
Red – At least one master component on the host is down.

Orange – At least one secondary component on the host is down.
Yellow – Ambari Server has not received a heartbeat from the host for more than 3 minutes.
Green – Normal.
Hue is a set of web applications used to interact with an Apache Hadoop cluster. Hue can be used to run Hive jobs,
run Pig scripts, and browse the storage associated with a Hadoop cluster (WASB, in the case of HDInsight clusters).
Objective:
Sub-Objective:
35 av 60 06.04.2022, 12:51
References:
Microsoft Azure > HDInsight > What are the default and recommended node configurations for Azure HDInsight?
Microsoft Azure > HDInsight > Availability and reliability of Apache Hadoop clusters in HDInsight
Microsoft Azure > HDInsight > Azure HDInsight: Frequently asked questions > Security and Certificates
Microsoft Azure > HDInsight > Monitor cluster performance in Azure HDInsight
Microsoft Azure > HDInsight > Install and use Hue on HDInsight Hadoop clusters
You need to propose a budget for cloud services, including selecting the correct cloud service model (PaaS, IaaS, or
SaaS). To help coordinate services, you must understand which responsibilities belong to each type of cloud
provider and which would belong to your organization.
In each service scenario, which areas are the responsibility of the service provider? Move the appropriate
responsibility to the appropriate category.
Explanation
Network controls are the responsibilities of the SaaS and PaaS vendors. The customer has no responsibility for
network controls in a SaaS. However, they have some control over network controls in a PaaS. The customer has
full responsibility of network controls for an IaaS since the customer can allocate resources such as routers, virtual
networks, and gateways in an IaaS.
Identity and access management is a shared responsibility between the vendor and the customer in a SaaS and
PaaS. These vendors decide what type of access that the customer has to its software in a SaaS and platform in a
PaaS and the customer can decide which users in their subscription can have access to the SaaS or PaaS.
Physical security is the sole responsibility of the customer in an on-premises environment. Ensuring that the
physical datacenter that houses the computing resources are secure is the cloud vendor’s responsibility with a
36 av 60 06.04.2022, 12:51
SaaS, PaaS, or IaaS environment.
Objective:
Sub-Objective:
References:
Shared responsibility in the cloud - Microsoft Azure | Microsoft Docs
Shared Responsibility for Cloud Computing-2019-10-25.pdf (microsoft.com)
Verigon Corporation has upgraded its Azure services to include Azure Defender. They have enabled Security Center
on their Azure subscription.
What are some of the Azure Security Center features and benefits that Verigon can now take advantage of?
(Choose all that apply.)
A) Network Map
B) Secure Score
C) WEI rating
D) Regulatory Compliance dashboards.
E) Blog posts by Azure Security Center experts
F) An asset inventory page
Explanation
Secure Score is a front-page feature of Security Center. The higher the score, the lower the risk level. The score is
dependent on the remediation of security recommendations for each subscription. Security Center is continually
assessing resources for security issues.
Azure Security Center includes blog posts by Azure Security Center experts as part of the Community page.
Additional resources, including security videos and access to the community GitHub, can also be found here.
37 av 60 06.04.2022, 12:51
Verigon has access to the Regulatory Compliance dashboards. Assessments are compared against industry
standards, such as HIPAA, HITRUST, and ISO 27001.
Azure Security center includes an inventory page.
It displays a list of all resources connected to Security Center.
A network map is included in Azure Security Center. Verigon can see the topology of their workloads and how the
nodes are connected.
Security Center is free to all users, but Azure Defender is a paid additional protection platform.
Security Center does not have a Windows Experience Index rating. This was included in Windows Vista and
Windows XP as a benchmarking tool.
Objective:
38 av 60 06.04.2022, 12:51
Sub-Objective:
References:
Azure > Security Center >What is Azure Security Center?
Match the cloud type with the correct definition.
Explanation
IaaS is a cloud category that provides customers with network infrastructure, physical computing resources, data
partitioning, scaling, security, and backup.
PaaS is a cloud category that a customer uses to create their own applications and manage those applications
without having to maintain the infrastructure to develop the applications.
With SaaS, the customer uses software for a fee from a cloud provider. Typically with SaaS, the software is stored in
a central location and customers access the software on a subscription basis.
Data Science as a Service (DSaaS) outsources the delivery of data that is gathered via progressive analytics
applications. The data gathered via DSaaS is used to provide analysis against existing data. The analysis can be
used for data science purposes, such as what type of customer would buy your product, how your product rates
against your rivals, and other analytical issues.
Network as a Service (NaaS) outsources services for network transport connectivity, such as routers and subnets.
Objective:
Sub-Objective:
References:
Data Science as a Service (DSaaS) : Analyzing Data Better
39 av 60 06.04.2022, 12:51
You are part of the IT team at the Nutex Corporation. Your management has triggered an initiative to reduce the
costs with Azure resources.
You need to reduce storage costs for blob data. You propose using Azure Storage reserved capacity.
Which of the following is true regarding Azure Storage reserved capacity? Choose two.
A) You must commit to a reservation of 6 months or more.
B) Not supported for Archive access tiers
C) You must commit to a reservation of 1 year or more.
D) Not supported for Cool access tiers
E) Operations, bandwidth, and data transfer charges are included in the

reservation
F) Available for Azure Data Lake Storage Gen2
G) You must commit to a reservation of 3 months or more.
H) Available for Azure Data Lake Storage Gen1
I) Available for Azure Table storage
Explanation
The following are true regarding Azure Storage reserved capacity:
You must commit to a reservation of 1 year or more.

Available for Azure Data Lake Storage Gen2
Azure Storage reserved capacity can give you a discount when you commit to a reservation for at least one year or
more for Azure Data Lake Storage Gen2 data and for block blobs in standard storage accounts.
The reservation applies to data storage and not for bandwidth, operation, or data transfer charges.
Hot, Cool, and Archive access tiers support Azure Storage reserved capacity.
Azure Storage reserved capacity is not supported for Azure Table storage, Azure Data Lake Storage Gen1, general-
purpose v1 (GPv1) storage accounts, premium storage accounts, page blobs, or Azure Queue storage.
Objective:
Sub-Objective:
40 av 60 06.04.2022, 12:51
References:
Optimize costs for Blob storage with reserved capacity - Azure Storage | Microsoft Docs
You are part of the IT team at the Nutex Corporation. Your management has triggered an initiative to reduce the
costs to manage apps and services on Azure. To work for this initiative, you must know the best practices to reduce
Azure costs.
Which of the following statements about Azure Reservations are TRUE? (Choose three.)
A) The size of a Cosmos DB reservation required is dependent on the

compute capacity used by Cosmos DB resources.
B) The unused reserved hours for virtual machines can be carried forward.
C) Azure Reservation is particularly useful when resources run for short

durations.
D) The utilization percentages of Azure Reservations can be viewed on the Azure

portal.
E) Azure Reservations are not applicable for a refund and cannot be

exchanged.
F) Azure Reservation discounts are not applicable for the duration of the overlap
if the runtimes of two different SQL databases overlap.
Explanation
Azure Reservation discounts are not applicable for the duration of the overlap if the runtimes of two different
SQL databases overlap.
The utilization percentages of Azure Reservations can be viewed on the Azure portal.
The size of a Cosmos DB reservation required is dependent on the compute capacity used by Cosmos DB
resources.
The SQL database reserved capacity discount is applied on an hourly basis to running SQL databases. The
reservation is automatically applied to other SQL databases that do not run for an hour but match the reservation
attributes. For example, a 16-core SQL database runs from 1 pm to 1:30 pm. Another 16-core SQL database runs
from 1:30 to 2 pm. The reservation discount covers both. If the runtimes overlap, pay-as-you-go prices are charged
for the duration of the overlap. The reservation discount applies to the compute usage for the rest of the time.
41 av 60 06.04.2022, 12:51
Azure Reservations’ utilization percentages can be monitored to ensure that they are used optimally. To view the
utilization percentage, follow these steps:
Go to the Azure portal and select All services > Reservations and note the Utilization (%) for each reservation.
Select a reservation.
Review the reservation use trend over time.
The size of the Cosmos DB reservation should be based on the total amount of throughput that the existing or soon-
to-be-deployed Azure Cosmos DB resources will use. The size of a SQL Database reservation should be based on
the total amount of compute used by the existing or soon-to-be-deployed single databases, elastic pools, or
managed instances within a specific region and using the same performance tier and hardware generation.
It is not true that the unused reserved hours for virtual machines can be carried forward. A reservation discount is
"use-it-or-lose-it". If there are no resources used for an hour, the reservation quantity for that hour is lost. When you
shut down a resource, the reservation discount automatically applies to another matching resource in the specified
scope. If no matching resources are found in the specified scope, then the reserved hours are lost.
An Azure reservation is particularly useful for resources that run for long, not short, periods, such as virtual
machines, Azure Cosmos DBs, or SQL databases. If these resources are run continuously for long hours, the pay-
as-you-go rates are charged. With Azure Reservation, discounts are applicable and up to 70% of the costs can be
saved.
You can exchange a reservation for another reservation of the same type. You can also refund a reservation, up to
$50,000 USD per year, if you no longer need it.
Self-service exchange and cancel capabilities are not available for US Government Enterprise Agreement
customers. Other US Government subscription types, including pay-as-you-go and CSP, are supported.
Objective:
Sub-Objective:
References:
Microsoft Azure > What are Azure Reservations?
Microsoft Azure > How the Azure reservation discount is applied to virtual machines
Microsoft Azure > Manage Reservations for Azure resources
Microsoft Azure > Self-service exchanges and refunds for Azure Reservations
Microsoft Azure > SQL Database > Save costs for SQL Database compute resources with Azure SQL Database
42 av 60 06.04.2022, 12:51
reserved capacity
As an Azure administrator, you are required to enable multi-factor authentication (MFA) only for applications of the
IT department.
How should you implement this strategy?
A) Azure Identity Hub
B) Azure AD Connect
C) Azure Identity Protection
D) Azure Conditional Access policy
Explanation
You should use an Azure Conditional Access policy. As shown in the graphics below, with a Conditional Access
policy you can choose multiple cloud apps for which you will enable multi-factor authentication.
The following graphic shows an Azure Conditional Access policy.
43 av 60 06.04.2022, 12:51
The following shows how to grant MFA in a Conditional Access policy:
44 av 60 06.04.2022, 12:51
You should not choose to use Azure Identity Protection because you cannot limit MFA to specific apps. Its aim is the
detection and remediation of identity-based risks.
You should not choose to use Azure Identity Hub because it cannot achieve the requirements of the question. It
allows your users to sign in to your iOS, Android, PHP, Windows, web, and Sharepoint apps using Facebook, ADFS,
Office 365, and many more.
You should not choose to use Azure AD Connect because it is used for synchronizing on-premises users to Azure
AD.
Objective:
Sub-Objective:
45 av 60 06.04.2022, 12:51
References:
Microsoft Docs > Azure > Active Directory > Conditional access > Building a Conditional Access policy
Azure AI makes artificial intelligence real for business. Match the functionality with the Azure AI service. (Some
services may not be used)
Explanation
Azure Cognitive Services allows developers to integration seeing, hearing, speaking, and other "human" capabilities
into their applications. This includes text-to-speech, speech-to-text, and speech recognition.
The Azure Bot Service lets business build develop their own bots, including the ability to make a branded "virtual
assistant". It is geared towards developers and data scientists. The Azure Bot Service scales on demand.
Power Virtual Agents allow building a bot without coding experience. It uses a simple graphical interface. There are
many premade connectors that allow out-of-the-box integration with Power Automate.
Azure Cognitive Search (formerly known as Azure Search) provides a freeform full-text search engine, It accepts
both simple and full query syntaxes. The search service sits "between" your data stores and the client app.
Cognitive search also offers image processing, such as Optical Character Recognition (OCR), or facial recognition.
The Azure Machine Learning Studio is a web-based portal inside of Azure Machine Learning allowing developers to
create machine learning projects. It includes both code and no-code experiences. The Studio is the Azure-integrated
version of the original ML Studio, which was a standalone service.
46 av 60 06.04.2022, 12:51
Azure Machine Learning is not directly matched in this scenario. Azure Machine Learning is a service that delivers a
complete data science platform.
Objective:
Sub-Objective:
References:
Azure Cognitive Search
Azure Cognitive Services
Microsoft Power Virtual Agents on Azure
Azure Bot Service
Azure Machine Learning
Azure > Machine Learning > What is Azure Machine Learning studio?
Your company needs to host multiple virtual machines that run an application your customers use in the East US
region of Azure. You need to ensure that no other VMs are placed on the physical machines in the data center. All
VMs need to have high availability using availability zones.
What should you use?
A) Azure Board
B) Azure Pipelines
C) Azure DevTest Labs
D) Desired State Configuration
E) Azure Advisor
F) Dedicated Host
Explanation
Azure Dedicated Host is a service that provisions physical hardware in a data center dedicated to one or more of
your company's and no one else's virtual machines. Dedicated hosts are physical servers in a data center that can
47 av 60 06.04.2022, 12:51
provide hardware isolation at the physical server level. These dedicated hosts share the same network and storage
as non-isolated hosts. Dedicated hosts can opt in or out of a maintenance window to reduce the impact of the
workload running on a dedicated host. You can deploy multiple dedicated hosts for high availability using availability
zones or fault domains for fault isolation.
You would not choose the Desired State Configuration (DSC) because it helps define a state for your machines.
DSC does not ensure that VMs will be physically isolated on specific hardware.
You would not choose Azure Advisor. Azure Advisor examines resource configuration and usage and provides
recommended solutions. Recommendations for cost, security, reliability (formerly High Availability), operational
excellence, and performance are combined in a single dashboard. Azure Advisor makes recommendations but may
not recommend having VMs be physically isolated on specific hardware.
Azure DevTest Labs allows you to create virtual machines (VMs) and PaaS resources without approvals. Azure
DevTest Labs enables your team to create multiple VMs or an empty resource group as a sandbox to isolate VMs.
You can use reusable templates and artifacts to provide your environment using Microsoft VMs or Linux VMs
quickly. VMs can be created from custom images that have all the software applications and any tools installed.
Azure DevTest Labs does not ensure that VMs will be physically isolated on specific hardware.
You would not choose to use Azure Pipelines because it integrates your code repository with builds and releases in
Azure DevOps.
You would not choose to use Azure Boards. Azure Boards use an agile methodology to track and plan projects
using tools such as scrum boards, Kanban boards, and dashboards.
Objective:
Sub-Objective:
References:
Overview of Azure Dedicated Hosts for virtual machines - Azure Virtual Machines | Microsoft Docs
The Nutex Corporation is considering shifting a considerable part of their offices to Germany. You are tasked with
providing the impact analysis on the infrastructure and services hosted on Azure.
Which of the following statements about Azure Germany are TRUE? (Choose two.)
48 av 60 06.04.2022, 12:51
A) Configuration of the features available with Azure Germany is identical to

Azure Global.
B) Azure Germany offers a separate instance of Microsoft Azure services

from within German data centers.
C) Azure Germany offers all the features available with Azure Global.
D) EU-based support staff provides technical and non-technical support to

Azure Germany’s customers.
Explanation
Azure Germany offers a separate instance of Microsoft Azure services from within German data centers, and EU-
based support staff provides technical and non-technical support to Azure Germany’s customers.
The data centers are in two cities: Frankfurt/Main and Magdeburg. The data centers connect through a private
network. The German data centers ensure customer data remains in Germany. All customer data is exclusively
stored in those data centers.
Due to data privacy compliance and restrictions, technical and non-technical support for Azure Germany comes
from EU-based support staff. The German data trustee supervises all support that requires platform access.
Configuration of the features available with Azure Germany is not identical to Azure Global. There are configuration
differences to Azure Global for features that are offered in Azure Germany, You should review your configurations
and sample code to ensure that you are building and executing within the Azure Germany environment.
Certain services and features that are available with Azure Global are not available with Azure Germany.
Objective:
Sub-Objective:
References:
Microsoft Azure > Germany
Threadfin > Azure Germany
You are the Azure administrator for the Nutex Corporation. You want to ensure that only users from the Marketing
49 av 60 06.04.2022, 12:51
department can access the Azure AD application named CompanyApp through multi-factor authentication. They
have to use multi-factor authentication from work and from their home office.
What settings do you have to configure to ensure that only Marketing department users can access CompanyApp
using a smartcard and PIN?
50 av 60 06.04.2022, 12:51
A) Set Enable Access Rules to ON, Apply to All Users, select Except, and add
the Marketing group. Under Rules, select Require multi-factor
authentication.
B) Set Enable Access Rules to OFF at Enable Access Rules, Apply to All
Users, select Except, and add the Marketing group. Under Rules, select
Require multi-factor authentication.
C) Set Enable Access Rules to OFF at Enable Access Rules, Apply to

Groups, and add the Marketing group. Under Rules, select Require multi-
factor authentication.
D) Switch Enable Access Rules to ON, Apply to Groups, and add the
Marketing group. Under Rules, select Require multi-factor authentication.
Explanation
You have to switch Enable Access Rules to ON, Apply to Groups, add the Marketing group, and select Require
multi-factor authentication under Rules. First, you have to enable an application MFA access rule by configuring it
to ON. You want only Marketing group to be able to use multi-factor authentication for that app, so you should create
a single access rule based on one group. Because you want them to use a smartcard and PIN if they are at work or
at home, you have to select Require multi-factor authentication.
You should not configure Enable Access Rules to ON, Apply to All Users, select Except, add the Marketing
group, and select Require multi-factor authentication under Rules. Here you select All Users with the exception
of Marketing group. This means that all users have to use a smartcard and a PIN, without the Marketing department
users.
You should not configure OFF at Enable Access Rules. You need to enable access rules to apply multi-factor
authentication requirements to the Marketing group and exclude other users from the requirement.
Objective:
Sub-Objective:
References:
Enable Azure AD Multi-Factor Authentication | Microsoft Docs
Azure Documentation > Azure Active Directory > Working with conditional access
Azure Documentation > Azure Active Directory > Authentication Scenarios for Azure AD
51 av 60 06.04.2022, 12:51
Your company will be deploying new servers that will host an application that customers will use. A security analyst
named Deborah needs to ensure the following objectives are met:
Websites are protected from attackers exhausting application resources

Reports are generated that detail any attempted attacks.
Deborah’s solution is to recommend using Azure DDos Protection Basic.
Does the solution meet the objectives?
A) No
B) Yes
Explanation
You should use DDos Protection Standard instead of DDos Protection Basic. DDoS protection protects from DDoS
attacks which exhaust application resources. Azure provides DDoS Protection Basic for free. DDoS Protection
Standard provides more features such as alerting, telemetry, and logging. It can use the logging feature to generate
reports that give detailed information about the attack.
Objective:
Sub-Objective:
Describe Azure network security
References:
Azure DDoS Protection Standard Overview | Microsoft Docs
The Nutex Corporation plans to comply with all the privacy, compliance, and data protection standards. You are
asked to investigate the security, compliance, and privacy offerings and commitments from Microsoft.
Which of the following statements about the Azure Trust Center are TRUE? (Choose two.)
52 av 60 06.04.2022, 12:51
A) Customers, including controllers and processors, who are not GDPR-

compliant can be fined up to 4% of their annual global turnover or €20
million.
B) Azure Trust Center is built on the three foundational principles of trust.
C) Azure is K-ISMS certified.
D) Azure Sentinel is a compliance management tool available with Trust Center.
Explanation
Azure is K-ISMS certified. Customers, including controllers and processors, who are not GDPR-compliant can be
fined up to 4% of their annual global turnover or €20 million.
K-ISMS certification is designed to ensure the security and privacy of data in the Korean region. Azure meets the
latest compliance offerings in the K-ISMS.
The EU General Data Protection Regulation (GDPR) was developed to create data privacy laws across Europe. It
replaces Data Protection Directive 95/46/EC and differs in several significant ways, such as:
Larger jurisdiction
Larger fines
Consent must be requested in a clear and easily accessible manner
Breach Notifications will be mandatory and must be completed within 72 hours of breach awareness
Privacy
Azure Trust Center is built on four, not three, foundational principles of trust:
1. security (keep customers’ data secure),

2. privacy (how customers are in control of their data),
3. compliance (comprehensive list of compliance offerings and solutions), and
4. transparency (being transparent about how Microsoft uses customers’ data).
Azure Sentinel is not a compliance management tool available with Trust Center. Azure Sentinel is a tool that
provides intelligent security analytics. The data for this analysis tool is stored in an Azure Monitor Log Analytics
workspace. Azure Sentinel collects data at cloud scale, finds uncovered threats, minimizes false positives using
analytics and threat intelligence, investigates threats, and responds to incidents rapidly with built-in orchestration
and automation of common tasks.
Objective:
Sub-Objective:
53 av 60 06.04.2022, 12:51
References:
Microsoft Azure > Blog > Microsoft Azure obtains Korea-Information Security Management System (K-ISMS)
certification
Microsoft > The Growth Center > 5 things you need to know about GDPR before it’s too late
Microsoft Azure > Azure Sentinel
Microsoft > Trust Center > Principles for maintaining data integrity in the cloud
Your company has noticed that storage costs have decreased significantly over the past few years due to cloud
providers’ ability to purchase larger amounts of storage at significant discounts. These savings have allowed your
company to purchase additional cloud resources.
Which cloud feature is represented in this scenario?
A) Agility
B) Economy of scale
C) Elasticity
D) High availability
E) Scalability
F) Fault tolerance
G) Disaster recovery
Explanation
You would choose economy of scale. The concept of economy of scale is the ability to do business cheaper and
more efficiently when operating on a larger scale, in comparison to operating on a smaller scale.
You would not choose agility. Agility is the ability to react quickly. Cloud services can allocate and deallocate
resources quickly. These are on-demand services that are provisioned in minutes. There is no manual intervention
in provisioning or deprovisioning services.
You would not choose elasticity. This feature increases or decreases resources as needed, but unlike scalability,
elasticity is done automatically. Elastic resources are based on the current needs and resources are added or
removed dynamically to meet those needs, from the most advantageous geographic location. A distinction between
scalability and elasticity is that elasticity is done automatically.
You would not choose high availability. This feature allows services to run for extended periods, with very little
54 av 60 06.04.2022, 12:51
downtime, depending on the service.
You would not choose scalability. This feature can increase (scale-up) or decrease (scale-down) resources that are
assigned to a workload. As demand increases, you can add additional resources or capabilities to manage the
increase in demand (known as scaling up). Scalability does not have to be done automatically.
You would not choose fault tolerance. Fault tolerance is the ability to remain up and running in the event of a
component or service that is no longer functioning. Typically, redundancy is built into cloud services architecture so
that if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.
You would not choose disaster recovery. This feature allows you to recover from a cloud service outage caused by
an event. Cloud services disaster recovery can happen very quickly with automation, with resources being readily
available for use.
Objective:
Sub-Objective:
Describe the benefits and considerations of using cloud services
References:
Wiki > Economy of Scale
Techopedia > Cloud Elasticity
Sysfore Blog > Agility on Cloud – A Vital Part of Cloud Computing
TutorialsPoint > Microsoft Azure - Scalability
Wiki > High Availability
IBM Knowledge Center > High availability versus fault tolerance
YouTube Video > AZ900T01 M1L1 CloudServices Jan19
Jennifer has been asked to configure the authentication and authorization for the Nutex Sales app being deployed
as an Azure web app. Only Active Directory authenticated Nutex sales representatives should be using the app, and
the sales management team would like a single sign-on (SSO) experience.
Which technologies will be required to accomplish the requested configuration? (Choose three.)
55 av 60 06.04.2022, 12:51
A) Azure Active Directory
B) Active Directory Federated Services
C) OAuth 2.0
D) Active Directory Domain Services
E) Microsoft Account Authentication
Explanation
Jennifer should configure Active Directory Domain Services (AD DS) and Azure Active Directory to synchronize
using Active Directory Federated Services (AD FS). AD FS allows a user Single Sign-On access to applications by
using AD FS as the identity provider to Azure Active Directory as a federation partner to integrate AD DS.
While Azure web apps support authentication using a variety of authentication providers including Google,
Facebook, Twitter, and Microsoft Account, a Microsoft Account will not provide the single sign-on (SSO) experience
requested by management.
Although Azure Active Directory supports using the OAuth 2.0 authentication protocol, it is not a requirement to
provide single sign-on.
Objective:
Sub-Objective:
References:
MS Docs > Azure > App Service > Authentication and Authorization in Azure App Service
Microsoft Official Curriculum - Course 20533 - Configuring Authentication and Authorization in App Service
The Nutex Corporation wants to use the capabilities of Azure Security to secure their Azure infrastructure, customer
data, and applications. You are asked to implement Azure Security. It is important that you understand its
capabilities before you implement it.
Match the capabilities of Azure Security with its appropriate description.
56 av 60 06.04.2022, 12:51
Explanation
You would map the capabilities of Azure Security with their descriptions as follows:
Azure Site Recovery keeps corporate workloads and apps up and running when planned and unplanned outages
occur. Azure Site Recovery helps orchestrate replication, failover, and recovery of workloads and apps so that they
are available from a secondary location if the primary location goes down.
ExpressRoute establishes connections to Microsoft cloud services, such as Azure, Office 365, and CRM Online.
Connectivity can be from a point-to-point Ethernet network, an any-to-any (IP VPN) network, or a virtual cross-
connection through a connectivity provider at a co-location facility. ExpressRoute connections travel the Internet and
are more secure than VPN-based solutions. It allows the connections to offer lower latencies, faster speeds, better
reliability, and higher security than typical connections over the Internet.
Application Gateway optimizes the web farm productivity by offloading CPU intensive SSL termination to the
application gateway (also known as “SSL offload” or “SSL bridging”). It also provides other Layer 7 routing
capabilities, including round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based
routing, and the ability to host multiple websites behind a single application gateway. Azure Application Gateway is a
layer-7 load balancer. It provides failover, performance-routing HTTP requests between servers, whether they are
on the cloud or on-premises.
Forced tunneling is commonly used to force outbound traffic to the Internet to go through on-premises security
proxies and firewalls.
VPN Gateway sends network traffic between an Azure Virtual Network and the on-premises site. A VPN gateway is
a type of virtual network gateway that sends encrypted traffic across a public connection.
57 av 60 06.04.2022, 12:51
Objective:
Sub-Objective:
References:
Microsoft Azure > Security > Fundamentals > Introduction to Azure security
The Nutex Corporation has been asked to implement IoT on Azure to build a pressure sensor network at its
customer’s oil wells. You work as the Azure IoT Solution Developer who must design the Azure IoT solution.
Which of the following are mandatory requirements to implement IoT Central and accomplish the goal of the plan?
(Choose three.)
A) The Stopped status for a job whose purpose is to update multiple IoT devices
indicates that the job has failed and has not updated all devices.
B) Azure IoT Central uses Azure IoT Hub as a cloud gateway to connect
devices.
C) Users will receive email notifications when the email address is a valid user ID
in the IoT Central app and the user has signed in to the IoT Central application
at least once.
D) If you change the URL of an IoT Central app, Azure retains the old URL
for seven (7) days before allowing other IoT Central customers to use it.
E) Changing the properties in a device template does not automatically

create a new version when no device or at most one device is connected.
Explanation
Users will receive email notifications when the email address is a valid user ID in the IoT Central app and the
user has signed in to the IoT Central application at least once.
Azure IoT Central uses Azure IoT Hub as a cloud gateway to connect devices.
Changing the properties in a device template does not automatically create a new version when no device or at
most one device is connected.
58 av 60 06.04.2022, 12:51
The email address must be a valid user ID in the IoT Central app and the user must have signed in to the IoT
Central app at least once in order to receive email notifications. This is required by Microsoft. Rules are added and
actions are defined for a device template. Actions specify what must happen when the rule conditions are met.
Actions can be email, text message, or any other third-party integration.
IoT Hub enables data ingestion at scale in the cloud, device management, and secure device connectivity.
You cannot create a new version of the device template by changing the properties in the device template. The
following list describes the user actions that could require a new version: Properties (Required) – adding or
deleting a required property or changing the field name of a property (the name that is used by your devices to
send messages)
Properties (Optional) – deleting an optional property, changing the field name of a property (the name that is
used by your devices to send messages), or changing a property from optional to required
Settings – adding or deleting a setting or changing the field name of a setting (the name that is used by your
devices to send and receive messages).
it is not true that the Stopped status for a job whose purpose is to update multiple IoT devices indicates that the job
has failed and has not updated all devices. The status means that the job has stopped, but not necessarily failed.
If you change the URL of an IoT Central app, Azure does not retain the old URL for seven days before allowing
other IoT Central customers to use it. If you change the URL, your old URL can be taken by another Azure IoT
Central customer. If that happens, it is no longer available for you to use. When you change your URL, the old URL
no longer works and you need to notify your users about the new URL.
Objective:
Sub-Objective:
References:
Microsoft Azure > Internet of Things > IoT Central > Create a telemetry rule and set up notifications in your Azure
IoT Central application
Microsoft Azure > Internet of Things > Tutorial: Configure rules and actions for your device in Azure IoT Central >
Create a telemetry-based rule
Microsoft Azure > Internet of Things > Azure IoT Central Architecture
Microsoft Azure > Internet of Things > Azure IoT Central > Create and run a job in your Azure IoT Central
application
Microsoft Azure > Internet of Things > IoT Central > Create a new device template version
59 av 60 06.04.2022, 12:51
Microsoft Azure > Internet of Things > IoT Central > Manage your IoT Central application
60 av 60 06.04.2022, 12:51

Qbank Quiz April 6, 2022: Question #1 of 42

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Qbank Quiz April 6, 2022: Question #1 of 42

Uploaded by

Copyright:

Available Formats

AZ-900 Exam Simulation https://www.kaplanlearn.com/education/test/print/58416382?testId=204...

QBank Quiz April 6, 2022 Test ID: 204495171

Question #1 of 42 Question ID: 1425465

Will this solution meet the CFO’s needs?

Streamline bill paying tasks

Overview of Azure Cost Management + Billing | Microsoft Docs

Pricing Calculator | Microsoft Azure

Question #2 of 42 Question ID: 1425464

Will this solution meet the CFO’s needs?

Streamline bill paying tasks

Overview of Azure Cost Management + Billing | Microsoft Docs

Pricing Calculator | Microsoft Azure

Question #3 of 42 Question ID: 1425469

{UCMS id=5685239953227776 type=Activity}

You should choose the following:

FAQ Azure Services

Azure - Access public and private preview features

Question #4 of 42 Question ID: 1403889

What should you use?

B) Microsoft Azure Machine Learning Studio

C) Azure Machine Learning service

Question #5 of 42 Question ID: 1425463

A) Azure TCO Calculator calculates on-premises infrastructure costs based

B) Customers interested in migrating from on-premises deployments to Azure

The following statements are not true:

Schneider > Microsoft Azure Total Cost of Ownership (TCO) Calculator

Cloud vs. On-Premises: Cost (TCO) Calculator

Question #6 of 42 Question ID: 1425467

{UCMS id=5732114289917952 type=Activity}

Microsoft Azure > Service Level Agreements

Question #7 of 42 Question ID: 1403869

A) Create a Sync Group and add the on-premises servers as Server

B) Create ExpressRoute circuit(s) for the Azure File Sync solution.

C) Create an Azure File Share on the Azure portal.

D) Deploy Azure File Sync on the on-premises servers.

E) Install Windows Deployment Services on-premises

F) Register the on-premises servers with the Storage Sync Service.

The following are mandatory requirements:

Deploy Azure File Sync on the on-premises servers.

Azure > ExpressRoute > Create and modify an ExpressRoute circuit

Question #8 of 42 Question ID: 1428179

B) Profile editing policy

C) Sign-up or sign-in policy

D) Password reset policy

Question #9 of 42 Question ID: 1403912

B) If an Azure region is down and unavailable, the requests made to an

The following statements are true:

Azure Virtual Machines deployment service

List key vaults

Question #10 of 42 Question ID: 1403846

Which of the following statements describes an Azure region?

A) A geographical area containing at least one, but potentially multiple,

B) A geographical area containing more than one datacenter in close proximity

C) A geographical area containing one or more datacenters networked

D) A geographical area containing only one datacenter

YouTube video > AZ900T01 M2L2 Regions Jan19

Microsoft Azure > Azure global infrastructure > Azure Regions

Question #11 of 42 Question ID: 1425468

B) Features in Private Preview are available to all Azure customers.

C) You can find the list of Preview features on the

D) Features in Public Preview are available to all Azure customers as part of

Access public and private preview features – daryusman (wordpress.com)

Question #12 of 42 Question ID: 1428182