Professional Documents
Culture Documents
1. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point.
2. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point.
3. This question requires that you evaluate the underlined text to determine if it is correct.
A. Public Cloud
B. Hybrid Cloud*
C. Private Cloud
D. Mixed Cloud
4. This question requires that you evaluate the underlined text to determine if it is correct.
A. Physical Server
B. Operating System*
C. Middleware *
D. Networking
A. CapEx
B. OpEx
7. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
Your company is considering Azure to give their employees access to Office 365, as they
only concerned about their application data.
8. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
In looking at the Cloud Shared Responsibility Model this would fall into the Software as
a Service (SaaS) model.
9. You are looking at the Azure Shared Responsibility Model. In attempting to differentiate
between Infrastructure as a service (IaaS), Platform as a Service PaaS, and Software as a
Service (SaaS) match the following options.
1. IaaS
2. PaaS
3. SaaS
10. This question requires that you evaluate the underlined text to determine if it is correct.
The Consumption Based Model is what Cloud Service Providers adhere to when
considering a Pay as you go scenario.
Review the underlined text. If it makes the statement correct, Select “No change is
needed.” If the statement is incorrect, select the answer choice that makes the statement
correct.
A. No change is needed*
B. Elasticity
C. Public Cloud
D. Virtualization
11. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point
12. Which two are features of Regional Pairs? Each correct answer presents a complete
solution.
NOTE: Each correct selection is worth one point.
a) Azure prefers at least 400 miles of separation between datacenters in a regional pair.
b) Some services provide automatic replication to the paired region.
c) In an outage, recovery of one region is prioritized out of every pair.
d) Azure system updates are rolled out to paired regions concurrently.
e) Not all regions are paired
13. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point
14. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point
a) Resource groups are containers for multiple resources that share the same life cycle.
Yes/No
b) Resource groups provide aggregates resources into a single manageable unit. Yes/No
c) Every Azure resource must exist in one (and only one) resource group. Yes/No
15. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
Your company would like you to create, update, and delete resources in your Azure subscription.
Solution: You use ARM.
Does this meet the goal?
e) Yes
f) No
16. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
17. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
18. Match the Azure Cloud Service to the correct benefit. Each correct match is worth one
mark.
a) Azure Virtual Network
b) Virtual Private Network Gateway
c) Azure Express Route
d) Windows virtual Desktop
20. Your company plans to use Azure SQL Managed Instance to exchanger existing licenses
from on-prem SQL Server licenses.
Does this meet your company’s goal?
Yes/No
1. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point.
2. Which two are features of Serverless Computing? Each correct answer presents a
complete solution.
NOTE: Each correct selection is worth one point.
3. Match the Azure Cloud Service to the correct benefit. Each correct match is worth one
mark.
a) Azure DevOps services - 2
b) Azure DevTest Labs - 3
c) GitHub - 4
d) GitHub Actions - 1
8. Azure Advisor analyzes deployed Azure resources and makes recommendations based on
best practices to optimize Azure deployments by providing which 2 features. Eatch
correct answer is worth one mark.
a) Security
b) Elasticity
c) Fault Tolerance
d) Cost
e) High Availability
9. For Each of the following statements, Select Yes if the statement is true. Otherwise, Select No.
NOTE: Each correct selection is worth one point.
10. Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
Your company would like to use JavaScript Object Notation (JSON) to create and deploy Azure
infrastructure without having to write programing commands.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
Your company would like to use JavaScript Object Notation (JSON) to create and deploy Azure
infrastructure without having to write programing commands.
12. Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that meet the stated goals. Some question sets might have
more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
Your company would like to use JavaScript Object Notation (JSON) to create and deploy Azure
infrastructure without having to write programing commands.
13. Match the Azure Cloud Service to the correct benefit. Each correct match is worth one mark.
14. For Each of the following statements, Select Yes if the statement is true. Otherwise, Select No.
NOTE: Each correct selection is worth one point.
1. Azure Machine Learning service builds intelligent and supported algorithms into apps,
websites, and bots to see, hear, speak, understand, and interpret your user needs. Yes/No
2. Azure Bot Service develops intelligent, enterprise-grade bots that let you maintain control
of your data. Yes/No
3. Cognitive Services provides a cloud-based environment used to develop, train, test,
deploy, manage, and track machine learning models. Yes/No
Correct Answer: A
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual
machine. You can use multiple network security groups within a virtual network to restrict traffic
between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
2- You have an Azure environment that contains 10 virtual networks and 100 virtual
machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
Correct Answer: D
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure
Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability
and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across
subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual
network resources allowing outside firewalls to identify traffic originating from your virtual
network.
References:
https://docs.microsoft.com/en-us/azure/firewall/overview
3- To complete the sentence, select the appropriate option in the answer area.
Hot Area:
When you create a virtual machine, the default setting is to create a Network Security Group
attached to the network interface assigned to a virtual machine.
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual
machine. You can use multiple network security groups within a virtual network to restrict traffic
between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to
the virtual machine on port 8080.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution. After
you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Correct Answer: A
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual
machine. You can use multiple network security groups within a virtual network to restrict traffic
between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to
the virtual machine on port 80 (HTTP).
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
A. Yes
B. No
Correct Answer: B
DDoS is a form of attack on a network resource. A DDoS protection plan is used to protect
against DDoS attacks; it does not provide connectivity to a virtual machine.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you
need to modify a network security group or Azure Firewall.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution. After
you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
Correct Answer: A
Azure Firewall is a managed, cloud-based network security service that protects your Azure
Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability
and unrestricted cloud scalability.
In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual
machine on port 80 (HTTP).
References:
https://docs.microsoft.com/en-us/azure/firewall/overview
Note: This question is part of a series of questions that present the same scenario. Each question
in the series contains a unique solution that might meet the stated goals. Some question sets
might have more than one correct solution, while others might not have a correct solution. After
you answer a question in this section, you will NOT be able to return to it. As a result, these
questions will not appear in the review screen.
7- Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over
HTTP.
Correct Answer: B
Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a
virtual machine named VM1 is accessible from the Internet over
HTTP.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you
need to modify a network security group or Azure Firewall.
In this question, we need to add a rule to a network security group or Azure Firewall to allow the
connection to the virtual machine on port 80 (HTTP).
References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
8- Your company plans to deploy several web servers and several database servers to Azure. You
need to recommend an Azure solution to limit the types of connections from the web servers to
the database servers.
What should you include in the recommendation?
Correct Answer: A
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual
machine. You can use multiple network security groups within a virtual network to restrict traffic
between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
9- For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: No -
Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on
source/destination IP address, source/destination ports and protocol.
Box 2: No -
A network security group does not encrypt network traffic. It works in a similar way to a firewall
in that it is used to block or allow traffic based on source/ destination IP address,
source/destination ports and protocol.
Box 3: No -
The question is rather vague as it would depend on the configuration of the host on the Internet.
Windows Server does come with a VPN client and it also supports other encryption methods
such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was
configured to require or accept the encryption.
However, the VM could not encrypt the traffic to an Internet host that is not configured to
require the encryption.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-
practices#protect-data-in-transit
10- For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Yes -
Azure Security Center is a unified infrastructure security management system that strengthens
the security posture of your data centers, and provides advanced threat protection across your
hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.
Box 2: No -
Only two features: Continuous assessment and security recommendations, and Azure secure
score, are free.
Box 3: Yes -
The advanced monitoring capabilities in Security Center also let you track and manage
compliance and governance over time. The overall compliance provides you with a measure of
how much your subscriptions are compliant with policies associated with your workload.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-intro
11- To complete the sentence, select the appropriate option in the answer area.
Hot Area:
The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you
to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks
while providing easy access when you need to connect to a VM.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-
config-asc%2Cjit-request-asc
12- For each of the following statements, select Yes if the statement is true. Otherwise, select
No.
NOTE: Each correct selection is worth one point.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
13- Your company plans to migrate all on-premises data to Azure.
You need to identify whether Azure complies with the companyג€™s regional requirements.
What should you use?
A. the Knowledge Center
B. Azure Marketplace
C. the Azure portal
D. the Trust Center
Correct Answer: D
Azure has more than 90 compliance certifications, including over 50 specific to global regions
and countries, such as the US, the European Union, Germany,
Japan, the United Kingdom, India and China.
You can view a list of compliance certifications in the Trust Center to determine whether Azure
meets your regional requirements.
Reference:
https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal
14- To complete the sentence, select the appropriate option in the answer area.
Hot Area:
Box 2: No -
Data ingress over a VPN is data ג€˜coming inג€™ to Azure over the VPN. You are not charged
data transfer costs for data ingress.
Box 3: Yes -
Data egress over a VPN is data ג€˜going outג€™ of Azure over the VPN. You are charged for
data egress.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/manage-resource-groups-portal
https://azure.microsoft.com/en-us/pricing/details/bandwidth/
15. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point.
16. For Each of the following statements, Select Yes if the statement is true. Otherwise,
Select No.
NOTE: Each correct selection is worth one point.
Authentication defines which data they can access, and what they can do with it. Yes/NO
Authorization requests legitimate access credentials. Yes/NO
Authentication is the basis for creating secure identity and access control principles.
YES/No
17. This question requires that you evaluate the underlined text to determine if it is correct.
Azure tenant is dedicated and trusted instance of Azure AD that's automatically created
when your organization signs up for a Microsoft Office 365 subscription.
Review the underlined text. If it makes the statement correct, Select “No change is
needed.” If the statement is incorrect, select the answer choice that makes the statement
correct.
E. No change is needed *
F. Azure Resource Group
G. Management Group
H. NSG
18. This question requires that you evaluate the underlined text to determine if it is correct.
Review the underlined text. If it makes the statement correct, Select “No change is
needed.” If the statement is incorrect, select the answer choice that makes the statement
correct.
E. No change is needed
F. Tags *
G. NSG
H. Resource Groups
I. Policies
19. Which two are AZURE Sovereign Regions? Each correct answer presents a complete
solution.
NOTE: Each correct selection is worth one point.
20. Match the Azure Cloud Service to the correct benefit. Each correct match is worth one
mark.
7. RBAC - D
8. Tag - B
9. Resource Locks - E
10. Azure Policy - C
11. Azure Blueprints - A
C. Role Assignments
D. Consists of a name-value pair
E. Enforces organizational standards
F. Enables access to the Azure portal
G. Protects Azure resources from accidental deletion
21. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
Your company wants to review Role Specific information for business managers,
engineers, risk assessors, administrators, privacy officers, and legal teams.
24. Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that meet the stated goals. Some question
sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a
result, these questions will not appear in the review screen.
Your company wants to review Role Specific information for business managers,
engineers, risk assessors, administrators, privacy officers, and legal teams.
27. Place the One Microsoft Approach to the Cloud Adoption Framework in order from the
beginning to the end. Match the term to the proper order number. Each correct match is
worth one mark.
G. Innovate
H. Migrate
I. Govern
J. Strategy
K. Plan
L. Ready
M. Manage
4. Strategy
5. Plan
6. Ready
7. Migrate
8. Innovate
9. Govern
10. Manage
28. This question requires that you evaluate the underlined text to determine if it is correct.
From the Azure Cloud Shell you can track the company’s regulatory standards and
regulation.
Review the underlined text. If it makes the statement correct, Select “No change is
needed.” If the statement is incorrect, select the answer choice that makes the statement
correct.
E. No change is needed
F. The Trust Centre
G. Microsoft’s Privacy Statement *
H. Compliance Manager
1. Please choose the correct answer to the different scenarios. (Not all options are used).
a. Azure Reservations.
b. Azure Cost Management.
c. Azure Resource Manager (ARM)
d. Total Cost of Ownership (TCO) calculator
e. Azure spending limits.
f. Azure Pricing Calculator
You want to see how much you can save over five years by moving your company’s
infrastructure to the Azure Cloud. ______d________
You want to set up an alert to send you and your coworker text messages when your
Azure Resources use 90 percent of your company’s monthly Azure budget.
_______b_______
You want to estimate the cost of deploying four virtual machines (VMs) and two SQL
Database instances to Azure. _______f_______
Your company plans to commit to a 3-year plan for virtual machines (VMs) and storage
resources to receive a discount in pay-as-you-go prices. _________a________
Your company plans to make use of a free SaaS solution that lets your company monitor,
allocate, and optimize cloud spend in a multi-cloud environment. ______b_______
You company wants to increase default limits on how many select resources of each type
can be provisioned per Azure Region. _______c________
2. You deploy a web app and a Cosmos DB instance to Azure. The web app stores and retrieves
data from the Cosmos DB instance. The service level agreement (SLA) for the web app is
99.95%, while that of the Cosmos DB instance is 99.99%.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
The combined SLA is lower than each individual SLA. (Yes/No)
You can increase the composite SLA by having the web app access a fallback queue.
(Yes/No)
The combined probability of failure is lower than each individual SLA value. (Yes/No)
3. For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Public Preview allows you to test Azure features that are only available to selected users.
(Yes/No)
Private Preview allows you to test Azure features that are available to everyone. (Yes/No)
To view current information on preview, you can visit https://azure.microsoft.com/en-
us/updates/. (Yes/No)
4. You move some Windows Server virtual machines (VMs) from your on-premises datacenter
to Azure. Existing on-premises VMs are licensed by your company’s active Microsoft
Software Assurance Agreement. You need to reduce the cost of your Azure VMs. What
should you do?
a. Deploy your VMs on an Azure Dedicated Host.
b. Create VMs in availability sets.
c. Enable the Azure Hybrid Benefit Settings.
d. Create VMs in availability zones.
6. Please choose the correct answer for the Estimated Expected Annual Downtime for various
SLAs.
a. 1 hour
b. 4 hours
c. 9 hours
d. 1 day
e. 4 days
f. 9 days
99.99% ____a______
99.95% ____b______
99.9% _____c_____
99% _____e______
8. Based on the Microsoft Azure Lifecycle Policy, how much advance warning does Microsoft
give before retiring a Guest operating system (OS)?
a. 60 days
b. 24 months
c. 12 months
d. 6 months
9. An Azure service level agreement (SLA) describes commitments related to uptime and
connectivity for Azure services.
Review the underlined text. If it makes the statement correct, select “No change.” If the
statement is incorrect, select the answer choice that makes the statement correct.
a. No change.
b. Legally binding restrictions on use and what constitutes a breach of contract.
c. Manner of use and use limitation for end-users.
d. Customer rights on usage, describing how and when, and restrictions on license
transfer.
10. According to Microsoft’s supplemental terms, what is the primary purpose for releasing an
Azure feature in public preview?
a. To provide a migration path to new features.
b. To start the Lifecycle countdown for general availability (GA)
c. To obtain customer feedback.
d. To test applicable support infrastructure.