AZ 900 Udemy Practice Test 1

Udemy Practice Test 1
Question 1:
You plan to create a Netflix like streaming service and would like to serve video content
to users worldwide. Which of the following would help you deliver the best possible
service with least latency?
 A content delivery network (CDN)
 An Azure ExpressRoute circuit
 An Azure Load Balancer
 An Azure Virtual Network NAT
Explanation
The question states that users are located worldwide and need the least possible latency. The
video playback experience would be improved if they can download the video from servers in
the same region as the users. We can achieve this by using a Content Delivery Network.
A content delivery network (CDN) is a distributed network of servers that can efficiently
deliver web content to users. CDNs store cached content on edge servers in point-of-presence
(POP) locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly
delivering high-bandwidth content to users by caching their content at strategically placed
physical nodes across the world. Azure CDN can also accelerate dynamic content, which
cannot be cached, by leveraging various network optimizations using CDN POPs. For
example, route optimization to bypass Border Gateway Protocol (BGP).
The benefits of using Azure CDN to deliver website assets include:
-> Better performance and improved user experience for end users, especially when using
applications in which multiple round-trips are required to load content.
-> Large scaling to better handle instantaneous high loads, such as the start of a product
launch event.
-> Distribution of user requests and serving of content directly from edge servers so that less
traffic is sent to the origin server.
References: https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question 2: Correct
How does the defense-in-depth model enhance cybersecurity compared to relying solely
on perimeter security?
 It provides protection against both external and internal threats.
 It reduces the need for user authentication.
 It eliminates the need for regular security updates.
 It isolates the network from the internet entirely.
Explanation
The defense-in-depth model focuses on multiple layers of security, including internal
defenses. This strategy provides safeguards against both external threats (outside attackers)
and internal threats (compromised insiders).
The remaining options don't make any sense and rather reduce the security configuration.
Reference: https://azure.microsoft.com/en-us/blog/microsoft-azures-defense-in-depth-
approach-to-cloud-vulnerabilities/
Question 3: Correct
Which of the following can you use to implement strict governance and ensure that the
right people have access to the right resources, and only when they need it?
 Azure Bastion
 Azure Active Directory
 Microsoft Defender for Cloud
 Microsoft Sentinel
Explanation
From the official docs:
Azure Active Directory (Azure AD), part of Microsoft Entra, is an enterprise identity
service that provides single sign-on, multifactor authentication, and conditional access to
guard against 99.9 percent of cybersecurity attacks.
Microsoft Defender for Cloud - is a solution for cloud security posture management
(CSPM) and cloud workload protection (CWP) that finds weak spots across cloud
configurations, helps strengthen the overall security posture of environments, and can protect
workloads across multicloud and hybrid environments from evolving threats.
Azure Bastion - is a fully managed service that provides more secure and seamless Remote
Desktop Protocol (RDP) and Secure Shell Protocol (SSH) access to virtual machines (VMs)
without any exposure through public IP addresses.
Microsoft Sentinel - is a birds-eye view across the enterprise. It puts the cloud and large-
scale intelligence from decades of Microsoft security experience to work. Make your threat
detection and response smarter and faster with artificial intelligence (AI).
Reference: https://azure.microsoft.com/en-ca/services/active-directory/#features
Question 4:
What Azure service provides recommendations to optimize your cloud spending based
on your usage patterns?
 Azure Policy
 Azure Cost Management and Billing
 Azure Monitor
 Azure Advisor
Explanation
Azure Cost Management and Billing is the correct answer & provides recommendations to
optimize your cloud spending based on your usage patterns. The service provides insights and
cost management tools to help you monitor, allocate, and optimize your cloud costs.
Other options:
 Azure Advisor is a service that provides personalized recommendations to help you

optimize your Azure resources for high availability, security, performance, and cost.
Azure Advisor also provides recommendations to optimize your cloud spending, but
its primary focus is on providing guidance for improving the security, reliability, and
performance of your Azure resources. While it may include some cost optimization
recommendations, it is not solely focused on cost management and billing like Azure
Cost Management and Billing. In such questions we'll always choose the
BEST choice possible.
 Azure Monitor is a service that provides a single pane of glass to monitor the
performance and health of your applications and infrastructure in Azure.
 Azure Policy is a service that enables you to enforce governance policies for your
Azure resources to ensure compliance with organizational standards and regulations.
Reference: https://learn.microsoft.com/en-us/azure/cost-management-billing/cost-
management-billing-overview
Question 5: Correct
Your organization has an on-premise infrastructure. The requirement from senior
management is to migrate everything to the cloud.
As an advisor, what would you recommend to deal with an unexpected Azure outage in a
Data Center / Availability Zone?
 Using cheap resources to lose lesser money

 Elasticity
 Fault Tolerance
 Scalability
Explanation
There are several mechanisms built into Microsoft Azure to ensure services and applications
remain available in the event of a failure. Such failures can include hardware failures, such
as hard-disk crashes, or temporary availability issues of dependent services, such as storage
or networking services. Azure and its software-controlled infrastructure are written in a way
to anticipate and manage such failures.
In the event of a failure, the Azure infrastructure (the Fabric Controller) reacts immediately
to restore services and infrastructure. For example, if a virtual machine (VM) fails due to a
hardware failure on the physical host, the Fabric Controller moves that VM to another
physical node based on the same hard disk stored in Azure storage. Azure is similarly capable
of coordinating upgrades and updates in such a way as to avoid service downtime.
For computing resources (such as cloud services, traditional IaaS VMs, VM scale sets), the
most important and fundamental concepts for enabling high availability are fault domains and
upgrade domains. These have been part of Azure since its inception.
Reference : https://azure.microsoft.com/en-us/blog/introducing-azure-availability-zones-for-
resiliency-and-high-availability/
Question 6:
One of the teams in your company is looking for a solution for collecting, analyzing, and
potentially taking action based on the metric and logging data from your entire Azure
and on-premises environment.
Which of the following would you recommend?
 Azure Logs
 Azure Insights
 Azure Monitor
 Azure Advisor
Explanation
From the Official Azure Documentation:
Azure Monitor is a platform for collecting, analyzing, visualizing, and potentially taking
action based on the metric and logging data from your entire Azure and on-premises
environment.
The following diagram illustrates just how comprehensive Azure Monitor is.
 On the left is a list of the sources of logging and metric data that can be collected at
every layer in your application architecture, from application to operating system and
network.
 In the center, you can see how the logging and metric data is stored in central
repositories.
 On the right, the data is used in a number of ways. You can view real-time and
historical performance across each layer of your architecture, or aggregated and
detailed information. The data is displayed at different levels for different audiences.
You can view high-level reports on the Azure Monitor Dashboard or create custom
views by using Power BI and Kusto queries.
Additionally, you can use the data to help you react to critical events in real time, through
alerts delivered to teams via SMS, email, and so on. Or you can use thresholds to trigger
autoscaling functionality to scale up or down to meet the demand.
Reference: https://docs.microsoft.com/en-ca/learn/modules/monitoring-fundamentals/2-
identify-product-options
Question 7:
How does Defender for Cloud contribute to the security of Azure-native services?
 By enforcing access controls on physical hardware.
 By focusing solely on Azure App Service protection.
 By natively integrating with Azure services to provide monitoring and
protection.
 By automatically deploying Log Analytics agents to Azure machines.
Explanation
Defender for Cloud, being an Azure-native service, natively integrates with Azure services,
monitoring and protecting them without requiring additional deployment. This integration
enhances the security posture of Azure resources.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-azure-identity-
access-security/9-describe-microsoft-defender-for-cloud
Question 8: Correct
Yes or No:
If you assign permissions to a resource group, all the resources inside it inherit these
permissions.
 Yes
 No
Explanation
Yes, it is true that if you assign certain permissions to a resource group, then all the resources
inside it inherit those permissions.
See below (VERY IMPORTANT TO UNDERSTAND AND REMEMBER THIS

DIAGRAM):
A resource group is a container that holds related resources for an Azure solution. The
resource group can include all the resources for the solution, or only those resources that you
want to manage as a group. You decide how you want to allocate resources to resource
groups based on what makes the most sense for your organization.
Generally, we add resources that share the same lifecycle to the same resource group so
you can easily deploy, update, and delete them as a group.
Reference : https://docs.microsoft.com/en-us/azure/azure-resourcemanager/management/
overview#resource-groups
Question 9:
Which of the following statements is accurate?
If you want to migrate a website that is hosted On-Prem presently to Azure, one of the clear
benefits is the Pay-As-You-Go Pricing that comes with Azure.
 The given statement is correct.

 This is not true, we first need to pay to transfer all the website data to Azure
 This is not true, a website hosted on Azure will be costlier as its charged by the
second.
 This is not true. You need a VPN to complete the migration which will cost a lot.
Explanation
When planning to migrate a website to Azure, the Pay As you Go pricing model is a big
advantage. You can even use Azure Websites to accomplish this.
Azure Websites is offered in four tiers: Free, Shared (Preview), Basic and Standard.
 Websites Shared (Preview): The price for the Shared tier during preview
is $0.013 per hour per website instance (~$10/month). This price reflects a 33%
preview discount.
 Websites Basic and Standard: The Basic and Standard tiers offer multiple instance
sizes as well as scaling to meet changing capacity needs starting from $56 for a Basic
(Single Small instance) and $75 for a Standard ( Single small instance)
For more details on features per price tier , click here.
Answers:
- You do not need a VPN for Azure web sites.
- You do not pay to transfer data into Azure web sites.
- You are not charged by the second.
Question 10:
Suppose the lead architect in your company has asked your team to implement a PaaS
based solution in Azure for a quick Proof-of-Concept (POC) to senior management.
One of your colleagues goes ahead and creates an Azure Logic App and an Azure Data
Factory instance.
Would you agree with this implementation?
 Yes
 No
Explanation
Azure Logic App and Azure Data Factory both fall under the PaaS (Platform as a Service)
category.
References:
https://azure.microsoft.com/en-us/overview/what-is-iaas/
https://azure.microsoft.com/en-us/overview/what-is-paas/
Question 11:
Is an internet connection necessary for using cloud computing?
 Yes
 No
Explanation
The answer is no. Cloud computing services can be used over the internet, but they can also
be used through private networks or dedicated connections, such as Azure ExpressRoute,
which provides a dedicated, private network connection between on-premises infrastructure
and Azure data centers. Some cloud services can also be accessed offline or through local
networks.
For example, Azure Stack is a hybrid cloud solution that allows you to use Azure services on-
premises, without an internet connection. This can be useful for organizations that have
limited or unreliable internet connectivity but still want to take advantage of the benefits of
cloud computing.
Similarly, some cloud providers offer edge computing solutions that allow you to run cloud
workloads on devices located at the edge of the network, such as in a factory or remote
location, without needing a constant internet connection.
In general, however, most cloud services do require an internet connection to access and use
them. This is because the underlying infrastructure and resources that support these services
are typically hosted in data centers that are connected to the internet.
Reference: https://learn.microsoft.com/en-us/azure-stack/operator/azure-stack-overview?
view=azs-2206
Question 12:
Which of the following Azure storage solutions meets ALL the following requirements:
1) The ability to handle unstructured data (document, graph, key-value)
2) Automatically index all data, regardless of the data model.
3) Multi-region writes and data distribution to any Azure region.
 Azure SQL Edge

 Azure Files
 Azure Database for MariaDB
 Azure Cosmos DB
 Azure SQL Databases
 Azure Cache for Redis
Explanation
From the official documentation:
Today's applications are required to be highly responsive and always online. To achieve low
latency and high availability, instances of these applications need to be deployed in
datacenters that are close to their users. Applications need to respond in real time to large
changes in usage at peak hours, store ever increasing volumes of data, and make this data
available to users in milliseconds.
Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With

the click of a button, Cosmos DB enables you to elastically and independently scale
throughput and storage across any number of Azure regions worldwide. You can elastically
scale throughput and storage, and take advantage of fast, single-digit-millisecond data access
using your favorite API including: SQL, MongoDB, Cassandra, Tables, or Gremlin. Cosmos
DB provides comprehensive service level agreements (SLAs) for throughput, latency,
availability, and consistency guarantees, something no other database service offers.
Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure
Functions, Cosmos DB makes storing data quick and easy with much less code than required
for storing data in a relational database.
References:
https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
https://docs.microsoft.com/en-us/azure/azure-functions/functions-integrate-store-
unstructured-data-cosmosdb?tabs=csharp
Question 13:
How can you determine the estimated monthly cost of an Azure service or resource?
 By using the Azure Pricing Calculator
 By checking the current Azure Marketplace pricing
 By contacting Microsoft customer support
 By analyzing the usage data of the resource
Explanation
The Azure Pricing Calculator is a free tool that can be used to estimate the monthly cost of
Azure services and resources based on factors such as region, usage, and quantity. It allows
users to select specific Azure services and configurations and provides an estimated monthly
cost based on the chosen parameters.
Other options:
By contacting Microsoft customer support : This is because contacting Microsoft
customer support is not a reliable method to determine the estimated monthly cost of an
Azure service or resource.
By analyzing the usage data of the resource: This is because analyzing the usage data of a
resource can help in optimizing costs but it does not provide an estimated monthly cost.
By checking the current Azure Marketplace pricing: This is because checking the current
Azure Marketplace pricing does not necessarily provide the estimated monthly cost of a
particular service or resource.
Reference: https://learn.microsoft.com/en-us/azure/cost-management-billing/understand/
plan-manage-costs
Question 14:
Which of the following Azure Support Plans grants access to:
1) 24x7 Access to Support Engineers via email and phone
2) Training in the form of webinars from Azure experts
3) Access to the Support API
 Professional Direct
 Standard
 Basic
 Developer
Explanation
Look at the table below. Clearly, Professional Direct is the correct option.
It is the only option (last column) that fulfills all mentioned requirements.
Reference : https://azure.microsoft.com/en-us/support/plans/
Question 15: Correct

An organization would like to create a web app to allow its employees to enter their
vacation / time-off details and then store that information in a backend storage solution.
They have noted that Python is their preferred language.
As the lead consultant, which service would you recommend?
 Azure Cosmos DB
 Azure App Service
 Azure Functions
 Azure Kubernetes
Explanation
From the official Azure docs:
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and
mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java,
Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows
and Linux-based environments.
It is also possible to scale apps on an enterprise grade platform:
Reference : https://docs.microsoft.com/en-us/azure/app-service/overview
Question 16:
Which of the following affect costs in Azure? (Choose 2)
 Location
 Instance size
 Availability Zone
 Knowledge center usage
Explanation
According to the official docs:
The instance size and the location (eg -US or Europe etc ) affect the prices. The knowledge
center is completely free to use, and you aren't charged for an Availability Zone.
Reference : https://azure.microsoft.com/en-us/pricing/
Question 17:
One of the primary benefits of using an Azure Key Vault is ____________.
 To see and stop threats before they cause harm
 Key Management
 Enforcing organizational standards and to assess compliance at-scale
 Automatically masking sensitive information
Explanation
 Enforcing organizational standards and to assess compliance at-scale - This is
done by Azure Policy.
 To see and stop threats before they cause harm - This is done by Azure Sentinel.
Key Management - Azure Key Vault can be used as a Key Management solution. Azure
Key Vault makes it easy to create and control the encryption keys used to encrypt your data.
Reference: https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

Which of the following displays personalized recommendations for all your
subscriptions, and you can use filters to select recommendations for specific
subscriptions, resource groups, or services?
 Azure Service Health
 Azure Arc
 Azure Advisor
 Azure Monitor
Explanation
Azure Advisor evaluates your Azure resources and makes recommendations to help improve
reliability, security, and performance, achieve operational excellence, and reduce costs.
Advisor is designed to help you save time on cloud optimization. The recommendation
service includes suggested actions you can take right away, postpone, or dismiss.
The recommendations are available via the Azure portal and the API, and you can set up
notifications to alert you to new recommendations.
When you're in the Azure portal, the Advisor dashboard displays personalized
recommendations for all your subscriptions, and you can use filters to select
recommendations for specific subscriptions, resource groups, or services.
Question 19:
What is the primary goal of the defense-in-depth model in cybersecurity?
 To establish multiple layers of security controls to mitigate risks.
 To create a single layer of security controls to prevent all threats.
 To focus solely on physical security measures for data centers.
 To outsource security responsibilities to third-party providers.
Explanation
The defense-in-depth model involves implementing a series of security layers, each providing
a different type of protection against threats. This approach minimizes the impact of a single
security breach by adding multiple lines of defense.
Reference: https://azure.microsoft.com/en-us/blog/microsoft-azures-defense-in-depth-
approach-to-cloud-vulnerabilities/
Question 20:
What is the primary purpose of Microsoft Purview in Azure?
 To provide a cloud-based development platform for building and deploying
applications.
 To enable real-time analytics and monitoring for Azure resources.
 To offer a suite of security services for protecting virtual machines.
 To manage and govern data across on-premises, multi-cloud, and SaaS
environments.
Explanation
Microsoft Purview is designed to help organizations manage, discover, classify, and govern
data across a variety of sources, including on-premises, multi-cloud, and software-as-a-
service (SaaS) environments. It provides a unified data governance solution to ensure data
security, compliance, and data-driven insights.
Reference: https://azure.microsoft.com/en-ca/products/purview
Question 21:
Azure virtual machines (VM) are classified as which of the following offering
 Software-as-a-service (Saas)
 Platform-as-a-service (Paas)
 Infrastructure-as-a-service (Iaas)
 Database-as-a-service (Daas)
Explanation
According to the official Azure website, Azure VMs are classified as IaaS since you are
renting out physical hardware. Refer to this image :
Read more about this: https://azure.microsoft.com/en-in/services/virtual-machines/#features
Question 22:
When should you scale out your deployment?
 When you need a stronger CPU to make your application run faster
 When you want to reduce the unused capacity of your system
 When you need to reduce your cost of operation
 When you need additional Virtual Machines / computers to speed up your
application
Explanation
Scale Out
A scale out operation is the equivalent of creating multiple copies of your web site and
adding a load balancer to distribute the demand between them. When you scale out a web site
in Azure, there is no need to configure load balancing separately since this is already
provided by the platform
References : https://www.azurebarry.com/how-to-autoscale-azure-app-services-cloud-
services/
Question 23:
Yes or No:
Data in an Azure storage account is replicated 3 times in the primary region.
 No
 Yes
Explanation
Azure Storage always stores multiple copies of your data so that it is protected from planned
and unplanned events, including transient hardware failures, network or power outages, and
massive natural disasters. Redundancy ensures that your storage account meets the Service-
Level Agreement (SLA) for Azure Storage even in the face of failures.
See below:
Reference : https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy
Question 24:
You have managed an app that you developed and deployed On-Prem for a long time,
but would now like to move it to Azure and be relieved of all the manual administration
and maintenance. Which of the following buckets would be most suitable for your use
case?
 Platform as a Service (PaaS)
 Infrastructure as a Service (IaaS)
 Database as a Service (DaaS)
 Software as a Service (SaaS)
Explanation
Platform as a service (PaaS) is a complete development and deployment environment in the
cloud, with resources that enable you to deliver everything from simple cloud-based apps to
sophisticated, cloud-enabled enterprise applications. You purchase the resources you need
from a cloud service provider on a pay-as-you-go basis and access them over a secure
Internet connection.
Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also

middleware, development tools, business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the complete web application lifecycle:
building, testing, deploying, managing, and updating.
PaaS allows you to avoid the expense and complexity of buying and managing software
licenses, the underlying application infrastructure and middleware, container
orchestrators such as Kubernetes, or the development tools and other resources. You
manage the applications and services you develop, and the cloud service provider
typically manages everything else.
References: https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-
using-app-services
Question 25:
Which of the following services can help you:
Assign time-bound access to resources using start and end dates
Enforce multi-factor authentication to activate any role
 Azure Security Center

 Azure DDos Protection
 Azure Privileged Identity Management
 Azure Advanced Threat Protection (ATP)
Explanation
(IMPORTANT QUESTION)
Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that
enables you to manage, control, and monitor access to important resources in your
organization. These resources include resources in Azure AD, Azure, and other Microsoft
Online Services like Office 365 or Microsoft Intune.
Reasons to use:
Organizations want to minimize the number of people who have access to secure information
or resources, because that reduces the chance of a malicious actor getting that access, or an
authorized user inadvertently impacting a sensitive resource. However, users still need to
carry out privileged operations in Azure AD, Azure, Office 365, or SaaS apps. Organizations
can give users just-in-time (JIT) privileged access to Azure resources and Azure AD. There
is a need for oversight for what those users are doing with their administrator privileges.
Reference : https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-
management/pim-configure

How many levels of depth can a management group tree support, excluding the root
level and the subscription level?
 5
 7
 6
 4
Explanation
A management group tree can support up to 6 levels of depth. This limit doesn't include the
root level or the subscription level.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-core-architectural-
components-of-azure/6-describe-azure-management-infrastructure

You are the senior architect of XYZ organization and the senior management has requested to
migrate all on-prem resources to the cloud.
The requirement is that only Platform as a Service (PaaS) solutions must be used in Azure.
Solution: To begin, you create an Azure App Service and Azure SQL databases.
Would this meet the goal?
 Yes
 No
Explanation
Please always remember - Azure App Service and Azure SQL Databases are both PaaS
services!
Azure App Service - Allows us to quickly build, deploy, and scale web apps created with
popular frameworks such as .NET, .NET Core, Node.js, Java, PHP, Ruby, or Python, in
containers or running on any operating system. It offers rigorous, enterprise-grade
performance, security, and compliance requirements by using the fully managed platform for
your operational and monitoring tasks.
Reference: https://azure.microsoft.com/en-in/services/app-service/
Azure SQL Database - Microsoft Azure SQL Database is a managed cloud database
provided as a part of Microsoft Azure. A cloud database is a database that runs on a cloud
computing platform, and access to it is provided as a service. Managed database services take
care of scalability, backup, and high availability of the database.
Reference: https://azure.microsoft.com/en-in/services/sql-database/
Please refer to the image below, and make sure you remember it properly. A lot of the
questions in the exam can be answered using this image alone:
What is the primary purpose of Microsoft Defender for Cloud?
 To provide network segmentation for virtual machines.
 To provide a physical security layer for computing hardware.
 To monitor security posture and protect against threats in cloud, on-premises,
hybrid, and multi-cloud environments.
 To automate the deployment of virtual machines in the cloud.
Explanation
From the official Microsoft documentation:
Defender for Cloud is a monitoring tool for security posture management and threat
protection. It monitors your cloud, on-premises, hybrid, and multi-cloud environments to
provide guidance and notifications aimed at strengthening your security posture.
Defender for Cloud provides the tools needed to harden your resources, track your security
posture, protect against cyber attacks, and streamline security management. Deployment of
Defender for Cloud is easy, it’s already natively integrated to Azure.
access-security/9-describe-microsoft-defender-for-cloud
Question 29:
________________ is the mission-critical cloud, delivering breakthrough innovation to
US government customers and their partners. Only US federal, state, local, and tribal
governments and their partners have access to this dedicated instance, with operations
controlled by screened US citizens.
 Azure Nation
 Azure US
 Azure Government
 Azure United States
Explanation
Azure Government - It is the mission-critical cloud, delivering breakthrough innovation to

US government customers and their partners. Only US federal, state, local, and
tribal governments and their partners have access to this dedicated instance, with operations
controlled by screened US citizens.
Reference: https:///en-us/global-infrastructure/government/get-started/
Question 30:
You want to restrict access to certain Azure resources based on departmental
requirements within your organization. Which Azure feature would you use?
 Management groups
 Resource groups
 Subscriptions
Explanation
In this scenario, you would use subscriptions to restrict access to certain Azure resources
based on departmental requirements. Subscriptions can be used to apply different access-
management policies, reflecting different organizational structures. Azure applies access-
management policies at the subscription level, which allows you to manage and control
access to the resources that users provision within specific subscriptions.
Other options -
 Resource groups: Resource groups are primarily used to organize resources that are
related to the same project or have the same lifecycle. They are not specifically
designed for access control based on departmental requirements.
 Management groups: Management groups are used to efficiently manage access,
policies, and compliance for multiple subscriptions, providing a level of scope above
subscriptions. They are more suitable for large-scale governance rather than
restricting access based on departmental requirements.
 Azure Active Directory: While Azure Active Directory (Azure AD) is responsible
for handling authentication and authorization, it alone cannot restrict access to certain
Azure resources based on departmental requirements. Instead, Azure AD is used in
conjunction with other features like subscriptions to control access.

You want to deploy a file share that can be accessed from multiple Azure virtual
machines without setting up a separate file server. Which Azure service can you use to
achieve this?
 Azure Virtual Network
 Azure Storage Account
 Azure SQL Database
Explanation
This is a tricky question. Azure Storage Account is the correct answer as it provides Azure
Files, which can be used to create a file share accessible from multiple virtual machines.
Remember, we always need to choose the BEST option from the ones provided. Even though
Azure Files would've been the ideal option, but since its not one of the options we need to go
with the best option possible.
Other Options:
 Azure SQL Database is a database service and not suitable for sharing files among
multiple virtual machines.
 Azure Virtual Network is a networking service and not suitable for file sharing.
 Azure App Service is a platform for hosting web applications and not suitable for file
sharing.
Reference: https://azure.microsoft.com/en-us/products/storage/files/
Question 32:
Yes or No:
We get total control of the underlying Operating System when working with Platform
As a Service (PaaS) solutions.
 Yes
 No
Explanation
From the official Azure documentation:


licenses, the underlying application infrastructure and middleware, container orchestrators
such as Kubernetes, or the development tools and other resources. You manage the
applications and services you develop, and the cloud service provider typically manages
everything else.
A great image to reference for such concepts - https://www.redhat.com/en/topics/cloud-

computing/iaas-vs-paas-vs-saas (Important)
Reference: https://azure.microsoft.com/en-us/overview/what-is-paas/
Question 33:
Which of the following is a server-less solution that allows you to write less code,
maintain less infrastructure, and save on costs.?
 Azure DevOps
 Azure Logic Apps
 Azure Functions
Explanation
Azure Functions allows you to run small pieces of code (called "functions") without
worrying about application infrastructure. With Azure Functions, the cloud infrastructure
provides all the up-to-date servers you need to keep your application running at scale.
A function is "triggered" by a specific type of event. Supported triggers include responding

to changes in data, responding to messages, running on a schedule, or as the result of an
HTTP request.
Few of the features of Azure Functions are:
Reference : https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview
Question 34:
When assigning Azure role-based access control (Azure RBAC) at the management
group level, which of the following occurs?
 Permissions are assigned individually for each subscription under the
management group.
 Permissions apply only to the resources within the management group.
 Permissions are inherited by all sub-management groups, subscriptions,
resource groups, and resources under the management group.
 Permissions are restricted to the management group level only.
Explanation
Permissions are inherited by all sub-management groups, subscriptions, resource groups, and
resources under the management group.
When you assign Azure role-based access control (Azure RBAC) at the management group
level, the permissions are inherited by all sub-management groups, subscriptions, resource
groups, and resources under the management group. This approach simplifies access
management and helps maintain consistency across the organization.

Your company plans to deploy multiple Virtual Machines in Azure. As the lead architect, you
must ensure that all these virtual machines are available if a single data center fails.
Solution: You deploy the virtual machines to two or more Availability Zones.
Would this solution meet the goal?
 Yes
 No
Explanation
Absolutely! The answer is in the question itself. If one data center goes down, we can make
sure our VM is still running in another data center! This is the entire concept of fault
tolerance - Make sure you have enough backups to prevent downtime.
Availability Zones -
An Availability Zone is a high-availability offering that protects your applications and data
from datacenter failures. Availability Zones are unique physical locations within an Azure
region. Each zone is made up of one or more datacenters equipped with independent power,
cooling, and networking (VERY IMPORTANT PLEASE NOTE).
To ensure resiliency, there's a minimum of three separate zones in all enabled regions. The
physical separation of Availability Zones within a region protects applications and data from
datacenter failures. Zone-redundant services replicate your applications and data across
Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure
offers industry best 99.99% VM uptime SLA.
Azure services that support Availability Zones fall into two categories:
1) Zonal services – where a resource is pinned to a specific zone (for example, virtual
machines, managed disks, Standard IP addresses), or
2) Zone-redundant services – when the Azure platform replicates automatically across

zones (for example, zone-redundant storage, SQL Database).
To achieve comprehensive business continuity on Azure, build your application architecture
using the combination of Availability Zones with Azure region pairs. You can synchronously
replicate your applications and data using Availability Zones within an Azure region for
high-availability and asynchronously replicate across Azure regions for disaster recovery
protection.
Reference : https://docs.microsoft.com/en-us/azure/availability-zones/az-overview

Yes or No:
A resource group can contain resources from multiple Azure regions.
 No
 Yes
Explanation
Resources from multiple different regions can be placed in a resource group. The resource
group only contains metadata about the resources it contains.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-
overview
Question 37:
Which of the following is an accurate description of Azure ExpressRoute?
 A service that provides dedicated, private network connectivity between your on-
premises infrastructure and Azure datacenters.
 A service that allows you to connect your on-premises infrastructure to Azure
over the public internet.
 A service that enables you to manage and monitor Azure resources from a single,
unified dashboard.
 A service that provides backup and disaster recovery solutions for Azure
resources.
Explanation
Azure ExpressRoute is a service that provides dedicated, private network connectivity
between your on-premises infrastructure and Azure datacenters. This allows you to extend
your on-premises network into Azure, providing a more secure and reliable connection than
the public internet.
 A service that allows you to connect your on-premises infrastructure to Azure
over the public internet: This is because Azure ExpressRoute does not use the
public internet for connectivity. Instead, it provides a private, dedicated connection.
 A service that provides backup and disaster recovery solutions for Azure
resources: This is because Azure ExpressRoute is not specifically designed for
backup and disaster recovery. While it can be used in conjunction with these
solutions, it is primarily used for private connectivity.
 A service that enables you to manage and monitor Azure resources from a single,
unified dashboard: This is because Azure ExpressRoute is not a management or
monitoring tool for Azure resources. It is a connectivity service that enables you to
extend your on-premises network into Azure.
Reference: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-introduction

Yes or No:
When you create a resource group, you need to provide a location for that resource
group.
 Yes
 No
Explanation
When you create a resource group, you need to provide a location for that resource
group.
You may be wondering, "Why does a resource group need a location? And, if the resources
can have different locations than the resource group, why does the resource group location
matter at all?"
The resource group stores metadata about the resources. When you specify a location for the
resource group, you're specifying where that metadata is stored. For compliance reasons, you
may need to ensure that your data is stored in a particular region.
More info from the docs -

Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/
manage-resource-groups-portal
Question 39:
When you as a consumer are implementing a Software as a Service (SaaS) solution, you are
responsible for configuring high availability.
Review the bolded text. If the statement is already correct, select "No change is needed". If
the statement is , choose the option below that would make the statement correct.
 No change is needed
 Creating a resource group
 Installing the SaaS solution
 Configuring the SaaS solution
Explanation
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the
Internet. Common examples are email, calendaring, and office tools (such as Microsoft
Office 365).
SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from
a cloud service provider. You rent the use of an app for your organization, and your users
connect to it over the Internet, usually with a web browser. All of the underlying
infrastructure, middleware, app software, and app data are located in the service provider’s
data center. The service provider manages the hardware and software, and with the
appropriate service agreement, will ensure the availability and the security of the app and
your data as well. SaaS allows your organization to get quickly up and running with an app at
minimal upfront cost.
If you’ve used a web-based email service such as Outlook, Hotmail, or Yahoo! Mail, then
you’ve already used a form of SaaS. With these services, you log into your account over the
Internet, often from a web browser. The email software is located on the service provider’s
network, and your messages are stored there as well. You can access your email and stored
messages from a web browser on any computer or Internet-connected device.
The previous examples are free services for personal use. For organizational use, you can rent
productivity apps, such as email, collaboration, and calendaring; and sophisticated business
applications such as customer relationship management (CRM), enterprise resource planning
(ERP), and document management. You pay for the use of these apps by subscription or
according to the level of use.
Reference : https://azure.microsoft.com/en-us/overview/what-is-saas/
Question 40:
Yes or No:
Inter-Region transfer of data is always free of cost.
 No
 Yes
Explanation
It is important to note that data inbound (ingress) is FREE, but data outbound (egress)
is NOT FREE.
Look at the following details from the official documentation:
Reference: https://azure.microsoft.com/en-us/pricing/details/bandwidth/
Question 41:
Which of the following services allows you to send events generated from Azure
resources to applications?
 Azure Event Hub
 Azure Cognitive Services
 Azure Event Grid
Explanation
A summary from the official Azure documentation:
Reference : https://docs.microsoft.com/en-us/azure/event-grid/overview
Question 42:
You can significantly reduce costs (up-to 72%) as compared to pay-as-you-go pricing
by _______________.
 Using Reserved Instances
 Using the free tier
 Provisioning a lot of resources
 Not using a lot of resources
Explanation
You can significantly reduce costs — up to 72 percent compared to pay-as-you-go prices—
with
one-year or three-year terms on Windows and Linux virtual machines (VMs). When you
combine the cost savings gained from Azure RIs (reserved instances) with the added value
of the Azure Hybrid Benefit, you can save up to 80 percent**.
It is possible to lower your total cost of ownership by combining Azure Reserved Instances
with pay-as-you-go prices to manage costs across predictable and variable workloads. In
many cases, you can further reduce your costs with reserved instance size flexibility.
Reference : https://azure.microsoft.com/en-us/pricing/reserved-vm-instances/
Question 43:
Yes or No: Permissions are by default inherited by all resources residing in a resource
group.
 No
 Yes
Explanation
A resource group can be used to scope access control for administrative actions. By default,
permissions set at the resource level are inherited by the resources in the resource group.
More info about resources :
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-
overview
Question 44:
Power BI can access infrequently used data from which of the following?
 Azure DataLake
 Azure PostgreSQL
 Azure SQL Data Warehouse
 Azure Cosmos DB
Explanation
Azure DataLake and Azure SQL Data Warehouse are the correct options:
Reference : https://powerbi.microsoft.com/fr-fr/blog/power-bi-dataflows-and-azure-data-
lake-storage-gen2-integration-preview/
Question 45:
What is the present maximum capacity for storage accounts?
 750 TiB
 2 PiB
 400 TB
 5 PiB
Explanation
Referring to the official Azure docs again:
The maximum storage account capacity currently is : 5PiB
*These might change with time so if you feel it has changed, inform me through message or
in the Q/A section, I'll highly appreciate it :)
Reference : https://docs.microsoft.com/en-us/azure/storage/common/scalability-targets-
standard-account
Question 46:
When computing and processing demand increases beyond an on-premises datacenter’s
capabilities, businesses can easily use the ___________ cloud to instantly scale capacity
up or down to handle excess capacity.
 Public
 Private
Explanation
When computing and processing demand increases beyond an on-premises datacenter’s

capabilities, businesses can use the cloud to instantly scale capacity up or down to handle
excess capacity. It also allows them to avoid the time and cost of purchasing, installing, and
maintaining new servers that they may not always need.
Reference: https://azure.microsoft.com/en-gb/overview/what-is-hybrid-cloud-computing/
Question 47:
You have dozens of Virtual Machines (VM) hosted in Azure. The lead architect has
asked for your suggestions to migrate all the VMs to an Azure pay-as-you-go
subscription. Which expenditure model would apply to the stated requirement?
 Operational
 Scalable
 Fault Tolerant
 Capital
Explanation
Fault Tolerant and Scalable are wrong answers because such payment models don't exist.
Capital expenditure is also since we aren't going to be paying anything up front. Operational
makes most sense since it means 'pay as you go' , i.e paying only for what you consume and
nothing else.
Pay-As-You-Go
This offer is billed at the standard Pay-As-You-Go rates, except as otherwise specified.
You will be notified through email at least 30 days in advance of any changes to the Pay-As-
You-Go rates. New services may be added periodically to the Azure platform. Azure will
notify you in advance of these new services and any fees that might be charged for using
them. However, you would only be charged if you elect to use the new services.
Any taxes which may result from receiving services at no charge are the sole responsibility of
the recipient.
Reference : https://azure.microsoft.com/en-us/offers/ms-azr-0003p/
Question 48:
Which of the following services can automatically sign users in when they are on their
corporate devices & connected to your corporate network?
 Azure Sentinel
 Password Auth
 Multi-Factor Authentication (MFA)
 Single-Sign-On (SSO)
Explanation
From the official documentation: Azure Active Directory Seamless Single Sign-On (Azure
AD Seamless SSO) automatically signs users in when they are on their corporate devices
connected to your corporate network. When enabled, users don't need to type in their
passwords to sign in to Azure AD, and usually, even type in their usernames. This feature
provides your users easy access to your cloud-based applications without needing any
additional on-premises components.
With single sign-on, users sign in once with one account to access domain-joined devices,
company resources, software as a service (SaaS) applications, and web applications. After
signing in, the user can launch applications from the Office 365 portal or the Azure AD
MyApps access panel. Administrators can centralize user account management, and
automatically add or remove user access to applications based on group membership.
Reference : https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-
single-sign-on
Question 49:
A hacker group recently attacked your video streaming website and all your resources
were exhausted and unavailable to your users. What can you do to prevent this type of
attack in the future?
 Use Azure DDoS protection
 Use Azure Virtual Networks
 Use an Azure Firewall
 Use a Network Security Group
Explanation
Azure has two DDoS service offerings that provide protection from network attacks (Layer 3
and 4): DDoS Protection Basic and DDoS Protection Standard.
DDoS Protection Basic
Basic protection is integrated into the Azure by default at no additional cost. The scale and
capacity of the globally deployed Azure network provides defense against common network-
layer attacks through always-on traffic monitoring and real-time mitigation. DDoS Protection
Basic requires no user configuration or application changes. DDoS Protection Basic helps
protect all Azure services, including PaaS services like Azure DNS.
Basic DDoS protection in Azure consists of both software and hardware components. A
software control plane decides when, where, and what type of traffic should be steered
through hardware appliances that analyze and remove attack traffic. The control plane makes
this decision based on an infrastructure-wide DDoS Protection policy. This policy is statically
set and universally applied to all Azure customers.
For example, the DDoS Protection policy specifies at what traffic volume the protection
should be triggered. (That is, the tenant’s traffic should be routed through scrubbing
appliances.) The policy then specifies how the scrubbing appliances should mitigate the
attack.
The Azure DDoS Protection Basic service is targeted at protection of the infrastructure and
protection of the Azure platform. It mitigates traffic when it exceeds a rate that is so
significant that it might affect multiple customers in a multitenant environment. It doesn’t
provide alerting or per-customer customized policies.
DDoS Protection Standard
Standard protection provides enhanced DDoS mitigation features. It's automatically tuned to
help protect your specific Azure resources in a virtual network. Protection is simple to enable
on any new or existing virtual network, and it requires no application or resource changes. It
has several advantages over the basic service, including logging, alerting, and telemetry. The
following sections outline the key features of the Azure DDoS Protection Standard service.
Reference : https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-
practices
Question 50:
True or False: Resources don't inherit the tags you apply to a resource group or a
subscription.
 True
 False
Explanation
From the official docs :
Yes, this is true. Resources don't inherit the tags you apply to a resource group or a
subscription. To apply tags from a subscription or resource group to the resources, see Azure
Policies - tags.
manage-resource-groups-portal#tag-resource-groups
Question 51:
Yes or no?
All resource types support Tags in Azure.
 No
 Yes
Explanation
No, according to the official documentation, Tags CANNOT be applied to all resource types.
See below:
Reference : https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/
tag-resources

A client of yours is a content creator and would like to be notified via Email whenever
their course is purchased. Which of the following solutions would be best suited for this
automation?
 A Server image in Azure Marketplace
 A Logic App
 An API app
 A Web App
Explanation
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate
tasks, business processes, and workflows when you need to integrate apps, data, systems, and
services across enterprises or organizations. Logic Apps simplifies how you design and build
scalable solutions for app integration, data integration, system integration, enterprise
application integration (EAI), and business-to-business (B2B) communication, whether in the
cloud, on premises, or both.
For example, here are just a few workloads you can automate with logic apps:
-> Process and route orders across on-premises systems and cloud services.
-> Send email notifications with Office 365 when events happen in various systems, apps,
and services.
-> Move uploaded files from an SFTP or FTP server to Azure Storage.
-> Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for
items that need review.
An example of a flow:
References: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
Question 53:
Yes or No:
Your company has explored some of the services in Azure Public preview. One of the
architects working in your team has advised to deploy mission critical
services/applications to these services. Are they correct?
 No
 Yes
Explanation
According to the official documentation, it is important to note that the services offered in
public preview are excluded from the Service Level Agreements (SLAs) . It is therefore
not a good idea to deploy production environments on resources / services that are in
preview (public or private).
Reference : https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/

Yes or No:
One of the definitions of the Hybrid cloud model is to use multiple Public Clouds in
conjunction with a Private Cloud.
 Yes
 No
Explanation
A hybrid cloud—sometimes called a cloud hybrid—is a computing environment that

combines an on-premises datacenter (also called a private cloud) with a public cloud,
allowing data and applications to be shared between them. Some people define hybrid cloud
to include “multicloud” configurations where an organization uses more than one public
cloud in addition to their on-premises datacenter.
Question 55:
Which of the following is a distributed network of servers that can efficiently deliver
web content to users?
 Azure Application Gateway
 Azure Content Delivery Network
Explanation
According to the official docs, a Content Delivery Network (CDN) is a distributed
network of servers that can efficiently deliver web content to users. CDNs store cached
content on edge servers in point-of-presence (POP) locations that are close to end users, to
minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly
delivering high-bandwidth content to users by caching their content at strategically placed
physical nodes across the world. Azure CDN can also accelerate dynamic content, which
cannot be cached, by leveraging various network optimizations using CDN POPs. For
example, route optimization to bypass Border Gateway Protocol (BGP).
Reference : https://docs.microsoft.com/en-us/azure/cdn/cdn-overview

Yes or No:
A resource can belong to more than one resource group
 No
 Yes
Explanation
No! 1 resource = 1 resource group (very simply logic)
From the official documentation :
Question 57:
What is the maximum number of management groups that can be supported in a single
directory?
 10,000
 20,000
 5,000
 1,000
Explanation
The maximum number of management groups that can be supported in a single directory
is 10,000. This allows for efficient management of access, policies, and compliance for a
large number of subscriptions in an organization.
Question 58:
Which of the following factors can affect the availability of an Azure service under the
SLA?
 Natural disasters
 Network disruptions outside of Azure
 Hardware or software failures within Azure
 Planned maintenance activities
Explanation
The Service Level Agreement (SLA) for Azure services guarantees a certain level of
availability, which is expressed as a percentage of uptime over a specific period of time.
However, certain factors can affect the availability of an Azure service, even if it is covered
under the SLA.
Network disruptions outside of Azure, such as issues with your own internet service
provider (ISP), can impact your ability to connect to Azure services and can affect their
availability. However, these types of disruptions are outside of Microsoft's control, so they
are NOT considered in the Azure SLA.
Planned maintenance activities, which are performed to update or maintain Azure services,
can cause temporary downtime. However, Microsoft typically schedules maintenance
activities during off-peak hours to minimize their impact on availability.
Hardware or software failures within Azure can cause disruptions to service availability.
Microsoft implements measures to minimize the impact of these failures, such as redundancy
and failover mechanisms, but they can still occur.
Natural disasters, such as earthquakes or hurricanes, can also impact the availability of
Azure services, but this is outside of Microsoft's control.
Reference: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-
SLA-for-Online-Services?
Question 59:
What is the significance of implementing security controls at the "data" layer in the
defense-in-depth model?
 It ensures the physical security of data storage.
 It reduces the impact of denial of service (DoS) attacks.
 It prevents network-based attacks against resources.
 It protects sensitive data and ensures confidentiality, integrity, and availability.
Explanation
The "data" layer in the defense-in-depth model is responsible for controlling access to
business and customer data. It ensures that sensitive data is properly secured and complies
with regulatory requirements, ensuring its confidentiality, integrity, and availability.
access-security/8-describe-defense-depth
Question 60:
Can you apply a read-only lock to an Azure resource that already has a delete lock
applied to it?
 Yes, but only by the owner of the subscription
 No, a delete lock overrides all other locks and prevents any modifications or
deletions
 No, but a read-only lock can be temporarily disabled to make modifications
Explanation
As an administrator, you can lock an Azure subscription, resource group, or resource to
protect them from accidental user deletions and modifications. The lock overrides any user
permissions.
You can set locks that prevent either deletions or modifications. In the portal, these locks are
called Delete and Read-only. In the command line, these locks are
called CanNotDelete and ReadOnly.
 CanNotDelete means authorized users can read and modify a resource, but they can't
delete it.
 ReadOnly means authorized users can read a resource, but they can't delete or update
it. Applying this lock is similar to restricting all authorized users to the permissions
that the Reader role provides.
Try this out in the Azure portal, you should be able to add a read-only lock to a resource
having a CanNotDelete lock already!
Reference: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/
lock-resources?tabs=json
Question 61:
In the defense-in-depth model, what is the role of the "network" layer?
 It limits communication between resources and enforces access controls.
 It focuses on securing access to applications.
 It ensures the physical security of computing hardware.
 It secures access to virtual machines.
Explanation
The "network" layer in the defense-in-depth model is responsible for limiting communication
between resources, which helps prevent the spread of attacks. It enforces access controls to
ensure that only necessary communication occurs and reduces the risk of an attack affecting
other systems.
access-security/8-describe-defense-depth
Question 62:
You've been asked by senior management to prepare a presentation describing not only
the benefits, but also the estimated cost savings you can realize by migrating your
workloads to Azure. As the lead architect, which service would you use for these
calculations?
 Azure Advisor
 Azure Monitor
 Azure Cost Management
 Azure TCO calculator
Explanation
For users wishing to adopt cloud services, Azure provides a web-based TCO Calculator. You
can use this calculator to estimate the costs of migrating your data and applications to
Azure and predict potential savings.
Reference: https://azure.microsoft.com/en-in/pricing/tco/calculator/
Question 63:
During live telecasts of football matches, streaming platforms sometimes experience
massive spikes in viewerships and users visiting their websites when a goal is scored.
Which of the following would be beneficial to deal with such expected demand of
resources?
 Virtual Machines
 Containers
 Kubernetes
 Serverless Computing
Explanation
Serverless computing enables developers to build applications faster by eliminating the need
for them to manage infrastructure. With serverless applications, the cloud service provider
automatically provisions, scales, and manages the infrastructure required to run the code.
While understanding the definition of serverless computing, it’s important to note that servers
are still running the code. The serverless name comes from the fact that the tasks associated
with infrastructure provisioning and management are invisible to the developer. This
approach enables developers to increase their focus on the business logic and deliver more
value to the core of the business (IMPORTANT). Serverless computing helps teams
increase their productivity and bring products to market faster, and it allows organizations to
better optimize resources and stay focused on innovation.
Reference : https://azure.microsoft.com/en-us/overview/serverless-computing/
Which of the following services provides a personalized view of the health of the Azure
services, regions, and resources you rely on?
 Azure Resource Health
 Azure Advisor
 Azure Monitor
Explanation
Azure Service Health provides a personalized view of the health of the Azure services,
regions, and resources you rely on. The status.azure.com website, which displays only major
issues that broadly affect Azure customers, doesn't provide the full picture. But Azure Service
Health displays both major and smaller, localized issues that affect you. Service issues are
rare, but it's important to be prepared for the unexpected. You can set up alerts that help you
triage outages and planned maintenance. After an outage, Service Health provides official
incident reports, called root cause analyses (RCAs), which you can share with stakeholders.

____________ is an agreement with Microsoft to use one or more Microsoft cloud
platforms or services, for which charges accrue based on either a per-user license fee or
on cloud-based resource consumption.
 A Resource Group
 A User Account
 A Subscription
 A License
Explanation
According to the official docs -
References:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-
tenants-for-microsoft-cloud-offerings
Question 66:
Which of the following can be used to manage your Azure Resources from an iPhone?
 Windows PowerShell
 Azure Mobile App
 Azure CLI
 Azure Cloud Shell
 Azure Portal
Explanation
The Azure portal is the web-based portal for managing Azure. Being web-based, you can
use the Azure portal on an iPhone.
Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure
Cloud Shell from the Azure portal. Being web-based, you can use the Azure Cloud Shell on
an iPhone.
Answers:
A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.
D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.
References: http://www.deployazure.com/management/managing-azure-from-ipad/
Question 67:
Which of the following actions can help you reduce your Azure costs?
 Reducing the amount of data transferred between Azure regions
 Keeping all virtual machines running 24/7
 Enabling automatic scaling for all virtual machines
 Increasing the number of virtual machines deployed
Explanation
Reducing the amount of data transferred between Azure regions can help reduce costs by
minimizing data egress charges.
Other options:
 Deploying more virtual machines: This can actually increase costs if they are not
utilized efficiently.
 Enabling automatic scaling: This can help optimize resource usage and reduce costs,
but it depends on the specific workload and usage patterns.
 Keeping virtual machines running 24/7: This can result in unnecessary costs,
especially if they are not utilized all the time. It is recommended to use automation to
start and stop VMs based on usage patterns.
Reference: https://learn.microsoft.com/en-us/azure/cost-management-billing/cost-
management-billing-overview

You are a tech startup owner and would like to migrate your self hosted apps and
services to Azure.
Which of the following is an advantage of the Public Cloud that you'll realize thanks to
the migration?
 Near unlimited scalability as on-demand resources are available to meet your

business needs.
 Peace of mind that Azure will send over hardware for you to store in your
warehouse.
 Resources are not shared with others, so higher levels of control and privacy are
possible.
 Your organization can customize its cloud environment to meet specific business
needs.
Explanation
The public cloud is a shared entity whereby multiple corporations each use a portion of the
resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by
the cloud provider. Multiple companies create resources such as virtual machines and virtual
networks on the hardware resources.
Answers:
Resources are not shared with others, so higher levels of control and privacy are
possible - This is a characteristic of a Private Cloud.
Your organization can customize its cloud environment to meet specific business needs
- This is also a characteristic of a Private Cloud.
Peace of mind that Azure will send over hardware for you to store in your warehouse
- Azure stores all infrastructure on their end. You'd be storing hardware that you purchased
and incur CapEx in a Private cloud setup.
Reference: https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-
are-private-public-hybrid-clouds/#overview
Question 69:
_________________ offers fully managed file shares in the cloud that are accessible via
the industry standard Server Message Block (SMB) protocol or Network File System
(NFS) protocol. This means it can be used to completely replace or supplement
traditional on-premises file servers or NAS devices.
 Azure Files
 Azure Blob Storage
 Azure Data Lake Storage
Explanation
Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly
used in Windows and Windows Server. To use an Azure file share with Windows, you must
either mount it, which means assigning it a drive letter or mount point path, or access it via its
UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows
Server, Linux Samba server, or NAS device, Azure file shares do not currently support
Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD)
identity.
Instead, you must access your Azure file share with the storage account key for the storage
account containing your Azure file share. A storage account key is an administrator key for a
storage account, including administrator permissions to all files and folders within the file
share you're accessing, and for all file shares and other storage resources (blobs, queues,
tables, etc) contained within your storage account.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-
windows
Question 70:
Which of the following services provides information about Azure service incidents,
planned maintenance and can notify you of issues via Email, SMS and push
notifications?
 Azure Monitor
 Azure Trust Portal
 Azure Initiatives
Explanation
According to the official Azure docs:
Azure Service Health notifies you about Azure service incidents and planned maintenance
so you can take action to mitigate downtime. We can configure customizable cloud
alerts and use your personalized dashboard to analyze health issues, monitor the impact to
your cloud resources, get guidance and support, and share details and updates.
Reference : https://azure.microsoft.com/en-us/features/service-health/#features

One of your colleagues goes ahead and creates an Azure App Service and 3 Azure
Virtual machines.
 Yes
 No
Explanation
An Azure App Service is a PaaS (Platform as a Service) example so this is not an issue.
However, Azure Virtual machines fall under the category of IaaS (Infrastructure as a
Service) service since you're renting infrastructure. Therefore, we would disagree with this
decision.
References:
https://azure.microsoft.com/en-us/overview/what-is-paas/
https://azure.microsoft.com/en-us/overview/what-is-iaas/
For industries that work with highly sensitive data, such as banking, finance,
government, and healthcare, ___________ cloud may be their best cloud option.
 Public
 Hybrid
 Private
Explanation
For industries that work with highly sensitive data, such as banking, finance, government,
and healthcare, hybrid may be their best cloud option. For example, some regulated industries
require certain types of data to be stored on-premises while allowing less sensitive data to be
stored on the cloud. In this kind of hybrid cloud architecture, organizations gain the flexibility
of the public cloud for less regulated computing tasks, while still meeting their industry
requirements.
Question 73:
The ___________________ is a regulation in EU law on data protection and privacy in
the European Union and the European Economic Area.
 American National Standards Institute (ANSI)
 Center for Internet Security (CIS)
 General Data Protection Regulation (GDPR)
 International Organization for Standardization (ISO)
Explanation
The General Data Protection Regulation (GDPR) is a regulation in EU law on data
protection and privacy in the European Union and the European Economic Area. The GDPR
is an important component of EU privacy law and of human rights law, in particular Article 8
of the Charter of Fundamental Rights of the European Union.
Reference: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

Is it possible to modify an Azure resource that has a delete lock applied to it?
 Yes, but only by users with the least privileges
 Yes, it is possible for the admin to do so
 No, a delete lock prevents all users from modifying or deleting the resource
 No, but a delete lock can be temporarily disabled to make modifications
Explanation
permissions.
called CanNotDelete and ReadOnly.
delete it.

Yes or No:
Deleting a resource groups deletes all the resources inside it as well.
 Yes
 No
Explanation
From the Azure official docs:
Deleting the resource group will remove the resource group as well as all the resources in
that resource group. This can be useful for the management of resources. For example, a
virtual machine has several components (the VM itself, virtual disks, network adapter etc.).
By placing the VM in its own resource group, you can delete the VM along with all its
associated components by deleting the resource group.
Another example is when creating a test environment. You could place the entire test
environment (Network components, virtual machines etc.) in one resource group. You can
then delete the entire test environment by deleting the resource group.
Question 76:
Yes or No:
It is possible to deploy Azure resources through a Tablet by using Bash in the Azure
Cloud Shell.
 No
 Yes
Explanation
Azure Cloud Shell is an interactive, authenticated, browser-accessible (the key to

everything since all you need is a browser and the OS doesn't matter) shell for managing
Azure resources. It provides the flexibility of choosing the shell experience that best suits the
way you work, either Bash or PowerShell.
All you need is a browser on your Tablet, and then:

Reference: https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart
https://docs.microsoft.com/en-us/azure/cloud-shell/overview
Question 77:
Select the characteristics of the Public Cloud from the following:
 Unsecured connections
 Hardware must be purchased for start-up and maintenance.
 Applications can be quickly provisioned and deprovisioned.
 Organizations are responsible for hardware maintenance and updates.
 Metered pricing
 No capital expenditure to scale up
Explanation
From the Azure Docs:
With the public cloud, you get pay-as-you-go pricing and you pay only for what you use, no
CapEx costs are involved.
With the public cloud, you have self-service management. You are responsible for the
deployment and configuration of the cloud resources such as virtual machines or web sites.
The underlying hardware that hosts the cloud resources is managed by the cloud provider.
Answers:
Hardware must be purchased for start-up and maintenance - You don't have to purchase
any hardware on the public cloud. The underlying hardware is shared so you could have
multiple customers using cloud resources hosted on the same physical hardware. Moreover,
this is a characteristic of the private cloud.
Unsecured Connections - Connections to the public cloud are secure.
Organizations are responsible for hardware maintenance and updates - This is a

characteristic of the Private Cloud.
References : https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-
cloud-deployment-models
Question 78:
Which of the following services would you help achieve the following:
1) Create and manage a group of load balanced VMs.
2) Provide high availability and application resiliency by distributing VMs across availability
zones
3) Allows your application to automatically scale as resource demand changes
 Azure Resource Groups

 Azure Subscriptions
 Azure Region Pairs
 Azure Scale Sets
Explanation
A great article from the official Microsoft documentation:
Reference : https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview

For all Virtual Machines that have two or more instances deployed across two or more
Availability Zones in the same Azure region, you will have Virtual Machine
Connectivity to at least one instance guaranteed at least _______ of the time.
 99%
 99.99%
 99.95%
 99.5%
Explanation
SLA for Virtual Machines
 For all Virtual Machines that have two or more instances deployed across two or more
Availability Zones in the same Azure region, we guarantee you will have Virtual
Machine Connectivity to at least one instance at least 99.99% of the time.
 For all Virtual Machines that have two or more instances deployed in the same
Availability Set or in the same Dedicated Host Group, we guarantee you will have
Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
 For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all
Operating System Disks and Data Disks, we guarantee you will have Virtual Machine
Connectivity of at least 99.9%.
 For any Single Instance Virtual Machine using Standard SSD Managed Disks for
Operating System Disk and Data Disks, we guarantee you will have Virtual Machine
Connectivity of at least 99.5%.
 For any Single Instance Virtual Machine using Standard HDD Managed Disks for
Operating System Disks and Data Disks, we guarantee you will have Virtual Machine
Connectivity of at least 95%.
Reference: https://www.azure.cn/en-us/support/sla/virtual-machines/
Question 80:
Which of the following factors influence the cost of Azure resources? (Select all that
apply)
 Consumption
 Geography
 Maintenance
 Resource type
Explanation
The correct answers are - Resource type, Consumption, and Geography. These factors
influence the cost of Azure resources. Maintenance, on the other hand, is an important aspect
of managing resources to control costs but does not directly influence the cost of the
resources themselves.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-cost-management-
azure/2-describe-factors-affect-costs-azure
Question 8: Incorrect
For industries that work with highly sensitive data, such as banking, finance,
government, and healthcare, ___________ cloud may be their best cloud option.
 Public
 Hybrid
 Private
Explanation
For industries that work with highly sensitive data, such as banking, finance, government,
and healthcare, hybrid may be their best cloud option. For example, some regulated industries
require certain types of data to be stored on-premises while allowing less sensitive data to be
stored on the cloud. In this kind of hybrid cloud architecture, organizations gain the flexibility
of the public cloud for less regulated computing tasks, while still meeting their industry
requirements.
_________________ offers fully managed file shares in the cloud that are accessible via
the industry standard Server Message Block (SMB) protocol or Network File System
(NFS) protocol. This means it can be used to completely replace or supplement
traditional on-premises file servers or NAS devices.
 Azure Data Lake Storage
 Azure Files
Explanation
Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly
used in Windows and Windows Server. To use an Azure file share with Windows, you must
either mount it, which means assigning it a drive letter or mount point path, or access it via its
UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows
Server, Linux Samba server, or NAS device, Azure file shares do not currently support
Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD)
identity.
Instead, you must access your Azure file share with the storage account key for the storage
account containing your Azure file share. A storage account key is an administrator key for a
storage account, including administrator permissions to all files and folders within the file
share you're accessing, and for all file shares and other storage resources (blobs, queues,
tables, etc) contained within your storage account.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-
windows
Practice Test 2
Question 1: Correct
What is the primary purpose of redundancy in Azure Storage?

 To provide high availability and durability in the face of failures.
 To protect against data corruption and unauthorized access.
 To improve data processing speed for applications.
 To increase the storage capacity of Azure resources.
Explanation
From the official documentation: Azure Storage always stores multiple copies of your data so
that it's protected from planned and unplanned events such as transient hardware failures,
network or power outages, and natural disasters. Redundancy ensures that your storage
account meets its availability and durability targets even in the face of failures. Redundancy
in Azure Storage ensures that data is protected from planned and unplanned events,
providing high availability and durability even in the event of hardware failures, outages, or
disasters.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-azure-storage-
services/3-redundancy
Question 2:
Skipped
If you want to raise the limit or quota above the default limit, _____________________
 define a blueprint in Azure Blueprint to implement this change
 Upgrade your support plan
 create an Azure policy defining this increase but it will be charged.
 open an online customer support request at no charge.
Explanation
If you want to raise the limit or quota above the default limit, you can open an online
customer support request at no charge.
Reference: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits
Question 3: Correct
What is the main purpose of the Azure Pricing Calculator?

 To manage the billing of your Azure account
 To estimate the cost of provisioning resources in Azure
 To compare the costs of running on-premises and Azure Cloud infrastructure
 To provision resources in Azure
Explanation
To estimate the cost of provisioning resources in Azure - This is the correct answer
because the Azure Pricing Calculator is specifically designed to help users estimate the cost
of provisioning resources in Azure.
To compare the costs of running on-premises and Azure Cloud infrastructure - This
option is incorrect because this function is performed by the Total Cost of Ownership (TCO)
Calculator, not the Pricing Calculator.
To provision resources in Azure - This option is incorrect because the Pricing Calculator
does not provision resources; it only provides cost estimates for resources. To provision
resources, you would use the Azure Portal or other management tools.
To manage the billing of your Azure account - This option is incorrect because the Pricing
Calculator does not manage billing. It only provides cost estimates for resources. To manage
billing, you would use the Azure Cost Management and Billing tools.
azure/3-compare-pricing-total-cost-of-ownership-calculators
Question 4:
True or False:
Each Azure Subscription can trust multiple Active Directories.

 False
 True
Explanation
An Azure subscription has a trust relationship with Azure Active Directory (Azure AD). A
subscription trusts Azure AD to authenticate users, services, and devices.
Multiple subscriptions can trust the same Azure AD directory. Each subscription can
only trust a single directory.
References: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-
directory-how-subscriptions-associated-directory
Question 5:
True or False:
A Platform as a Service (PaaS) solution that has already been deployed cannot be scaled
up or out without re-deploying it.
 True
 False
Explanation
You can always scale your PaaS solution up (increase the memory) or out (add more
instances) without re-deployment.
The very beauty of PaaS is that it allows you to avoid the expense and complexity of buying
and managing software licences, the underlying application infrastructure and middleware,
container orchestrators such as Kubernetes or the development tools and other resources. You
manage the applications and services that you develop, and the cloud service provider
typically manages everything else.
Reference: https://azure.microsoft.com/en-gb/overview/what-is-paas/
Question 6: Correct
The Azure ________ is a fully managed Platform as a Service (PaaS) that provides a
runtime environment for hosting, deploying, and scaling applications.
 Azure Advisor
 Azure Front Door
Explanation
The Azure App Service is the correct answer and is a fully managed Platform as a Service
(PaaS) that provides a runtime environment for hosting, deploying, and scaling applications.
Azure App Service supports a variety of programming languages, including .NET, Java,
Node.js, Python, and PHP, among others. It also provides built-in support for popular content
management systems like WordPress and Drupal, and integrates with Azure DevOps for
streamlined deployment and continuous integration/continuous deployment (CI/CD).
Other Options:
 Azure Logic Apps is designed more for workflow automation and integration, and
does not provide a runtime environment for hosting and deploying applications. While
it is possible to use Azure Logic Apps to trigger actions in response to events in Azure
App Service (for example, deploying a new version of an application), it is not a
direct replacement for Azure App Service.
 Azure Advisor is a valuable tool for optimizing Azure resources, it is not a fully
managed Platform as a Service (PaaS) like Azure App Service. Azure Advisor does
not provide a runtime environment for hosting, deploying, and scaling applications,
and it does not support a variety of programming languages.
 Azure Front Door is a useful service for load balancing and routing traffic, it is not a
fully managed Platform as a Service (PaaS) like Azure App Service. Azure Front
Door does not provide a runtime environment for hosting, deploying, and scaling
applications, and it does not support a variety of programming languages.
Reference: https://learn.microsoft.com/en-us/azure/app-service/overview
One of your colleagues goes ahead and creates an Azure SQL Database and an Azure
Load Balancer.
 Yes
 No
Explanation
Tricky question!

cloud. PaaS includes infrastructure as servers, storage, and networking, but also middleware,
development tools, business intelligence (BI) services, database management systems, and
more.
Azure SQL Databases are PaaS, that's fine. BUT:
Azure Load Balancers are IaaS not PaaS!
References: https://azure.microsoft.com/en-us/overview/what-is-paas/
https://docs.microsoft.com/en-us/answers/questions/221143/azure-storage-account-is-iaas-or-
paas.html
Question 8: Correct
Which of the following requires the greatest security effort on your part?
 Software as a service (Saas)
 Database as a service (Daas)
 Infrastructure as a service (Iaas)
 Platform as a service (Paas)
Explanation
IaaS (Infrastructure as a Service) is, in effect, where a cloud provider hosts the
infrastructure components traditionally present in an on-premises data center including
servers (operating systems), storage and networking hardware as well as the virtualization or
hypervisor layer.
From a security perspective, this offering is probably the closest to traditional in-house IT
infrastructure, (Indeed, many companies will effectively move existing server payloads to
IaaS either partially or completely resulting in a hybrid solution.) and it will require much of
the same security tools as a result.
Reference : https://www.tripwire.com/state-of-security/security-data-protection/cloud/
secure-configuration-cloud-iaas-paas-saas/
Question 9: Correct
Your compliance team has contacted you and stated that a certain VM running a
mission critical database (with confidential data) should not be able to connect to other
applications and VMs. How would you accomplish this?
 No need to do anything as a VM cannot communicate with other services.
 Deploy the VM to a certain subnet and restrict traffic using a Network Security
Group (NSG).
 Deploy the VM to a brand new resource group
 Use an Azure Load Balancer
Explanation
Azure Virtual Network (VNet) is the fundamental building block for your private network
in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines
(VM), to securely communicate with each other, the internet, and on-premises networks.
VNet is similar to a traditional network that you'd operate in your own data center, but brings
with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.
Subnets: Subnets enable you to segment the virtual network into one or more sub-networks
and allocate a portion of the virtual network's address space to each subnet. You can then
deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow
you to segment your VNet address space into segments that are appropriate for the
organization's internal network. This also improves address allocation efficiency. You can
secure resources within subnets using Network Security Groups. For more information,
see Security groups.
You can filter network traffic between subnets using either or both of the following options:
1) Security groups: Network security groups and application security groups can contain
multiple inbound and outbound security rules that enable you to filter traffic to and from
resources by source and destination IP address, port, and protocol. To learn more,
see Network security groups or Application security groups.
2) Network virtual appliances: A network virtual appliance is a VM that performs a

network function, such as a firewall, WAN optimization, or other network function. To view
a list of available network virtual appliances that you can deploy in a virtual network,
see Azure Marketplace.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-
overview
Yes or No:
Azure HDInsight an example of a Software as a Service (SaaS) offering.
 No
 Yes
Explanation
No, Azure HDInsight is a PaaS offering.
Run popular open-source frameworks—including Apache Hadoop, Spark, Hive, Kafka, and
more—using Azure HDInsight, a customizable, enterprise-grade service for open-source
analytics. Effortlessly process massive amounts of data and get all the benefits of the broad
open-source project ecosystem with the global scale of Azure. Easily migrate your big data
workloads and processing to the cloud.
References:https://azure.microsoft.com/en-us/services/hdinsight/#features
In which of the following scenarios, would an IaaS deployment make the most sense?
 For finance and expense tracking
 For analytics or business intelligence
 For a lift-and-shift migration
 For setting a development framework
Explanation
From the official docs: Infrastructure as a service (IaaS) is the most flexible category of
cloud services, as it provides you the maximum amount of control for your cloud resources.
In an IaaS model, the cloud provider is responsible for maintaining the hardware, network
connectivity (to the internet), and physical security. You’re responsible for everything else:
operating system installation, configuration, and maintenance; network configuration;
database and storage configuration; and so on. With IaaS, you’re essentially renting the
hardware in a cloud datacenter, but what you do with that hardware is up to you.
Some common scenarios where IaaS might make sense include:
 Lift-and-shift migration: You’re standing up cloud resources similar to your on-prem

datacenter, and then simply moving the things running on-prem to running on the IaaS
infrastructure.
 Testing and development: You have established configurations for development and
test environments that you need to rapidly replicate. You can stand up or shut down
the different environments rapidly with an IaaS structure, while maintaining complete
control.
Reference: https://learn.microsoft.com/en-us/training/modules/describe-cloud-service-
types/2-describe-infrastructure-service
How is the cost of network traffic in Azure affected?

 By the number of users
 By geography
 By resource type
 By the type of subscription
Explanation
The cost of network traffic in Azure is affected by geography. Data transfer costs can vary
depending on the zones, which are geographical groupings of Azure regions for billing
purposes. The cost of moving data within a region or between regions can differ, impacting
the overall cost of network traffic.
Other options -
By the number of users: While the number of users may affect the overall amount of
network traffic, the cost is not directly determined by the number of users. Instead, it is
determined by the amount of data transferred and the geographical zones involved.
By resource type: The cost of network traffic is related to the amount of data transferred and
the zones involved, not the specific Azure resources being used. While the type of resources
may have an impact on the amount of data transferred, the cost of network traffic itself is not
directly influenced by the resource type.
By the type of subscription: The type of subscription may affect the overall cost of Azure
services, including usage allowances, but it doesn't directly determine the cost of network
traffic. Network traffic costs are determined by the amount of data transferred and the
geographical zones involved.
Which of the following can you use to filter traffic to and from an Azure Virtual
Network?
 Azure DDoS Protection
 Azure Firewall
 Azure Network Security Group
 Azure Advanced Threat Protection (ATP)
Explanation
You can use Azure network security group to filter network traffic to and from Azure
resources in an Azure virtual network. A network security group contains security rules that
allow or deny inbound network traffic to, or outbound network traffic from, several types of
Azure resources.
For each rule, you can specify source and destination, port, and protocol. This article
describes properties of a network security group rule, the default security rules that are
applied, and the rule properties that you can modify to create an augmented security rule.
Reference : https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
True or False:
Azure Active Directory can restrict access attempts to only those coming from known
devices.
 True
 False
Explanation
Azure AD provides services such as:
 Authentication
This includes verifying identity to access applications and resources. It also includes
providing functionality such as self-service password reset, multifactor authentication,
a custom list of banned passwords, and smart lockout services.
 Single sign-on
SSO enables you to remember only one username and one password to access
multiple applications. A single identity is tied to a user, which simplifies the security
model. As users change roles or leave an organization, access modifications are tied
to that identity, which greatly reduces the effort needed to change or disable accounts.
 Application management
You can manage your cloud and on-premises apps by using Azure AD. Features like
Application Proxy, SaaS apps, the My Apps portal (also called the access panel), and
single sign-on provide a better user experience.
 Device management
Along with accounts for individual people, Azure AD supports the registration of
devices. Registration enables devices to be managed through tools like Microsoft
Intune. It also allows for device-based Conditional Access policies to restrict access
attempts to only those coming from known devices, regardless of the requesting user
account.
Reference: https://docs.microsoft.com/en-ca/learn/modules/secure-access-azure-identity-
services/3-what-is-azure-active-directory
A startup has deployed a set of Virtual Machines which are critical for their day-to-day
operations. They need to ensure their availability even if a single data center goes down.
One of their interns has suggested that deploying the VMs through a Scale Set would
solve the problem. Do you agree?
 Yes
 No
Explanation
This answer does not specify that the scale set will be configured across multiple data centers
so this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs.
The number of VM instances can automatically increase or decrease in response to demand
or a defined schedule. Scale sets provide high availability to your applications, and allow you
to centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault
domains to maximize availability and resilience to outages due to data center outages, and
planned or unplanned maintenance events.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/availability
Which of the following would you use if you want to keep track of the performance or
issues related to your specific VM or container instances, databases, your applications?
 Azure Advisor
 Azure Monitor
 Azure Sentinel
Explanation
If you want to keep track of the performance or issues related to your specific VM or
container instances, databases, your applications, and so on, you want to visit Azure Monitor
and create reports and notifications to help you understand how your services are performing
or diagnose issues related to your Azure usage.
analyze-decision-criteria
A startup has deployed a set of Virtual Machines which are critical for their day-to-day
operations. They need to ensure their availability even if a single data center goes down.
One of their interns has suggested that deploying these VMs to multiple resource groups
would solve the problem. Do you agree?
 No
 Yes
Explanation
A resource group is a logical container for Azure resources. When you create a resource
group, you specify which location to create the resource group in.
However, when you create a virtual machine and place it in the resource group, the virtual
machine can still be in a different location (different datacenter).
Therefore, creating multiple resource groups, even if they are in separate datacenters does not
ensure that the services running on the virtual machines are available if a single data center
fails. What you really need is high availability and deploying the VM to multiple Regions and
AZs.
References: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/
Yes or No:
The private preview phase for a service includes formal support.

 No
 Yes
Explanation
No. Private is a phase when Azure invites a few customers to take part in early access to new
concepts and features. This phase does not include formal support. It is not available to
the general public as well.
Reference: https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/
Your manager has asked you to recommend an Azure Service that can be used to
securely manage and store certificates for your teams services. Which of the following
would you recommend?
 Azure Bastion
 Azure Key Vault
 Azure Confidential Ledger
Explanation
Secure key management is essential to protect data in the cloud . Azure Key Vault encrypts
keys and small secrets like passwords that use keys stored in hardware security modules
(HSMs).
For more assurance, it is possible to import or generate keys in HSMs, and Microsoft
processes your keys in FIPS 140-2 Level 2 validated HSMs (hardware and firmware). With
Key Vault, Microsoft doesn’t see or extract your keys.
You can monitor and audit your key use with Azure logging—pipe logs into Azure
HDInsight or your security information and event management (SIEM) solution for more
analysis and threat detection.
All of the control, none of the work - the motto
By using Key Vault, you don’t need to provision, configure, patch, and maintain HSMs and
key management software. Provision new vaults and keys (or import keys from your own
HSMs) in minutes and centrally manage keys, secrets, and policies. You keep control over
your keys—simply grant permission for your own and partner applications to use them as
needed. Applications never have direct access to keys. Developers manage keys used for
Dev/Test and seamlessly migrate to production the keys that are managed by security
operations.
Reference : https://azure.microsoft.com/en-us/services/key-vault/
Is there a default spending limit for the Azure Free account?

 No
 Yes
Explanation
A credit of $200 is assigned to the Free account and is valid for 30 days from the
date of activation.
Reference: https://azure.microsoft.com/en-in/free/
Select the valid types of storage tiers for Azure Blob Storage?
 Deep Sleep Tier
 Infrequently Accessed Tier
 Hot Tier
 Cold Tier
 Archive Storage Tier
Explanation
Azure storage offers different access tiers, which allow you to store blob object data in the
most cost-effective manner. The available access tiers include:
1) Hot Storage- Optimized for storing data that is accessed frequently.

2) Cool Storage- Optimized for storing data that is infrequently accessed and stored for at
least 30 days.
3) Archive Storage- Optimized for storing data that is rarely accessed and stored for at least
180 days with flexible latency requirements (on the order of hours).
Reference : https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?
tabs=azure-portal
Select the option that is FALSE for Resource Groups.

 Resource groups can be nested
 Resources may be moved from one resource group to another
 The resources in a resource group can be located in different regions than the
resource group.
 You can add or remove a resource to a resource group at any time.
 You can deploy up to 800 instances of a resource type in each resource group.
 A resource can only belong to one resource group
Explanation
Resource groups can't be nested, i.e, a resource group cannot exist inside another resource
group. It is however possible is to link resources from other resource groups within a resource
group.
From the official documentation (amazing summary, please do read) -
Yes or No:
An Azure subscription can trust multiple Azure Active Directory (Azure AD) tenants
 Yes
 No
Explanation
Please Note :
Multiple subscriptions can trust the same Azure AD directory. Each subscription can
only trust a single directory.
True or False:
In a Private Preview, Azure invites all customers to take part in early access to new
concepts and features.
 False
 True
Explanation
Private Preview - During this phase we invite a few customers to take part in early access to
new concepts and features. This phase DOES NOT include formal support.
Reference:https://azure.microsoft.com/en-ca/support/legal/preview-supplemental-terms/
Choose 3 components of Azure SLAs:

 Service Credits
 Usage Targets
 Performance Targets
 Uptime and Connectivity Guarantees
Explanation
A Service Level Agreement or SLA is a formal document that provides specific terms that
state the level of service that will be provided to a customer. Microsoft's Azure SLA defines
three primary characteristics of
Azure service - Performance targets, Uptime, and Connectivity guarantees.
It should be noted that the free and shared tiers of many services DO NOT come with an
SLA. (Imp.)
Reference : https://cloudacademy.com/course/understanding-azure-pricing-and-support/
service-level-agreements/
Which of the following Azure services CANNOT be used to deploy a containerized

application?
 Azure Virtual Machines (VMs)
 Azure Kubernetes Service (AKS)
 Azure Content Delivery Network (CDN)
 Azure Container Instances (ACI)
Explanation
The Azure Content Delivery Network (CDN) service cannot be used to deploy a
containerized application.
CDN is a service for delivering static content (such as images, videos, and other files) from a
distributed network of servers. It is not designed for running and deploying containerized
applications.
On the other hand, Azure Kubernetes Service (AKS), Azure Container Instances (ACI), and
Azure Virtual Machines (VMs) can all be used to deploy containerized applications.
 Azure Kubernetes Service (AKS) provides a managed Kubernetes service for

deploying, scaling, and managing containerized applications.
 Azure Container Instances (ACI) is a serverless service that allows you to run
containers on demand without having to manage the underlying infrastructure.
 Azure Virtual Machines (VMs) provide a more flexible option for running
containers by allowing you to choose the operating system and configure the
environment to your specific needs.
Reference: https://learn.microsoft.com/en-us/azure/frontdoor/
You have managed an App that you developed and deployed On-Prem for a long time,
but would now like to move it to Azure and be relieved of all the manual administration
and maintenance. Which of the following buckets would be most suitable for your use
case?
 Software as a service (Saas)
 Database as a Service (Daas)
 Platform as a service (Paas)
 Infrastructure as a Service (Iaas)
Explanation

licenses, the underlying application infrastructure and middleware, container orchestrators
such as Kubernetes, or the development tools and other resources. You manage the
applications and services you develop, and the cloud service provider typically manages
everything else.
Since we need to reduce the overhead effort of managing everything, and create our
own solution, PaaS is the best option!
References : https://azure.microsoft.com/en-us/overview/what-is-paas/
Yes or No:
Every Azure region is composed of a set of datacenters.

 Yes
 No
Explanation
A region is a set of datacenters deployed within a latency-defined perimeter and connected
through a dedicated regional low-latency network. Each Azure region has a minimum
of three availability zones.
Reference: https://azure.microsoft.com/en-us/global-infrastructure/
You want to set up a VPN connection between two Azure virtual networks that are in
different regions. Which of the following VPN connection types would be best suited for
this scenario?
 Site-to-Site (IPsec)
 VNet-to-VNet (IPsec)
 Point-to-Site (VPN over SSL)
 ExpressRoute
Explanation
The correct answer Site-to-Site (IPsec).
Site-to-Site (IPsec) VPN connection type is used to connect two or more virtual networks that
are in different regions, data centers, or even different cloud providers. It allows you to
connect an on-premises network or a branch office network to an Azure virtual network, or to
connect two Azure virtual networks that are in different regions. Site-to-Site VPN
connections use a VPN gateway to provide a secure connection over the Internet. IPsec is the
protocol used to secure the VPN connection.
Other options:
VNet-to-VNet (IPsec): This is not the best choice for this scenario because it is designed to
connect two virtual networks within the same region. It creates an IPsec tunnel between the
two virtual networks, allowing resources to communicate securely and privately over the
Microsoft backbone network. Since the two virtual networks in this scenario are in different
regions, VNet-to-VNet (IPsec) would not be the most efficient or cost-effective option.
Point-to-Site (VPN over SSL): This is used to connect individual devices to an Azure virtual
network over a VPN connection. It is not suitable for connecting virtual networks in different
regions.
ExpressRoute: This is a private connection between an on-premises infrastructure and an

Azure data center. It provides dedicated, high-speed connectivity between your network and
Azure, but it is not suitable for connecting virtual networks in different regions.
Reference: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
An organization is planning to migrate large amounts of data from their On-Prem storage to
Azure. However, they are worried of incurring huge costs for this transfer and have halted
their plans for now.
Is this assumption valid?

 Yes
 No
Explanation
Data ingress (incoming) to Azure data centers is free, so the organizations assumptions
are invalid.
Reference: https://azure.microsoft.com/en-us/pricing/details/bandwidth/
Which of the following services can help you decouple components and asynchronous
message storage, for communication between application components, whether they are
running in the cloud, on the desktop, on-premise, or on mobile devices?
 Azure Asynchronous Communicator
 Azure Queue Storage
 Azure Data Box
 Azure File Sync
Explanation
You can use Azure Queue Storage to build flexible applications and separate functions for
better durability across large workloads. When you design applications for scale, application
components can be decoupled, so that they can scale independently. Queue storage gives you
asynchronous message queueing for communication between application components,
whether they are running in the cloud, on the desktop, on-premises, or on mobile devices.
A single queue message can be up to 64 KB in size, and a queue can contain millions of
messages, up to the total capacity limit of a storage account. Queue storage is often used to
create a backlog of work to process asynchronously.
Reference : https://azure.microsoft.com/en-us/services/storage/queues/#overview
You plan to provision Infrastructure as a Service (IaaS) resources in Azure.
Which of the following is an example of IaaS in Azure?
 Azure Machine Learning

 Azure HDInsight
 Azure Event Hubs
 Azure Virtual Machine
Explanation
An Azure virtual machine is an example of Infrastructure as a Service (IaaS).
Azure Machine Learning, Azure Event Hubs, Azure HDInsight are all examples of Platform
as a Service (Paas)
References:
https://azure.microsoft.com/en-gb/overview/what-is-iaas/
https://azure.microsoft.com/en-gb/overview/what-is-paas/
https://techcommunity.microsoft.com/t5/educator-developer-blog/getting-started-with-
windows-azure-series-1-overview/ba-p/378385
Is it possible to run a PowerShell module directly from a Windows computer with

Azure PowerShell installed?
 Yes
 No
Explanation
A Powershell script can create Azure resources, and since the Powershell module is installed
on the Windows computer, this is easily doable.
Reference: https://docs.microsoft.com/en-us/powershell/scripting/windows-powershell/ise/
how-to-write-and-run-scripts-in-the-windows-powershell-ise?view=powershell-
7.1&viewFallbackFrom=powershell-6
Availability for all Azure services is calculated over a ____________ billing cycle.
 weekly
 monthly
 yearly
 quarterly
Explanation
Availability for all Azure services is calculated over a monthly billing cycle. Click here to
download SLA for most Microsoft Azure Services.
Reference : https://azure.microsoft.com/en-us/support/legal/sla/summary/
Yes or No:
A SaaS solution allows access to the underlying Operating System of the application.
 No
 Yes
Explanation
A SaaS solution does not provide access to the operating system. In fact, with a SaaS we
have the least maintenance effort but also the least degree of control.
An example of SaaS is Zoom, Outlook etc.
Reference: https://azure.microsoft.com/en-gb/overview/what-is-saas/
Your company is considering migrating its on-premises infrastructure to Azure. The

management team wants to compare the costs of running the existing infrastructure in-
house to the projected costs in Azure. Which tool should you use to provide this
comparison?
 Total Cost of Ownership calculator
 Billing calculator
 Resource cost calculator
 Pricing calculator
Explanation
The Total Cost of Ownership (TCO) calculator is designed to help you compare the costs
for running an on-premises infrastructure compared to an Azure Cloud infrastructure. It takes
into account your current infrastructure configuration, power costs, IT labor costs, and other
factors to provide an estimate of the cost difference between the two environments.
Other options -
 Pricing calculator - This tool is designed to estimate the cost of provisioning

resources in Azure but does not provide a comparison between on-premises
infrastructure costs and Azure Cloud infrastructure costs.
 Resource cost calculator - This option is incorrect because there is no specific
"Resource cost calculator" in Azure. The Pricing calculator and TCO calculator are
the main tools used to estimate costs in Azure.
 Billing calculator - This option is incorrect because there is no specific "Billing

calculator" in Azure. The Pricing calculator estimates costs for provisioning resources
in Azure, while the TCO calculator compares on-premises infrastructure costs to
Azure Cloud infrastructure costs.
The Azure ________ service allows you to create and manage private networks in the
cloud and connect them to on-premises networks using a VPN gateway.
 Azure Traffic Manager
 Azure DNS
Explanation
The correct answer is Azure Virtual Network. The Azure Virtual Network service allows
you to create and manage private networks in the cloud and connect them to on-premises
networks using a VPN gateway.
Azure Virtual Network is a networking service that allows you to create and manage virtual
networks in the cloud, and connect them securely to your on-premises infrastructure. With
Azure Virtual Network, you can create subnets, assign IP addresses, and control traffic flow
between virtual machines and other resources.
The VPN gateway in Azure Virtual Network provides a secure, encrypted connection
between your virtual network in Azure and your on-premises network. This allows you to
extend your on-premises infrastructure to the cloud, and access resources in Azure as if they
were located on your local network.
Other Options -
 Azure DNS: While Azure DNS provides a scalable and reliable domain name system
(DNS) service that can be used to resolve domain names to IP addresses, it is not
directly related to creating and managing private networks or connecting them to on-
premises networks using a VPN gateway.
 Azure Traffic Manager: While Azure Traffic Manager is a global DNS-based traffic
load balancer that can be used to distribute traffic across multiple endpoints, it is not
directly related to creating and managing private networks or connecting them to on-
premises networks using a VPN gateway.
 Azure Security Center: While Azure Security Center is a unified security

management and monitoring service that provides threat protection for cloud
workloads, it is not directly related to creating and managing private networks or
connecting them to on-premises networks using a VPN gateway. Azure Security
Center is focused on securing cloud resources and workloads, rather than on
networking and connectivity.
Reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-
overview
Yes or No:
Azure Advisor has the ability to provide recommendations for Azure ExpressRoute.
 No
 Yes
Explanation
Advisor is a personalized cloud consultant that helps you follow best practices to optimize
your Azure deployments. It analyzes your resource configuration and usage telemetry and
then recommends solutions that can help you improve the cost effectiveness, performance,
Reliability (formerly called High availability), and security of your Azure resources.
Advisor provides recommendations for Application Gateway, App Services, availability

sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for
PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure
public IP addresses, Azure Synapse Analytics, SQL servers, storage accounts, Traffic
Manager profiles, and virtual machines.
Azure Advisor also includes your recommendations from Microsoft Defender for
Cloud which may include recommendations for additional resource types.
Reference :https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
Which of the following does not affect costs in Azure?

 Tags
 Resource usage
 Resource Type
 Instance Size of VMs
 Location
Explanation
Tags do not incur costs, but are rather a great way to know which resources are incurring
costs!
Great reference on costs - https://docs.microsoft.com/en-ca/learn/modules/plan-manage-

azure-costs/4-purchase-azure-services
As a consultant, which of the following Locks would you recommend to an organization

to prevent deletion or modification of mission-critical resources?
 CanNotChange
 ReadOnly
 CanNotModify
 isCritical
Explanation

permissions.
called CanNotDelete and ReadOnly. In the left navigation panel, the subscription lock
feature's name is Resource locks, while the resource group lock feature's name is Locks.
delete it.
lock-resources
Yes or No:
It's possible to deploy an Azure VM from an Ubuntu system by using PowerShell in the
Cloud Shell.
 No
 Yes
Explanation
Tip: Most such questions mentioning Operating Systems (Ubuntu, Linux, Windows, MacOS)
are to create confusion. If you can open a browser - you can access the Cloud Shell which
gives you access to Bash or PowerShell.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing

Azure resources. It provides the flexibility of choosing the shell experience that best suits the
way you work, either Bash or PowerShell.
Reference: https://docs.microsoft.com/en-us/azure/cloud-shell/overview
Which of the following services would you use to embed the ability to see, hear, speak,
search, understand, and accelerate decision-making into your apps without having any
machine-learning expertise?
 Azure Machine Learning Studio
 Azure Events Hub
Explanation
Cognitive Services bring AI within reach of every developer—without requiring machine-
learning expertise. All it takes is an API call to embed the ability to see, hear, speak, search,
understand, and accelerate decision-making into your apps.
Reference : https://azure.microsoft.com/en-us/services/cognitive-services/#features
Which Azure Service allows you to create, assign and manage policies to enforce
different rules and stay compliant with your Service Level Agreements (SLAs)?
 Azure Policy
 Azure Trust Portal
 Azure Blueprints
Explanation
Azure Policy helps to enforce organizational standards and to assess compliance at-scale.
Through its compliance dashboard, it provides an aggregated view to evaluate the overall
state of the environment, with the ability to drill-down to the per-resource, per-policy
granularity. It also helps to bring your resources to compliance through bulk remediation for
existing resources and automatic remediation for new resources.
Common use cases for Azure Policy include implementing governance for resource
consistency, regulatory compliance, security, cost, and management. Policy definitions for
these common use cases are already available in your Azure environment as built-ins to help
you get started.
References : https://docs.microsoft.com/en-us/azure/governance/policy/overview
Yes or No:
When a subscription expires, the trusted instance of the Azure AD service remains, but the
security principals still maintain access to Azure resources.
 Yes
 No
Explanation
Multiple subscriptions can trust the same Azure AD directory. Each subscription can only
trust a single directory.
One or more Azure subscriptions can establish a trust relationship with an instance of Azure
Active Directory (Azure AD) in order to authenticate and authorize security principals and
devices against Azure services. When a subscription expires, the trusted instance of the
Azure AD service remains, but the security principals LOSE access to Azure resources.
Where can you obtain up-to-date details about the personal data Microsoft processes,
how it processes it and for what purposes?
 Compliance Manager
 Azure Knowledge Center
 Microsoft Privacy Statement
 Azure Trust Center
Explanation
This privacy statement explains the personal data Microsoft processes, how Microsoft
processes it, and for what purposes.
Microsoft offers a wide range of products, including server products used to help operate
enterprises worldwide, devices you use in your home, software that students use at school,
and services developers use to create and host what’s next. References to Microsoft products
in this statement include Microsoft services, websites, apps, software, servers, and devices.
Please read the product-specific details in this privacy statement, which provide additional
relevant information. This statement applies to the interactions Microsoft has with you and
the Microsoft products listed below, as well as other Microsoft products that display this
statement.
Reference: https://privacy.microsoft.com/en-ca/privacystatement
Which of the following services can facilitate the deployment and scaling of containers?
 Azure Kubernetes
Explanation
Azure Kubernetes Service (AKS) offers the quickest way to start developing and deploying
cloud-native apps, with built-in code-to-cloud pipelines and guardrails. Get unified
management and governance for on-premises, edge, and multicloud Kubernetes clusters.
Interoperate with Azure security, identity, cost management, and migration services.
Reference : https://azure.microsoft.com/en-us/services/kubernetes-service/
Which of the following services is an Apache Spark-based analytics platform optimized

for the Microsoft Azure cloud services platform?
 Azure Bot Services
 Azure Machine Learning Studio
 Azure Databricks
Explanation
Please read this answer carefully. 'Optimised' is the keyword in the question.
Lot of people get confused between Azure Databricks and Azure HDInsight.
Azure HDInsight is primarily a managed Apache Hadoop service that lets you run Apache
Spark, Apache Hive, Apache Kafka, Apache HBase, and more in the cloud.
Azure Databricks is a premium Spark offering that is ideal for customers who want their
data scientists to collaborate easily and run their Spark based workloads efficiently and at
industry leading performance.
It is essentially an Apache Spark-based analytics platform optimized for the Microsoft Azure
cloud services platform.
References:
https://docs.microsoft.com/en-us/answers/questions/26097/can-anyone-please-post-the-
differences-between-azu.html
https://docs.microsoft.com/en-us/azure/databricks/
https://docs.microsoft.com/en-us/azure/hdinsight/
You are designing a solution to improve the resiliency of your application in Azure.
Which of the following would you choose to ensure your application remains available
during planned maintenance events?
 Scale Sets
 Availability Sets
 Availability Zones
 Azure Container Registry
Explanation
Availability Zones are a high-availability offering from Microsoft Azure that provide a fault-
tolerant architecture for applications. Availability Zones are physically separate data centers
within an Azure region, each with their own power, cooling, and networking infrastructure.
By deploying virtual machines and other resources across multiple Availability Zones, you
can ensure that your application remains available even in the event of a data center outage or
other disruption. Availability Zones provide redundancy and isolation, which helps protect
your application from both planned and unplanned downtime.
Other options -
 Availability Sets are a feature of Microsoft Azure that help ensure that virtual
machines are distributed across multiple fault domains and update domains within a
single data center or region. This helps protect against hardware failures and other
disruptions by ensuring that virtual machines are not all located in the same physical
rack or power source. However, Availability Sets do not provide any inherent
protection against data center-wide outages, which can occur due to issues such as
network outages, power failures, or natural disasters. In such cases, all virtual
machines in the affected data center or region may become unavailable.
 Scale Sets is not necessarily the best choice for ensuring availability during planned
maintenance events because it only provides horizontal scalability by adding or
removing virtual machines based on demand, but does not inherently provide any
availability benefits beyond what is provided by the underlying infrastructure.
Scale Sets are a feature of Microsoft Azure that provide automatic scaling of a set of
virtual machines based on demand. This helps ensure that the application can handle
varying levels of traffic and usage, but does not necessarily provide inherent
resiliency against planned maintenance events or other types of disruptions.
 Azure Container Registry is a managed private Docker registry service that enables
you to store and manage container images in Azure. While it provides benefits such as
secure storage, authentication, and geo-replication of container images, it is not
directly related to ensuring availability during planned maintenance events.
Reference: https://learn.microsoft.com/en-us/azure/reliability/availability-zones-overview
Yes or No:
When you cancel an Azure Subscription, your resources are immediately deleted
permanently to free up space.
 Yes
 No
Explanation
From the official Azure Docs:
When you cancel an Azure subscription:
 A resource lock doesn't block the subscription cancellation.

 Azure preserves your resources by deactivating them instead of immediately deleting
them.
 Azure only deletes your resources permanently after a waiting period.
lock-resources
A startup is planning to run a few simulations and needs to deploy pre-configured Virtual
Machines in a lab-like environment using ARM templates. These VMs will be used to test
app versions and scale up load testing by creating multiple test agents and environments.
As the principal consultant, which of the following services would you recommend?
 Azure Reserved Virtual Machine (VM) Instances
 Azure Virtual Machine Scale Sets
 Azure DevTest Labs
 Microsoft Managed Desktop
Explanation
Azure DevTest Labs is a service for easily creating, using, and managing infrastructure-as-a-
service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs.
Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager
(ARM) templates for creating environments like Azure Web Apps or SharePoint farms.
Lab owners can create preconfigured VMs that have tools and software lab users need. Lab
users can claim preconfigured VMs, or create and configure their own VMs and
environments. Lab policies and other methods track and control lab usage and costs.
Reference: https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
_______________ enables a user to log in one time and use that credential to access
multiple resources and applications from different providers.
 Domain Name Service (DNS)
 Multi-factor Authentication (MFA)
 Single Sign On (SSO)

(Correct)
 Passwordless
Explanation
SSO enables you to remember only one username and one password to access multiple
applications. A single identity is tied to a user, which simplifies the security model. As users
change roles or leave an organization, access modifications are tied to that identity, which
greatly reduces the effort needed to change or disable accounts.
Reference: https://docs.microsoft.com/en-ca/learn/modules/secure-access-azure-identity-
services/3-what-is-azure-active-directory
Which of the following would you need to set up alerts for outages or when autoscaling
is about to deploy new instances?
 Azure Advisor
 Azure Monitor
 Azure Bastion
Explanation
You can use Azure Monitor to set up alerts for key events that are related to your specific
resources.
Reference : https://docs.microsoft.com/en-ca/learn/modules/monitoring-fundamentals/3-
analyze-decision-criteria
Yes or No:
Azure guarantees 99.99% availability for the Free version of the Azure Active Directory
(AAD).
 Yes
 No
Explanation
Note from the above image that NO SLA is provided for the FREE tier of the Azure Active
Directory!
Reference : https://azure.microsoft.com/en-us/support/legal/sla/active-directory/v1_1/
One of your colleagues goes ahead and creates an Azure Event Hubs and Azure
Blob Storage.
 No
 Yes
Explanation
Yes, both of these services fall under the PaaS category, and therefore meet our requirements!
What information can you input into the TCO calculator to estimate the cost difference
between your current datacenter and Azure? (Select all that apply)
 Current infrastructure configuration
 Power costs
 Subscription type
 IT labor costs
Explanation
 Current infrastructure configuration - Correct, the TCO calculator allows you to
input your current infrastructure configuration, including servers, databases, storage,
and outbound network traffic.
 Power costs - Correct, the TCO calculator lets you add assumptions about power
costs in your current environment to estimate the cost difference between on-premises
and Azure.
 IT labor costs - Correct, the TCO calculator allows you to include assumptions about
IT labor costs to help estimate the cost difference between your current environment
and Azure.
 Subscription type - Incorrect, the TCO calculator focuses on comparing on-premises

infrastructure costs with Azure Cloud infrastructure costs. Subscription type is not
part of the input for the TCO calculator.
If you setup a free Azure account, then does the Standard support plan come along with
this free account?
 No
 Yes
Explanation
The BASIC Support plan is associated with all accounts but a STANDARD plan needs to be
purchased and costs $100/month.
Reference: https://azure.microsoft.com/en-in/support/plans/
Which of the following services can be used to store unstructured data in Azure?
 Azure File Storage
 Azure Table Storage
 Azure Queue Storage
Explanation
The Azure services that can be used to store unstructured data are: Azure Blob Storage,
Azure Table Storage and Azure File Storage.
Azure Table Storage can also be used to store unstructured data in Azure. Azure Table
Storage is a NoSQL key-value store that can be used to store structured and semi-structured
data, as well as unstructured data such as large text and binary data. Azure Table Storage
allows you to store large amounts of data in a flexible schema that can evolve over time,
making it a good choice for storing unstructured data that does not fit well into a fixed
schema.
Azure File Storage can also be used to store unstructured data in Azure. Azure File Storage
is a fully managed file share service that can be used to store and share unstructured data,
such as documents, media files, and logs. Azure File Storage provides the standard SMB
(Server Message Block) file share protocol, which allows you to easily mount file shares
from multiple VMs in the same region or across regions. This makes it a good choice for
scenarios where you need to share unstructured data between multiple VMs or applications.
Azure Blob Storage is a massively scalable object storage service that allows you to store
and access large amounts of unstructured data, such as text and binary data, images, and
videos. It's commonly used for data storage, backup and recovery, and data archiving.
Incorrect -
Azure Queue Storage, on the other hand, is not suitable for storing unstructured data. It is
designed for reliably queuing and processing messages between different components of a
distributed application, rather than for storing large amounts of unstructured data.
Reference: https://learn.microsoft.com/en-us/azure/storage/common/storage-introduction
Yes or No:
Azure HDInsight can be used to run popular open-source frameworks including

Apache Hadoop, Spark, Hive, Kafka, and more for open-source big data analytics.
 No
 Yes
Explanation
Yes! Azure HDInsight is an enterprise-ready, managed cluster service for open-source
analytics.
You can run popular open-source frameworks—including Apache Hadoop, Spark, Hive,
Kafka,
and more —using Azure HDInsight, a customizable, enterprise-grade service for open-source
analytics. You can also effortlessly process massive amounts of data and get all the benefits
of the broad open-source project ecosystem with the global scale of Azure. Easily migrate
your big data workloads and processing to the cloud.
Reference: https://azure.microsoft.com/en-gb/services/hdinsight/#documentation
Yes or No:
In the case of Resource groups, the most restrictive lock in the inheritance takes
precedence.
 Yes
 No
Explanation
When you apply a lock at a parent scope, all resources within that scope inherit the same
lock. Even resources you add later inherit the same parent lock. The most restrictive lock in
the inheritance takes precedence.
If you have a Delete lock on a resource and attempt to delete its resource group, the feature
blocks the whole delete operation. Even if the resource group or other resources in the
resource group are unlocked, the deletion doesn't happen. You never have a partial deletion.
Yes or No:
The composite SLA for an application replying on multiple services would be higher
than the individual SLAs of the particular services.
 No
 Yes
Explanation
Composite SLAs involve multiple services supporting an application, each with differing
levels of availability.
For example, consider an App Service web app that writes to Azure SQL Database. At the
time of this writing, these Azure services have the following SLAs:
App Service web apps = 99.95%

SQL Database = 99.99%
What is the maximum downtime you would expect for this application? If either service fails,
the whole application fails. The probability of each service failing is independent, so the
composite SLA for this application is 99.95% × 99.99% = 99.94%. That's LOWER than the
individual SLAs, which isn't surprising because an application that relies on multiple services
has more potential failure points.
You can improve the composite SLA by creating independent fallback paths. For example, if
SQL Database is unavailable, put transactions into a queue to be processed later.
With this design, the application is still available even if it can't connect to the database.
However, it fails if the database and the queue both fail at the same time. The expected
percentage of time for a simultaneous failure is 0.0001 × 0.001, so the composite SLA for
this combined path is:
Database or queue = 1.0 − (0.0001 × 0.001) = 99.99999%

The total composite SLA is:
Web app and (database or queue) = 99.95% × 99.99999% = ~99.95%
There are tradeoffs to this approach. The application logic is more complex, you are paying
for the queue, and you need to consider data consistency issues.
Reference : https://docs.microsoft.com/en-us/azure/architecture/framework/resiliency/
business-metrics
Your organization is using Azure for disaster recovery purposes. You have set up
replication of virtual machines to an Azure region different from the primary region.
Which of the following factors could affect the cost of this setup?
 The types of virtual machines being replicated.
 The amount of data being replicated
 The number of virtual machines being replicated
 The network bandwidth between the primary and secondary regions
Explanation
All of the options could potentially affect the cost of this setup.
 The number of virtual machines being replicated - The more virtual machines
being replicated, the higher the cost will be, as each VM will require resources to be
replicated to the secondary region.
 The amount of data being replicated - The amount of data being replicated can have
a significant impact on the cost, as data transfer between regions incurs charges.
 The network bandwidth between the primary and secondary regions - The
network bandwidth between the primary and secondary regions can also impact the
cost, as higher bandwidth requirements will result in higher charges.
 The types of virtual machines being replicated - The types of virtual machines
being replicated could also impact the cost, as certain VM sizes are more expensive
than others.
Reference: https://learn.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
_______ is capable of sending encrypted traffic between an Azure virtual network and
an on-premises location over the public Internet.
 A Firewall
 Network Security Group (NSG)
 An Application Gateway
 A VPN Gateway
Explanation
A VPN gateway is a specific type of virtual network gateway that is used to send encrypted
traffic between an Azure virtual network and an on-premises location over the public
Internet. You can also use a VPN gateway to send encrypted traffic between Azure virtual
networks over the Microsoft network. Each virtual network can have only one VPN gateway.
However, you can create multiple connections to the same VPN gateway. When you create
multiple connections to the same VPN gateway, all VPN tunnels share the available gateway
bandwidth.
Reference : https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-
vpngateways
With Azure ___________ , you can scale your applications and create highly available
services
 Load Balancer
 Information Protection
 Bastion
 Kubernetes
Explanation
Load balancing refers to evenly distributing load (incoming network traffic) across a group
of backend resources or servers.
Why use Azure Load Balancer?
With Azure Load Balancer, you can scale your applications and create highly available
services. Load balancer supports both inbound and outbound scenarios. Load balancer
provides low latency and high throughput, and scales up to millions of flows for all TCP and
UDP applications.
Reference : https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
In which scenario is geo-redundant storage (GRS) recommended for Azure Storage?

 When protection from regional disasters is required.
 When cost optimization is the top priority.
 When read access to the secondary region is essential.
 When data needs to be replicated asynchronously across availability zones.
Explanation
Geo-redundant storage (GRS) copies data synchronously within a single region and then
asynchronously to a secondary region, providing durability and protection against regional
disasters.
Which of these is NOT a valid Azure resource group constraint?

 A Resource group can contain resources located in different regions
 A Resource group can be used to apply consistent policies to resources using
another service.
 A Resource group can contain resources that belong to different subscriptions
 A Resource group must be in the same region as its resources
Explanation
The option "Resource group must be in the same region as its resources" is NOT a valid
constraint for Resource Groups.
While it's recommended that resources in a resource group be located in the same region for
optimal performance, it's not a strict requirement. Resources in a resource group can span
different regions, and this can be useful for achieving high availability and disaster recovery
scenarios, as well as for optimizing data access for users in different geographic locations.
Other options:
 Resource group can contain resources located in different regions: This is a valid
Azure resource group constraint. As mentioned above, resources in a resource group
can span different regions.
 Resource group can contain resources that belong to different

subscriptions: This is also a valid Azure resource group constraint. A single resource
group can contain resources that belong to different subscriptions, which is useful for
managing resources across multiple subscriptions.
 Resource group can be used to apply consistent policies to resources: This is also
a valid Azure resource group constraint. Azure Policy can be used to apply
governance policies to all resources in a resource group, ensuring consistent
compliance across resources.
overview
You have configured a VPN connection between an on-premises network and an Azure
virtual network using Site-to-Site VPN (IPsec). However, you are experiencing
connectivity issues and suspect that there is an issue with the VPN gateway. Which
Azure service can you use to diagnose connectivity issues for your VPN gateway?
 Azure Traffic Manager
 Azure Application Gateway
 Azure Network Watcher
 Azure ExpressRoute
Explanation
The correct answer is Azure Network Watcher.
Azure Network Watcher is a monitoring and diagnostic service that provides tools to
diagnose network issues in Azure. It includes a VPN diagnostics tool that can be used to
diagnose connectivity issues with VPN gateways, including Site-to-Site VPN (IPsec)
gateways. The tool can help identify configuration issues, routing issues, and other common
problems that can cause connectivity issues.
Other Options:
 Azure Traffic Manager: This is a global DNS load balancer that can be used to
distribute incoming traffic across multiple Azure regions. It is not designed for
diagnosing network connectivity issues.
 Azure Application Gateway: This is a web traffic load balancer that can be used to
manage and route HTTP and HTTPS traffic. It is not designed for diagnosing network
connectivity issues.
 Azure ExpressRoute: This is a dedicated, private connection between an on-

premises datacenter and Azure. It is not used for Site-to-Site VPN (IPsec)
connections, and is not designed for diagnosing connectivity issues with VPN
gateways.
Reference: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-
monitoring-overview
Yes or No:
A resource can connect to resources in other resource groups.

 No
 Yes
Explanation
A resource can connect to resources in other resource groups. This scenario is common when
the two resources are related but don't share the same lifecycle. For example, you can have a
web app that connects to a database in a different resource group.
More about resource groups:
In the context of Azure subscriptions, what does an Azure free trial subscription
provide? (Select all that apply)
 Credit to spend within the first 30 days of sign-up
 Unlimited access to all Azure services
 Access to more than 25 products that are always free
 Access to a number of Azure products free for 12 months
Explanation
Access to a number of Azure products free for 12 months - This is correct because an
Azure free trial subscription provides access to several Azure products for free during the
first 12 months.
Credit to spend within the first 30 days of sign-up - This is correct as the Azure free trial
subscription offers credit to spend within the first 30 days after sign-up, which allows users to
explore and use various Azure services during that period.
Unlimited access to all Azure services - This is incorrect because the Azure free trial
subscription does not provide unlimited access to all Azure services. It offers a limited set of
free services, usage allowances, and credits to spend within a specified timeframe.
Access to more than 25 products that are always free - This is correct because, in addition
to the free services available during the trial period, the Azure free trial subscription provides
access to more than 25 products that are always free, based on resource and region
availability. These products can be used without any additional costs even after the trial
period is over.
Azure _____________ are unique physical buildings—located all over the globe—that house
a group of networked computer servers.
 Datacenters
 Geographies
 Regions
 Availability Zones
Explanation
Azure datacentres are unique physical buildings—located all over the globe—that house a
group of networked computer servers.
References: https://azure.microsoft.com/en-gb/global-infrastructure/regions/
Which of the following is NOT a cost saving solution?

 Use Azure Reserved Virtual Machine instances
 Using a Pay as you go Subscription
 Choosing an appropriate instance type for a VM
 Load balance your virtual machines to manage incoming traffic
Explanation
Load balancing is used for PERFORMANCE OPTIMISATION and not cost saving.
Load balancing refers to evenly distributing load (incoming network traffic) across a group
of backend resources or servers.
Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model.
It's the single point of contact for clients. Load balancer distributes inbound flows that arrive
at the load balancer's front end to backend pool instances. These flows are according to
configured load-balancing rules and health probes. The backend pool instances can be Azure
Virtual Machines or instances in a virtual machine scale set.
A public load balancer can provide outbound connections for virtual machines (VMs) inside
your virtual network. These connections are accomplished by translating their private IP
addresses to public IP addresses. Public Load Balancers are used to load balance internet
traffic to your VMs.
An internal (or private) load balancer is used where private IPs are needed at the frontend
only. Internal load balancers are used to load balance traffic inside a virtual network. A load
balancer frontend can be accessed from an on-premises network in a hybrid scenario.
Reference: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Yes or No:
Australia is composed of 1 single Azure Region.

 Yes
 No
Explanation
No, Australia has several Azure regions -
Including Australia East, Central, Southeast etc.
Check out this really cool website - https://infrastructuremap.microsoft.com/explore?

info=region_australiasoutheast
Reference: https://azure.microsoft.com/en-us/global-infrastructure/geographies/#overview
Which of the following is a great place to start when examining the security of your
Azure-based solutions and provides threat protection across all of your services both in
Azure, and on-premises?
 Azure Trust Center
 Azure Compliance Manager
 Azure Advanced Threat Protection
Explanation
A great place to start when examining the security of your Azure-based solutions is Azure
Security Center. Security Center is a monitoring service that provides threat protection
across all of your services both in Azure, and on-premises. Security Center can:
1) Provide security recommendations based on your configurations, resources, and networks.
2) Monitor security settings across on-premises and cloud workloads, and automatically
apply
required security to new services as they come online.
3) Continuously monitor all your services, and perform automatic security assessments to
identify potential vulnerabilities before they can be exploited.
4) Use machine learning to detect and block malware from being installed on your virtual
machines and services. You can also define a list of allowed applications to ensure that only
the apps you validate are allowed to execute.
5) Analyze and identify potential inbound attacks, and help to investigate threats and any
post-
breach activity that might have occurred.

Reference: https://docs.microsoft.com/en-us/azure/security-center/security-center-
recommendations
Yes or No:
In order to move a VM from one region to another, one must be prepared for a brief
downtime.
 No
 Yes
Explanation
Virtual Machines are resources and can be moved to a new region.
For VMs, replica VMs are created in the target region. The source VM is shut down, and
some downtime occurs (usually minutes).
Reference: https://learn.microsoft.com/en-us/azure/resource-mover/tutorial-move-region-
virtual-machines
Is data transfer between Azure services located in two regions free?

 No
 Yes
Explanation
Outbound data transfer is charged at the normal rate and inbound data transfer is free.
References: https://azure.microsoft.com/en-us/global-infrastructure/regions/
https://azure.microsoft.com/en-us/pricing/details/bandwidth/
What are the two options for replicating data within the primary region in Azure
Storage?
 Geo-zone-redundant storage and locally redundant storage.
 Geo-redundant storage and zone-redundant storage.
 Locally redundant storage and zone-redundant storage.
 Geo-redundant storage and geo-zone-redundant storage.
Explanation
Data in an Azure Storage account is always replicated three times in the primary region.
Azure Storage offers two options for how your data is replicated in the primary region,
locally redundant storage (LRS) and zone-redundant storage (ZRS).
Also, Azure Storage offers locally redundant storage (LRS) and zone-redundant storage
(ZRS) as options for replicating data within the primary region.
A company has approached you to help them plan an architecture, that would be
capable of capturing data from millions of connected devices and securely storing them
for analysis. Which of the following two services would you include in the project
proposal?
 Azure Data Lake
 Azure ExpressRoute
 Azure Notification Hubs
 Azure IoT Hubs
Explanation
Azure IoT Hub is a managed service hosted in the cloud that acts as a central message hub for
communication between an IoT application and its attached devices. You can connect
millions of devices and their backend solutions reliably and securely. Almost any device can
be connected to an IoT hub.
Several messaging patterns are supported, including device-to-cloud telemetry, uploading

files from devices, and request-reply methods to control your devices from the cloud. IoT
Hub also supports monitoring to help you track device creation, device connections, and
device failures.
IoT Hub scales to millions of simultaneously connected devices and millions of events per
second to support your IoT workloads. For more information about scaling your IoT Hub,
see IoT Hub scaling. To learn more about the tiers of service offered by IoT Hub, check out
the pricing page.
IoT Hub can further route messages to Azure Data Lake Storage.
Reference 1 (IoT Hub) - https://azure.microsoft.com/en-in/services/iot-hub/
Reference 2 (Data Lake) - https://azure.microsoft.com/en-in/solutions/data-lake/
Your organization has deployed a Virtual Machine in Azure with the Standard_D2s_v3
VM size. The Virtual Machine is running a resource-intensive workload, and you want
to optimize costs. Which of the following could be an effective way to achieve this?
 Use a different Azure region with lower VM pricing.
 Use a larger VM size to improve performance
 Use a smaller VM size to reduce costs
 Enable automatic scaling to adjust VM size based on workload
Explanation
The correct answer is 'Enable automatic scaling to adjust VM size based on workload' as
it could be an effective way to optimize costs for the Virtual Machine in Azure. Automatic
scaling allows you to automatically adjust the number of Virtual Machine instances and the
size of the instances based on demand, which can help you save costs by avoiding
overprovisioning.
Using a larger VM size : This would increase costs as its more expensive to use a larger
VM size.
Using a smaller VM size: This could reduce performance and may not be suitable for a
resource-intensive workload.
Using a different Azure region with lower VM pricing: This may not be a practical
solution if the workload requires a specific region for compliance or latency reasons.
Yes or No:
If you have a Delete lock on a resource and attempt to delete its resource group, all resources
inside the resource group still get deleted.
 Yes
 No
Explanation
When you apply a lock at a parent scope, all resources within that scope inherit the same
lock. Even resources you add later inherit the same parent lock. The most restrictive lock in
the inheritance takes precedence.
If you have a Delete lock on a resource and attempt to delete its resource group, the
feature blocks the whole delete operation. Even if the resource group or other resources in the
resource group are unlocked, the deletion doesn't happen. You never have a partial deletion.
lock-resources
Which of the following statements BEST describes the Modern Lifecycle Policy for
Azure products and services?
 For products governed by the Modern Lifecycle Policy, Microsoft will provide a
minimum of 6 months' notification prior to ending support if no successor
product or service is offered—excluding free services or preview releases.
 For products governed by the Modern Lifecycle Policy, Microsoft will provide a
minimum of 12 months' notification prior to ending support if no successor
product or service is offered—excluding free services or preview releases.
 For products and services governed by the Modern Lifecycle Policy, unless
otherwise noted, Microsoft's policy is to provide a minimum 90 days' notification
when customers are required to take action in order to avoid significant
degradation to the normal use of the product or service.
 For products and services governed by the Modern Lifecycle Policy, unless
otherwise noted, Microsoft's policy is to provide a minimum 120
days' notification when customers are required to take action in order to avoid
significant degradation to the normal use of the product or service.
Explanation
The Modern Lifecycle Policy covers products and services that are serviced and supported
continuously. Under this policy, the product or service remains in support if the following
criteria are met:
Customers must stay current as per the servicing and system requirements published for the
product or service.
Customers must be licensed to use the product or service.
Microsoft must currently offer support for the product or service.
Hence, only the statement -
"For products governed by the Modern Lifecycle Policy,

Microsoft will provide a minimum of 12 months' notification prior to ending support
if no successor product or service is offered —excluding free services or preview
releases." is correct.
What is the key advantage of using zone-redundant storage (ZRS) in the primary
region?
 It guarantees data replication to a secondary region.
 It allows data to be accessible even if a zone becomes unavailable.
 It offers the highest level of durability compared to other options.
 It provides read access to replicated data in the secondary region.
Explanation
For Availability Zone-enabled Regions, zone-redundant storage (ZRS) replicates your Azure
Storage data synchronously across three Azure availability zones in the primary region. ZRS
offers durability for Azure Storage data objects of at least 12 nines (99.9999999999%) over a
given year.
With ZRS, your data is still accessible for both read and write operations even if a zone
becomes unavailable.

AZ 900 Udemy Practice Test 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ 900 Udemy Practice Test 1

Uploaded by

Copyright:

Available Formats

Udemy Practice Test 1

The benefits of using Azure CDN to deliver website assets include:

 Azure Advisor is a service that provides personalized recommendations to help you

 Using cheap resources to lose lesser money

Which of the following would you recommend?

See below (VERY IMPORTANT TO UNDERSTAND AND REMEMBER THIS

 The given statement is correct.

For more details on features per price tier , click here.

- You do not need a VPN for Azure web sites.

- You do not pay to transfer data into Azure web sites.

- You are not charged by the second.

Would you agree with this implementation?

1) The ability to handle unstructured data (document, graph, key-value)

2) Automatically index all data, regardless of the data model.

3) Multi-region writes and data distribution to any Azure region.

 Azure SQL Edge

Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With

1) 24x7 Access to Support Engineers via email and phone

2) Training in the form of webinars from Azure experts

3) Access to the Support API

Question 15: Correct

As the lead consultant, which service would you recommend?

From the official documentation:

Question 18: Correct

Read more about this: https://azure.microsoft.com/en-in/services/virtual-machines/#features

Data in an Azure storage account is replicated 3 times in the primary region.

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also

 Azure Security Center

From the official docs:

Question 26: Correct

Question 27: Correct

Would this meet the goal?

Azure Government - It is the mission-critical cloud, delivering breakthrough innovation to

Question 31: Correct

Platform as a service (PaaS) is a complete development and deployment environment in the

Like IaaS, PaaS includes infrastructure—servers, storage, and networking—but also

A great image to reference for such concepts - https://www.redhat.com/en/topics/cloud-

A function is "triggered" by a specific type of event. Supported triggers include responding

Few of the features of Azure Functions are:

Question 35: Correct

Would this solution meet the goal?

2) Zone-redundant services – when the Azure platform replicates automatically across

Question 36: Correct

A resource group can contain resources from multiple Azure regions.

Question 38: Correct

More info from the docs -

Inter-Region transfer of data is always free of cost.

The maximum storage account capacity currently is : 5PiB

When computing and processing demand increases beyond an on-premises datacenter’s

DDoS Protection Basic

DDoS Protection Standard

All resource types support Tags in Azure.

Question 52: Correct

Question 54: Correct

A hybrid cloud—sometimes called a cloud hybrid—is a computing environment that

Question 56: Correct

A resource can belong to more than one resource group

From the official documentation :

Question 65: Correct

D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.

Question 68: Correct

 Near unlimited scalability as on-demand resources are available to meet your

Question 71: Correct

Would you agree with this implementation?