100% found this document useful (7 votes)

5K views151 pages

Microsoft - Azure.fundamentals - Az 900.practice - Exam.questions

Uploaded by

pebaez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (7 votes)

5K views151 pages

Microsoft - Azure.fundamentals - Az 900.practice - Exam.questions

Uploaded by

pebaez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 151

1

by Examsdigest®

2
Microsoft Azure Fundamentals AZ-900 Practice Tests 2020®
Published by: Examsdigest LLC., Holzmarktstraße 73, Berlin, Germany,
www.examsdigest.com Copyright © 2020 by Examsdigest LLC.

No part of this publication may be reproduced, stored in a retrieval system or

transmitted in any form, electronic, mechanical, photocopying, recording, scan-
ning or otherwise, except as permitted under Sections 107 or 108 of the 1976
United States Copyright Act, without the prior written permission of the Pub-
lisher. Requests to the Publisher for permission should be addressed to the
Permissions Department, Examsdigest, LLC., Holzmarktstraße 73, Berlin,
Germany or online at https://www.examsdigest.com/contact.

Trademarks: Examsdigest, examsdigest.com and related trade dress are trademarks

or registered trademarks of Examsdigest LLC. and may not be used without written
permission. Amazon is a registered trademark of Amazon, Inc. All other trademarks
are the property of their respective owners. Examsdigest, LLC. is not associated with
any product or vendor mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE

AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO
THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS WORK AND
SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITA-
TION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRAN-
TY MAY BE CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERI-
ALS. THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUIT-
ABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE UNDERSTAND-
ING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, AC-
COUNTING, OR OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL AS-
SISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL
PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE AU-
THOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT
THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A
CITATION AND/OR A POTENTIAL SOURCE OF FURTHER INFORMATION
DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES THE
INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR REC-
OMMENDATIONS IT MAY MAKE.

Examsdigest publishes in a variety of print and electronic formats and by print-on-

demand. Some material included with standard print versions of this book may not
be included in e-books or in print-on-demand. If this book refers to media such as a
CD or DVD that is not included in the version you purchased, you may find this ma-
terial at https://examsdigest.com

3
CONTENTS AT A GLANCE

Contents at a glance .........................................................................4

Introduction .........................................................................................6
Chapter 1 Principles of Cloud Computing ..................................13
Questions 1-10 ....................................................................................13
Chapter 2 Azure Compute, Networking and Data Storage Op-
tions .......................................................................................................27
Questions 11-34 ..................................................................................27
Answers 11-34 .....................................................................................36
Chapter 3 Azure Architecture and Service Guarantees..........57
Questions 35-44 ................................................................................57
Answers 35-44 ...................................................................................61
Chapter 4 Security in Azure ............................................................71
Questions 45-53 ................................................................................71
Answers 45-53 ...................................................................................75
Chapter 5 Monitor Infrastructure Standards with Azure Poli-
cy............................................................................................................89
Questions 54-65 ................................................................................89
Answers 54-65 ...................................................................................94

4
Chapter 6 Azure Resource Manager............................................
105
Questions 66-76 ................................................................................
105
Answers 66-76 ...................................................................................110
Chapter 7 Optimize Spending for Azure .....................................
125
Questions 77-76 .................................................................................
125
Answers 77-85 ...................................................................................
129
BONUS Practice exam test .............................................................142
THE END ..............................................................................................
150

5
INTRODUCTION
The Microsoft Azure Fundamental AZ-900 examination is in-
tended for individuals who are just beginning to work with
cloud-based solutions and services or are new to Azure.

About This Book

Microsoft Azure Fundamental AZ-900 Practice Tests 2020 by

Examsdigest is designed to be a practical practice exam guide
that will help you prepare for the Microsoft Azure Fundamental
AZ-900 exams. As the book title says, it includes 200 ques-
tions, organized by exam so that you can prepare for the final
exam.

This book has been designed to help you prepare for the style
of questions you will receive on the Microsoft Azure Fundamen-
tal AZ-900 exams. It also helps you understand the topics you
can expect to be tested on for each exam.

In order to properly prepare for the Microsoft Azure Fundamen-

tal AZ-900, I recommend that you:

6
✓ Review a reference book: Microsoft Azure Fundamental
AZ-900 Practice Tests 2020 by Examsdigest is designed to
give you sample questions to help you prepare for the style of
questions you will receive on the real certification exam. How-
ever, it is not a reference book that teaches the concepts in de-
tail. That said, I recommend that you review a reference book
before attacking these questions so that the theory is fresh in
your mind.

✓ Get some practical, hands-on experience: After you re-

view the theory, I highly recommend getting your hands on us-
ing your free Azure account. The more hands-on experience
you have, the easier the exams will be.

✓ Do practice test questions: After you review a reference

book and perform some hands-on work, attack the questions
in this book to get you “exam ready”! Also claim your free 1-
month access on our platform to dive into to more questions,
flashcards and much much more.

Beyond The Book

This book gives you plenty of Microsoft Azure Fundamental

AZ-900 questions to work on, but maybe you want to track
your progress as you tackle the questions, or maybe you’re
7
having trouble with certain types of questions and wish they
were all presented in one place where you could methodically
make your way through them. You’re in luck. Your book pur-
chase comes with a free one-month subscription to all practice
questions online and more. You get on-the-go access any way
you want it — from your computer, smartphone, or tablet. Track
your progress and view personalized reports that show where
you need to study the most. Study what, where, when, and
how you want!

What you’ll find online

The online practice that comes free with this book offers you
the same questions and answers that are available here and
more.

The beauty of the online questions is that you can customize

your online practice to focus on the topic areas that give you
the most trouble.

So if you need help with security in Azure, then select ques-

tions related to this topic online and start practicing.

Whether you practice a few hundred problems in one sitting or

a couple dozen, and whether you focus on a few types of prob-
8
lems or practice every type, the online program keeps track of
the questions you get right and wrong so that you can monitor
your progress and spend time studying exactly what you need.

You can access these online tools by sending an email to the

[email protected] to claim access on our platform. Once
we confirm the purchase you can enjoy your free access.

Microsoft Azure Fundamental AZ-900

Exam Details

The online practice that comes free with this book offers you
the same questions and answers that are available here and
more.

✓ Format - Multiple choice, multiple answer

✓ Type - Associate
✓ Delivery Method - Testing center or online proctored exam
✓ Time - 85 minutes to complete the exam
✓ Cost - $99
✓ Language - Available in English Japanese Chinese (Simpli-
fied) Korean Spanish German French

9
Exam Content

Content Outline
Candidates for this exam should have foundational knowledge
of cloud services and how those services are provided with Mi-
crosoft Azure. The exam is intended for candidates who are just

beginning to work with cloud-based solutions and services or

are new to Azure.

Azure Fundamentals exam is an opportunity to prove knowl-

edge of cloud concepts, Azure services, Azure workloads, se-
curity and privacy in Azure, as well as Azure pricing and sup-
port. Candidates should be familiar with the general technology
concepts, including concepts of networking, storage, compute,
application support, and application development.

The following topics are general guidelines for the content likely
to be included on the exam. However, other related topics may
also appear on any specific delivery of the exam. To better re-
flect the contents of the exam and for clarity purposes, the
guidelines below may change at any time without notice.

1.0: Describe Cloud Concepts (20-25%)

2.0: Describe Core Azure Services (15-20%)
3.0: Describe core solutions and management tools on
10
Azure (10-15%)
4.0: Describe general security and network security fea-
tures (10-15%)
5.0: Describe identity, governance, privacy, and compli-
ance features (20- 25%)
6.0: Describe Azure cost management and Service Level
Agreements (10- 15%)

11
12
CHAPTER 1
PRINCIPLES OF CLOUD
COMPUTING

Questions 1-10

Question 1. You’re developing an application and want to focus

on building, testing, and deploying. You don’t want to manage
the server and the infrastructure. Which cloud service type is
best for you?
(A) Software as a service (SaaS)
(B) Platform as a service (PaaS)
(C) Infrastructure as a service (IaaS)
(D) Platform as a service (PaaS) and Infrastructure as a ser-
vice (IaaS)

Question 2. A common use case scenario using

__________________ cloud deployment method is that web ap-
plications or blog sites are deployed on hardware and resources
that are owned by a cloud provider.
(A) Public
(B) Private
(C) Hybrid
(D) Semipublic
13
Question 3. The process of adding more servers that function
together as one unit is known as Horizontal Scaling.
(A) TRUE
(B) FALSE

Question 4. The process of adding resources to increase the

power of an existing server is known as Vertical Scaling.
(A) TRUE
(B) FALSE

Question 5. Which of the following cloud services requires the

least amount of user management, as a service provider is re-
sponsible for managing everything, and the end-user just uses
the software?
(A) Infrastructure as a service (IaaS)
(B) Platform as a service (PaaS)
(C) Software as a service (SaaS)
(D) Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)

Question 6. Azure uses the “pay for what you use” billing
model and is invoiced ______________ with payment instructions.
(A) Yearly
(B) Monthly
14
(C) Weekly
(D) Daily

Question 7. Cloud computing is renting resources, like storage

space or CPU cycles, on another company’s computers.
(A) TRUE
(B) FALSE

Question 8. Which of the following terms can be described as

an emulation of a computer – just like your desktop or laptop
that includes an operating system and hardware.
(A) ISO
(B) CMD
(C) OS
(D) VM

Question 9. Which Azure support plan is best for Non-critical

workloads?
(A) Azure Standard
(B) Azure Professional Direct
(C) Azure Developer
(D) Azure doesn't offer support for Non-critical workloads
but only for Business-critical workloads

15
Question 10. Which of the following computing choices uses
the model ‘only have to pay for the services you use’?
(A) Serverless computing
(B) Containers
(C) Virtual Machines (VMs)
(D) Serverless computing and Containers

16
Answers 1-10

Question 1. You’re developing an application and want to focus

Explanation 1. Platform as a service (PaaS) is the correct

answer. PaaS provides an environment for building, testing,
and deploying software applications. The goal of PaaS is to
help you create an application quickly without managing the
underlying infrastructure. For example, when deploying a web
application using PaaS, you don’t have to install an operating
system, web server, or even system updates.

PaaS is commonly used in the following scenarios:

Development framework. PaaS provides a framework that

developers can build upon to develop or customize cloud-

17
based applications. Cloud features such as scalability, high-
availability, and multi-tenant capability are included, reducing
the amount of coding that developers must do.

Analytics or business intelligence. Tools provided as a ser-

vice with PaaS allow organizations to analyze and mine their
data. They can find insights and patterns, and predict out-
comes to improve business decisions such as forecasting,
product design, and investment returns.

Question 2. A common use case scenario using

Explanation 2. Public is the correct answer. A common use

case scenario using public cloud deployment method is that
web applications or blog sites are deployed on hardware and
resources that are owned by a cloud provider.

18
Public cloud
This is the most common deployment model. In this case, you
have no local hardware to manage or keep up-to-date – every-
thing runs on your cloud provider’s hardware. In some cases,
you can save additional costs by sharing computing resources
with other cloud users.

A common use case scenario is deploying a web application or

a blog site on hardware and resources that are owned by a
cloud provider. Using a public cloud in this scenario allows
cloud users to get their website or blog up quickly, and then fo-
cus on maintaining the site without having to worry about pur-
chasing, managing or maintaining the hardware on which it
runs.

Private cloud
In a private cloud, you create a cloud environment in your own
datacenter and provide self-service access to compute re-
sources to users in your organization. This offers a simulation of
a public cloud to your users, but you remain completely re-
sponsible for the purchase and maintenance of the hardware
and software services you provide.

A use case scenario for a private cloud would be when an or-

ganization has data that cannot be put in the public cloud, per-
19
haps for legal reasons. An example scenario may be where
government policy requires specific data to be kept in-country
or privately.

Hybrid cloud
A hybrid cloud combines public and private clouds, allowing
you to run your applications in the most appropriate location.
For example, you could host a website in the public cloud and
link it to a highly secure database hosted in your private cloud
(or on-premises datacenter).

Semipublic and Semiprivate aren’t cloud deployment

methods.

Question 3. The process of adding more servers that function

together as one unit is known as Horizontal Scaling.
(A) TRUE
(B) FALSE

Explanation 3. TRUE is the correct answer. Horizontal scal-

ing, also known as “scaling out”, is the process of adding more
servers that function together as one unit. For example, you
have more than one server processing incoming requests.

20
Question 4. The process of adding resources to increase the
power of an existing server is known as Vertical Scaling.
(A) TRUE
(B) FALSE

Explanation 4. TRUE is the correct answer. Vertical scaling,

also known as “scaling up”, is the process of adding resources
to increase the power of an existing server. Some examples of
vertical scaling are: adding more CPUs, or adding more memo-
ry.

Question 5. Which of the following cloud services requires the

Explanation 5. Software as a service (SaaS) is the correct

answer.
Infrastructure as a Service (IaaS) is the most flexible catego-
ry of cloud services. It aims to give you the most control over
21
the provided hardware that runs your application (IT in-
frastructure servers and virtual machines (VMs), storage, and
operating systems). Instead of buying hardware, with IaaS, you
rent it. It’s an instant computing infrastructure, provisioned and
managed over the internet.

IaaS requires the most user management of all the cloud ser-
vices. The user is responsible for managing the operating sys-
tems, data, and applications.

Platform as a Service (PaaS) provides an environment for

building, testing, and deploying software applications. The goal
of PaaS is to help you create an application quickly without
managing the underlying infrastructure. For example, when de-
ploying a web application using PaaS, you don’t have to install
an operating system, web server, or even system updates.

PaaS requires less user management. The cloud provider man-

ages the operating systems, and the user is responsible for the
applications and data they run and store.

Software as a Service (SaaS) is software that is centrally

hosted and managed for the end customer. It is usually based
on an architecture where one version of the application is used
for all customers, and licensed through a monthly or annual
22
subscription.

SaaS requires the least amount of management. The cloud

provider is responsible for managing everything, and the end-
user just uses the software.

Question 6. Azure uses the “pay for what you use” billing
model and is invoiced ______________ with payment instructions.
(A) Yearly
(B) Monthly
(C) Weekly
(D) Daily

Explanation 6. Monthly is the correct answer.

With Azure, you only pay for what you use. You’ll receive a
_____________ invoice with payment instructions provided. You
may organize your invoice into line items that make sense to
you and meet your budget and cost tracking needs. You also
can get set up for multiple invoices.

Question 7. Cloud computing is renting resources, like storage

space or CPU cycles, on another company’s computers.
(A) TRUE
(B) FALSE

23
Explanation 7. TRUE is the correct answer.
Cloud computing is renting resources, like storage space or
CPU cycles, on another company’s computers. You only pay for
what you use. The company providing these services is re-
ferred to as a cloud provider. Some example providers are Mi-
crosoft, Amazon, and Google.

Question 8. Which of the following terms can be described as

an emulation of a computer – just like your desktop or laptop
that includes an operating system and hardware.
(A) ISO
(B) CMD
(C) OS
(D) VM

Explanation 8. VM is the correct answer.

A VM (Virtual Machine) is an emulation of a computer – just
like your desktop or laptop and includes an operating system
and hardware.

Each VM includes an operating system and hardware that ap-

pears to the user like a physical computer running Windows or
Linux. You can then install whatever software you need to do
the tasks you want to run in the cloud.

24
The difference is that you don’t have to buy any of the hard-
ware or install the OS. The cloud provider runs your virtual ma-
chine on a physical server in one of their datacenters – often
sharing that server with other VMs.

Question 9. Which Azure support plan is best for Non-critical

workloads?
(A) Azure Standard
(B) Azure Professional Direct
(C) Azure Developer
(D) Azure doesn't offer support for Non-critical workloads
but only for Business-critical workloads

Explanation 9. Azure Developer is the correct answer.

Azure Developer support plan offers one business day re-
sponse time and is best for non-critical workloads. The price is
$29 per month.

Azure Standard support plan offers 1-hour response time for

critical cases and is best for Production workload environ-
ments. The price is $100 per month.

Azure Professional Direct support plan is best for business-

critical workloads. This support plan offers a 1-hour response
time and priority tracking of critical cases. The price is $1000
25
per month.

Question 10. Which of the following computing choices uses

the model ‘only have to pay for the services you use’?
(A) Serverless computing
(B) Containers
(C) Virtual Machines (VMs)
(D) Serverless computing and Containers

Explanation 10. Serverless computing is the correct an-

swer.
The serverless model differs from VMs and containers in that
you only pay for the processing time used by each function as
it executes.

VMs and containers are charged while they’re running – even

if the applications on them are idle.
Serverless computing lets you run application code without
creating, configuring, or maintaining a server. The core idea is
that your application is broken into separate functions that run
when triggered by some action. This is ideal for automated
tasks.

26
CHAPTER 2
AZURE COMPUTE, NETWORKING
AND DATA STORAGE OPTIONS

Questions 11-34

Question 11. Which of the following statements are true about

Azure Load Balancer? (Choose all that apply)
(A) Azure Load Balancer works with internet-facing traffic
only
(B) Azure Load Balancer distributes traffic among similar
systems, making your services more highly available
(C) When you use Azure Load Balancer, there's no in-
frastructure or software for you to maintain
(D) You can't define forwarding rules based on the source IP
on Azure Load Balancer
(E) Azure Load balancer supports only inbound scenarios
(F) Enable support for load-balancing of IPv6

Question 12. Azure Batch lets you create and manage a group
of identical, load-balanced VMs.
(A) TRUE
(B) FALSE

27
Question 13. Which of the following techniques will you use to
build and host web apps, mobile backends, and/or RESTful
APIs without managing infrastructure?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Question 14. A content ________________ network is a distributed

network of servers that can efficiently deliver web content to
users.
(A) Delivery
(B) Public
(C) Private
(D) Scalable

Question 15. You are working at a startup with a tight budget.

Why might you prefer Azure data storage over an on-premises
solution?
(A) Offers database-as-a-service options
(B) To meet unexpected user demand
(C) To get exact control over the location of your data store
(D) The Azure pay-as-you-go billing model lets you avoid
buying expensive hardware

28
Question 16. You are working at a startup with a tight budget.
Why might you prefer Azure data storage over an on-premises
solution?
(A) Availability set
(B) Azure batch
(C) Scale Set
(D) Azure redundancy

Question 17. With serverless computing in Azure, you are re-

sponsible for managing the server infrastructure
(A) TRUE
(B) FALSE

Question 18. How can Azure Traffic Manager helps you reduce
latency?
(A) It chooses only the fastest networks between endpoints
(B) It chooses the endpoint that's closest to the user's DNS
server
(C) It caches content, similar to how content delivery net-
works work
(D) It compresses and minifies the files of HTML, CSS,
JavaScript before delivering

Question 19. Which of the following techniques will you use to

run multiple instances of an application on a single host ma-
29
chine?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Question 20. _________________ storage tier optimized for storing

data that is accessed frequently.
(A) Hot
(B) Cool
(C) Archive
(D) Scale

Question 21. Imagine that you work on a multivendor market-

place application that runs on millions of mobile devices. De-
mand is unpredictable because you see a spike in usage
whenever vendors send promotional newsletters. Which Azure
compute resource is the best match for this workload?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Question 22. Virtual networks are a logically isolated network

on Azure that can be configured through software.
30
(A) TRUE
(B) FALSE

Question 23. Which of the following Azure types of encryption

for storage services automatically encrypts the data when it is
persisted it to the cloud and helps you to meet your organiza-
tional security and compliance commitments?
(A) Azure Storage Service Encryption
(B) Client-side Encryption
(C) Azure Storage Organizational Encryption
(D) Customer-side Encryption

Question 24. Which of the following Azure types of encryption

for storage services encrypts the data using a one-time sym-
metric Content Encryption Key (CEK) that is generated by the
Azure Storage client SDK.
(A) Azure Storage Service Encryption
(B) Client-side Encryption
(C) Azure Storage Organizational Encryption
(D) Customer-side Encryption

Question 25. An Azure region can be described as:

(A) A set of datacenters within a specific geographical loca-
tion
(B) An Access Control List (ACL) rule that defines the in-
31
bound and outbound traffic on Azure
(C) A way of breaking networks into smaller networks
(D) A logically isolated network on Azure

Question 26. Which of the following compute performing

techniques in Azure is a software emulation of physical com-
puters that includes a virtual processor, memory, storage, and
networking resources?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Question 27. Which of the following compute performing tech-

niques in Azure bundles an application’s code together with the
related configuration files and libraries and with the dependen-
cies required for the app to run?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Question 28. Which of the following compute performing

techniques in Azure is a platform-as-a-service (PaaS) that is
designed to host enterprise-grade web-oriented applications?
32
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Question 29. Which of the following compute performing

techniques in Azure is a cloud-hosted execution environment
that runs your code and completely abstracts the underlying
hosting environment?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Question 30. Suppose you have an application running locally

on your own server. You reach the point that you need addi-
tional capacity but you don’t want to buy upgraded on-premis-
es hardware, so you decide to move to Azure. Which compute
option would give you the quickest route to getting your appli-
cation running in Azure?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

33
Question 31. Structured data is the data that adheres to a
schema, so all of the data has the same fields or properties.
(A) TRUE
(B) FALSE

Question 32. Which of the following primary types of data in

Azure Storage the data are organised by tags or keys and pro-
vide a hierarchy for the data?
(A) Structured data
(B) Semi-structured data
(C) Unstructured data
(D) Organised data

Question 33. _______________________ refers to a system’s ability

to stay operational during abnormal conditions.
(A) Availability
(B) Load Balancer
(C) Durability
(D) Resiliency

Question 34. Recently you noticed a huge spike in user vol-

ume due to an ad campaign. Your app uses Azure data storage,
what feature of pay-as-you-go storage will be most beneficial
in order to meet the unexpected new user demand?

34
(A) The ability to replicate data for safety and high availabili-
ty
(B) The ability to meet compliance requirements for data
storage
(C) The ability to provision and deploy new infrastructure
quickly
(D) The ability to predict the service costs in advance

35
Answers 11-34

Question 11. Which of the following statements are true about

Azure Load Balancer? (Choose all that apply)
(A) Azure Load Balancer works with internet-facing traffic
only
(B) Azure Load Balancer distributes traffic among simi-
lar systems, making your services more highly available
(C) When you use Azure Load Balancer, there's no in-
frastructure or software for you to maintain
(D) You can't define forwarding rules based on the source IP
on Azure Load Balancer
(E) Azure Load balancer supports only inbound scenarios
(F) Enable support for load-balancing of IPv6

Explanation 11. B, C and F are the correct answers.

Azure Load Balancer is a load balancer service that Microsoft
provides that helps take care of the maintenance for you.

Load Balancer supports inbound and outbound scenarios pro-

vides low latency and high throughput and scales up to millions
of flows for all Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP) applications.

You can use Load Balancer with incoming internet traffic, inter-
36
nal traffic across Azure services, port forwarding for specific
traffic, or outbound connectivity for VMs in your virtual network.

Azure Load Balancer operates at layer four of the Open Sys-

tems Interconnection (OSI) model. It’s the single point of con-
tact for clients.

Load Balancer distributes inbound flows that arrive at the load

balancer’s front end to backend pool instances.

Key scenarios that you can accomplish using Standard

Load Balancer include:
1. Load balance internal and external traffic to Azure virtual ma-
chines.
2. Increase availability by distributing resources within and
across zones.
3. Configure outbound connectivity for Azure virtual machines.
4. Load balance services on multiple ports, multiple IP ad-
dresses, or both.
5. Move internal and external load balancer resources across
Azure regions.
6. Load balance TCP and UDP flow on all ports simultaneously
using HA ports.
7. Enable support for load-balancing of IPv6.

37
Question 12. Azure Batch lets you create and manage a group
of identical, load-balanced VMs.
(A) TRUE
(B) FALSE

Explanation 12. FALSE is the correct answer.

Azure Virtual Machine Scale Sets let you create and manage
a group of identical, load-balanced VMs.

Azure Batch Service is a cloud-based job scheduling and

computes management platform that enables running large-
scale parallel and high-performance computing applications
efficiently in the cloud. Azure Batch Service provides job
scheduling and in automatically scaling and managing virtual
machines running those jobs.

Question 13. Which of the following techniques will you use to

build and host web apps, mobile backends, and/or RESTful
APIs without managing infrastructure?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Explanation 13. Azure App Service is the correct answer.

38
Azure App Service enables you to build and host web apps,
background jobs, mobile backends, and RESTful APIs in the
programming language of your choice without managing in-
frastructure. It offers automatic scaling and high availability.

This platform as a service (PaaS) allows you to focus on the

website and API logic while Azure handles the infrastructure to
run and scale your web applications.

Question 14. A content ________________ network is a distributed

network of servers that can efficiently deliver web content to
users.
(A) Delivery
(B) Public
(C) Private
(D) Scalable

Explanation 14. Delivery is the correct answer.

A content delivery network (CDN) is a distributed network of
servers that can efficiently deliver web content to users.

A CDN allows for the quick transfer of assets needed for load-
ing Internet content including HTML pages, javascript files,
stylesheets, images, and videos. The popularity of CDN ser-
vices continues to grow, and today the majority of web traffic is
39
served through CDNs, including traffic from major sites like
Facebook, Netflix, and Amazon.

A properly configured CDN may also help protect websites

against some common malicious attacks, such as Dis-
tributed Denial of Service (DDOS) attacks.

While a CDN does not host content and can’t replace the need
for proper web hosting, it does help cache content at the net-
work edge, which improves website performance. Many web-
sites struggle to have their performance needs by traditional
hosting services, which is why they opt for CDNs.

By utilizing caching to reduce hosting bandwidth, helping to

prevent interruptions in service, and improving security, CDNs
are a popular choice to relieve some of the major pain points
that come with traditional web hosting.

Question 15. You are working at a startup with a tight budget.

Explanation 15. The Azure pay-as-you-go billing model lets

you avoid buying expensive hardware is the correct an-
swer.
The budget of the startup is tight so you have to avoid any
possible up-front capital expenditures. With Azure, you pay
monthly for only the services you use (OpEx), there are no
large, up-front capital expenditures (CapEx).

Question 16. You are working at a startup with a tight budget.

Why might you prefer Azure data storage over an on-premises
solution?
(A) Availability set
(B) Azure batch
(C) Scale Set
(D) Azure redundancy

Explanation 16. Availability set is the correct answer.

An availability set is a logical grouping of two or more VMs
that help keep your application available
during planned or unplanned maintenance.

A planned maintenance event is when the underlying Azure

fabric that hosts VMs is updated by Microsoft. A planned main-
41
tenance event is done to patch security vulnerabilities, improve
performance, and add or update features. Most of the time
these updates are done without any impact to the guest VMs.

Unplanned maintenance events involve a hardware failure in

the data center, such as a power outage or disk failure. VMs
that are part of an availability set automatically switch to a
working physical server so the VM continues to run.

Question 17. With serverless computing in Azure, you are re-

sponsible for managing the server infrastructure
(A) TRUE
(B) FALSE

Explanation 17. FALSE is the correct answer.

With serverless computing, Azure takes care of managing the
server infrastructure and allocation/deallocation of resources
based on demand. Infrastructure isn’t your responsibility.

Scaling and performance are handled automatically, and you

are billed only for the exact resources you use. There’s no need
to even reserve capacity.

Question 18. How can Azure Traffic Manager helps you reduce
latency?
42
(A) It chooses only the fastest networks between endpoints
(B) It chooses the endpoint that's closest to the user's
DNS server
(C) It caches content, similar to how content delivery net-
works work
(D) It compresses and minifies the files of HTML, CSS,
JavaScript before delivering

Explanation 18. It chooses the endpoint that's closest to

the user's DNS server is the correct answer.
Traffic Manager uses the DNS server that’s closest to the user
to direct user traffic to a globally distributed endpoint.

Traffic Manager doesn’t see the traffic that’s passed between

the client and server. Rather, it directs the client’s web browser
to a preferred endpoint.

Traffic Manager can route traffic in a few different ways, such

as to the endpoint with the lowest latency.

Question 19. Which of the following techniques will you use to

run multiple instances of an application on a single host ma-
chine?
(A) Virtual Machines
(B) Containers
43
(C) Azure App Service
(D) Serverless computing

Explanation 19. Containers is the correct answer.

If you wish to run multiple instances of an application on a sin-
gle host machine, containers are an excellent choice.

A container is a modified runtime environment built on top of a

host OS that executes your application. A container doesn’t use
virtualization, so it doesn’t waste resources simulating virtual
hardware with a redundant OS. This environment typically
makes containers more lightweight than VMs.

This design allows you to respond quickly to changes in de-

mand or failure. Another benefit of containers is you can run
multiple isolated applications on a single container host. Since
containers are secured and isolated, you don’t need separate
servers for each app.

Question 20. _________________ storage tier optimized for storing

data that is accessed frequently.
(A) Hot
(B) Cool
(C) Archive
(D) Scale
44
Explanation 20. Hot is the correct answer.
Hot storage tier optimized for storing data that is accessed
frequently.

Azure offers three storage tiers for blob object storage:

1. Hot storage tier is optimized for storing data that is ac-
cessed frequently.

2. Cool storage tier is optimized for data that are infrequently

accessed and stored for at least 30 days.

3. Archive storage tier is for data that are rarely accessed and
stored for at least 180 days with flexible latency requirements.

Question 21. Imagine that you work on a multivendor market-

45
Explanation 21. Serverless computing is the correct an-
swer.
The marketplace app is event-driven and needs to handle un-
predictable demand. Serverless computing is a good fit for
this situation because it is event-based and can scale instantly
to process spikes in traffic. It should also be a cost-effective
choice because you will pay for compute time only when pro-
cessing user data.

Question 22. Virtual networks are a logically isolated network

on Azure that can be configured through software.
(A) TRUE
(B) FALSE

Explanation 22. TRUE is the correct answer.

A virtual network is a logically isolated network on Azure.

A virtual network allows Azure resources to securely communi-

cate with each other, the internet, and on-premises networks. A
virtual network is scoped to a single region; however, multiple
virtual networks from different regions can be connected to-
gether using virtual network peering.

Virtual networks can be segmented into one or more subnets

that help you organize and secure your resources in discrete
46
sections.

Virtual networks can be configured through software,

which enables you to treat a virtual network just like your own
network. You choose which networks your virtual network can
reach, whether that’s the public internet or other networks in
the private IP address space.

Question 23. Which of the following Azure types of encryption

Explanation 23. Azure Storage Service Encryption is the

correct answer.
Azure Storage Service Encryption automatically encrypts the
data when it is persisted it to the cloud and helps you to meet
your organizational security and compliance commitments.

Data in Azure Storage is encrypted and decrypted transparently

using 256-bit AES encryption, one of the strongest block ci-
47
phers available, and is FIPS 140-2 compliant. Azure Storage
encryption is similar to BitLocker encryption on Windows.

Azure Storage encryption is enabled for all storage accounts,

including both Resource Manager and classic storage ac-
counts. Azure Storage encryption cannot be disabled. Because
your data is secured by default, you don’t need to modify your
code or applications to take advantage of Azure Storage en-
cryption.

Question 24. Which of the following Azure types of encryption

Explanation 24. Client-side Encryption is the correct an-

swer.
Client-side encryption – You can perform client-side encryp-
tion of Azure blobs in various ways.

You can use the Azure Storage Client Library for .NET NuGet
48
package to encrypt data within your client applications prior to
uploading it to your Azure storage.

When you use client-side encryption with Key Vault, your data
is encrypted using a one-time symmetric Content Encryption
Key (CEK) that is generated by the Azure Storage client SDK.

The CEK is encrypted using a Key Encryption Key (KEK), which

can be either a symmetric key or an asymmetric key pair. You
can manage it locally or store it in Key Vault. The encrypted
data is then uploaded to Azure Storage.

Question 25. An Azure region can be described as:

(A) A set of datacenters within a specific geographical
location
(B) An Access Control List (ACL) rule that defines the in-
bound and outbound traffic on Azure
(C) A way of breaking networks into smaller networks
(D) A logically isolated network on Azure

Explanation 25. A set of datacenters within a specific geo-

graphical location is the correct answer. A region is a set of
datacenters deployed within a specific geographic location.

With more global regions than any other cloud provider, Azure
49
gives customers the flexibility to deploy applications where
they need to.

Azure is generally available in 53 regions around the world, with

plans announced for 7 additional regions.

Question 26. Which of the following compute performing

Explanation 26. Virtual Machine is the correct answer. Vir-

tual machines – or VMs, are software emulations of physical
computers. They include a virtual processor, memory, storage,
and networking resources. They host an operating system
(OS), and you’re able to install and run software just like a phys-
ical computer.

Question 27. Which of the following compute performing tech-

niques in Azure bundles an application’s code together with the
related configuration files and libraries and with the dependen-
50
cies required for the app to run?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Explanation 27. Containers is the correct answer. Contain-

ers – bundles an application’s code together with the related
configuration files and libraries and with the dependencies re-
quired for the app to run. This allows developers and IT pros to
deploy applications seamlessly across environments.

Question 28. Which of the following compute performing

techniques in Azure is a platform-as-a-service (PaaS) that is
designed to host enterprise-grade web-oriented applications?
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Explanation 28. Azure App Service is the correct answer.

Azure App Service – is a platform-as-a-service (PaaS) that is
designed to host enterprise-grade web-oriented applications.
You can meet rigorous performance, scalability, security, and
compliance requirements while using a fully managed platform
51
to perform infrastructure maintenance.

Question 29. Which of the following compute performing

Explanation 29. Serverless computing is the correct an-

swer. Serverless computing – is a cloud-hosted execution
environment that runs your code but completely abstracts the
underlying hosting environment. You create an instance of the
service, and you add your code; no infrastructure configuration
or maintenance is required.

Question 30. Suppose you have an application running locally

on your own server. You reach the point that you need addi-
tional capacity but you don’t want to buy upgraded on-premis-
es hardware, so you decide to move to Azure. Which compute
option would give you the quickest route to getting your appli-
cation running in Azure?
(A) Serverless computing
52
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Explanation 30. Virtual Machine is the correct answer.

With Virtual machines you have full control over the VM setup,
so you can configure it to match your on-premises server.

This control will allow your existing application to run on the

Azure VM with little or no change and this gives you the quick-
est route to getting your application running in Azure instead of
your own server.

Question 31. Structured data is the data that adheres to a

schema, so all of the data has the same fields or properties.
(A) TRUE
(B) FALSE

Explanation 31. TRUE is the correct answer. Structured

data is data that adheres to a schema, so all of the data has
the same fields or properties. Structured data can be stored in a
database table with rows and columns. Structured data relies
on keys to indicate how one row in a table relates to data in an-
other row of another table.

53
Question 32. Which of the following primary types of data in
Azure Storage the data are organised by tags or keys and pro-
vide a hierarchy for the data?
(A) Structured data
(B) Semi-structured data
(C) Unstructured data
(D) Organised data

Explanation 32. Semi-structured data is the correct an-

swer. Semi-structured data doesn’t fit neatly into tables,
rows, and columns. Instead, semi-structured data uses tags or
keys that organize and provide a hierarchy for the data. Semi-
structured data is also referred to as non-relational or NoSQL
data.

Question 33. _______________________ refers to a system’s ability

to stay operational during abnormal conditions.
(A) Availability
(B) Load Balancer
(C) Durability
(D) Resiliency

Explanation 33. Resiliency is the correct answer. Resiliency

refers to a system’s ability to stay operational during abnormal
conditions.
54
These conditions include:
1. Natural disasters.
2. System maintenance, both planned and unplanned, includ-
ing software updates and security patches.
3. Spikes in traffic to your site.
4. Threats made by malicious parties, such as a distributed de-
nial of service, or DDoS, attacks.

Question 34. Recently you noticed a huge spike in user vol-

ume due to an ad campaign. Your app uses Azure data storage,
what feature of pay-as-you-go storage will be most beneficial
in order to meet the unexpected new user demand?

(A) The ability to replicate data for safety and high availabili-
ty
(B) The ability to meet compliance requirements for data
storage
(C) The ability to provision and deploy new in-
frastructure quickly
(D) The ability to predict the service costs in advance

Explanation 34. The ability to provision and deploy new in-

frastructure quickly is the correct answer. Azure data stor-
age gives you the flexibility to create new services in minutes.
As the user demand increases, the agility to deploy new servers

55
or services as needed can help scale to meet the increased
user load.

56
CHAPTER 3
AZURE ARCHITECTURE AND
SERVICE GUARANTEES

Questions 35-44

Question 35. You want to ensure your services and data are
redundant so you can protect your information in case of failure.
How Azure can help make your app highly available?
(A) Azure doesn't provide data redundancy
(B) Through Availability Zones
(C) Through Regions
(D) Through Geographies

Question 36. Regions support __________________ zones, which

make Azure datacenter available with power, cooling, and net-
working capabilities independent from other datacenters.
(A) Redundant
(B) Availability
(C) Region
(D) Available

Question 37. Which of the following characteristics of SLAs for

Azure products is expressed as uptime guarantees or connec-
57
tivity rates?
(A) Performance Targets
(B) Uptime and Connectivity Guarantees
(C) Service Credits
(D) SLA Guarantee

Question 38. Which of the following feature can help your

business achieve comprehensive business continuity on Azure
and reduces the likelihood of interruptions due to events such
as natural disasters or power outages?
(A) Geography pairs
(B) Zone pairs
(C) Region pairs
(D) It's not possible to achieve comprehensive business
continuity on Azure

Question 39. To what level of physical granularity can you de-

ploy an app?
(A) Geography
(B) Datacenter
(C) Region
(D) Server rack

Question 40. Consider an App Service web app that writes to

Azure SQL Database. These Azure Services currently have the
58
following SLAs:
Web App: 99.92%
SQL Database: 99.97%
Which of the following is the composite SLA value for this ap-
plication?
(A) 99.92%
(B) 99.99%
(C) 99.91%
(D) 99.89%

Question 41. Microsoft Azure is made up of datacenters locat-

ed around the globe and organizes these datacenters into
__________________.
(A) Zones
(B) Sectors
(C) Districts
(D) Regions

Question 42. _____________________ is the ability of a system to

recover from failures and continue to function. It’s not about
avoiding failures, but responding to failures in a way that avoids
downtime or data loss.
(A) Availability
(B) Redundancy
(C) Compatibility
59
(D) Resiliency

Question 43. Azure divides the world into geographies that are
defined by geopolitical boundaries or country borders. An
Azure geography is a discrete market typically containing two
or more regions that preserve data residency and compliance
boundaries. This division has several benefits.

One of the benefits is that geographies are fault-tolerant to

withstand complete region failure.
(A) TRUE
(B) FALSE

Question 44. Application availability refers to what?

60
Answers 35-44

Explanation 35. Through Availability Zones is the correct

answer. An Availability Zone is a high-availability offering that
protects your applications and data from datacenter failures.
Availability Zones are unique physical locations within an Azure
region.

Each zone is made up of one or more datacenters equipped

with independent power, cooling, and networking. To ensure
resiliency, there’s a minimum of three separate zones in all en-
abled regions.
The physical separation of Availability Zones within a region
protects applications and data from datacenter failures.

Azure services that support Availability Zones fall into two

categories:
61
1. Zonal services – where a resource is pinned to a specific
zone (for example, virtual machines, managed disks, Standard
IP addresses).

2. Zone-redundant services – when the Azure platform repli-

cates automatically across zones (for example, zone-redundant
storage, SQL Database).

Question 36. Regions support __________________ zones, which

make Azure datacenter available with power, cooling, and net-
working capabilities independent from other datacenters.
(A) Redundant
(B) Availability
(C) Region
(D) Available

Explanation 36. Availability is the correct answer. Regions

support availability zones, which make Azure datacenter avail-
able with power, cooling, and networking capabilities indepen-
dent from other datacenters.

An Availability Zone is a high-availability offering that protects

your applications and data from datacenter failures. Availability
Zones are unique physical locations within an Azure region.

62
Each zone is made up of one or more datacenters equipped
with independent power, cooling, and networking.

Question 37. Which of the following characteristics of SLAs for

Azure products is expressed as uptime guarantees or connec-
tivity rates?
(A) Performance Targets
(B) Uptime and Connectivity Guarantees
(C) Service Credits
(D) SLA Guarantee

Explanation 37. Performance Targets is the correct answer.

Microsoft maintains its commitment to providing customers
with high-quality products and services by adhering to com-
prehensive operational policies, standards, and practices. For-
mal documents called Service-Level Agreements
(SLAs) capture the specific terms that define the performance
standards that apply to Azure.

Performance Targets: An SLA defines performance targets for

an Azure product or service. The performance targets that an
SLA defines are specific to each Azure product and service. For
example, performance targets for some Azure services are ex-
pressed as uptime guarantees or connectivity rates.

63
Uptime and Connectivity Guarantees: A typical SLA speci-
fies performance-target commitments that range from 99.9
percent (“three nines”) to 99.999 percent (“five nines”), for
each corresponding Azure product or service. These targets
can apply to such performance criteria as uptime or response
times for services.

Service Credits: SLAs also describes how Microsoft will re-

spond if an Azure product or service fails to perform to its gov-
erning SLA’s specification.

SLA Guarantee: is a fictitious characteristic of SLA.

Question 38. Which of the following feature can help your

Explanation 38. Region pairs is the correct answer. To

achieve comprehensive business continuity on Azure, build
64
your application architecture using the combination of Availabil-
ity Zones with Azure region pairs.

This approach allows for the replication of resources (such as

virtual machine storage) across a geography that helps reduce
the likelihood of interruptions due to events such as natural
disasters, power outages, or physical network outages affect-
ing both regions at once.

If a region in a pair was affected by a natural disaster, for in-

stance, services would automatically failover to the other region
in its region pair.

Question 39. To what level of physical granularity can you de-

ploy an app?
(A) Geography
(B) Datacenter
(C) Region
(D) Server rack

Explanation 39. Region is the correct answer. Azure orga-

nizes infrastructure around regions, which include multiple
datacenters. You can pick the region you want resources de-
ployed into. You can’t select a specific datacenter or location
within a datacenter.
65
Question 40. Consider an App Service web app that writes to
Azure SQL Database. These Azure Services currently have the
following SLAs:
Web App: 99.92%
SQL Database: 99.97%
Which of the following is the composite SLA value for this ap-
plication?
(A) 99.92%
(B) 99.99%
(C) 99.91%
(D) 99.89%

Explanation 40. 99.89% is the correct answer. When com-

bining SLAs across different service offerings, the resultant SLA
is called a Composite SLA. The resulting composite SLA can
provide higher or lower uptime values, depending on your ap-
plication architecture.

The composite SLA value for this application is: 99.92 percent

× 99.97 percent = 99.89 percent

For SLA and downtime calculations, remember that any time

you see a number “percent” (%), that number is divided by 100.
If you were entering the SLA calculation above, the actual val-
66
ues would be 0.9992 * 0.9997 = 0.9989.

Question 41. Microsoft Azure is made up of datacenters locat-

ed around the globe and organizes these datacenters into
__________________.
(A) Zones
(B) Sectors
(C) Districts
(D) Regions

Explanation 41. Regions is the correct answer. Microsoft

Azure is made up of datacenters located around the globe and
organizes these datacenters into regions.

A region is a set of datacenters deployed within a latency-de-

fined perimeter and connected through a dedicated regional
low-latency network. Azure intelligently assigns and controls
the resources within each region to ensure workloads are ap-
propriately balanced.

With more global regions than any other cloud provider, Azure
gives customers the flexibility to deploy applications where
they need to. Azure is generally available in 53 regions around
the world, with plans announced for 7 additional regions.

67
Question 42. _____________________ is the ability of a system to
recover from failures and continue to function. It’s not about
avoiding failures, but responding to failures in a way that avoids
downtime or data loss.
(A) Availability
(B) Redundancy
(C) Compatibility
(D) Resiliency

Explanation 42. Resiliency is the correct answer. Resiliency

is the ability of a system to recover from failures and continue to
function. It’s not about avoiding failures, but responding to fail-
ures in a way that avoids downtime or data loss.

One of the benefits is that geographies are fault-tolerant to

withstand complete region failure.
(A) TRUE
(B) FALSE

68
Explanation 43. TRUE is the correct answer. Azure divides
the world into geographies that are defined by geopolitical
boundaries or country borders. Azure geography is a discrete
market typically containing two or more regions that preserve
data residency and compliance boundaries. This division has
several benefits.

Geographies allow customers with specific data residency

and compliance needs to keep their data and applications
close.

Geographies ensure that data residency, sovereignty, com-

pliance, and resiliency requirements are honored within geo-
graphical boundaries.

Geographies are fault-tolerant to withstand complete region

failure through their connection to dedicated high-capacity
networking infrastructure.

Question 44. Application availability refers to what?

(A) The service level agreement of the associated resource
(B) Application support for an availability zone
(C) The overall time that a system is functional and
working
(D) The organization of datacenters into regions
69
Explanation 44. The overall time that a system is functional
and working is the correct answer. The time that a system is
up and running is referred to as the application availability.

Azure Application Insights sends web requests to your applica-

tion at regular intervals from points around the world. It can
alert you if your application isn’t responding, or if it responds
too slowly.

You can set up availability tests for any HTTP or HTTPS end-
point that is accessible from the public internet. You don’t have
to make any changes to the website you’re testing. In fact, it
doesn’t even have to be a site you own. You can test the avail-
ability of a REST API that your service depends on.

70
CHAPTER 4
SECURITY IN AZURE

Questions 45-53

Question 45. Which of the following option is a load balancer

that includes a Web Application Firewall (WAF) that provides
protection from common, known vulnerabilities in websites?
(A) Azure Firewall
(B) Azure Application Gateway
(C) Network virtual appliances (NVAs)
(D) Azure Application Gateway and Network virtual appli-
ances (NVAs)

Question 46. There has been an attack on your public-facing

website, and the application has been overwhelmed from re-
quests and now is unavailable to users. What service should
you use to prevent this type of attack?
(A) Azure Firewall
(B) Application Gateway
(C) Network Security Group
(D) DDoS protection

71
Question 47. Cloud security is a shared responsibility between
you and your cloud provider. Which category of cloud services
requires the greatest security effort on your part?
(A) Infrastructure as a Service (IaaS)
(B) Platform as a Service (PaaS)
(C) Software as a Service (SaaS)
(D) Database-as-a-Service (DBaaS)

Question 48. Azure Advanced Threat _________________ is a

cloud-based security solution that identifies, detects, and helps
you investigate advanced threats, compromised identities, and
malicious insider actions directed at your organization.
(A) Mitigation
(B) Protection
(C) Detection
(D) Response

Question 49. Which statement is not true about Azure role-

based access control (Azure RBAC)?
(A) You can manage who has access to Azure resources
(B) You can't manage what users can do with Azure re-
sources
(C) Allow a user to manage all resources in a resource
group, such as virtual machines, websites, and subnets
(D) Allow an application to access all resources in a re-
72
source group
(E) The four general built-in roles are Owner, Contributor,
Reader, User Access Administrator

Question 50. Single sign-on (SSO) provides additional security

for your identities by requiring two or more elements for full au-
thentication.
(A) TRUE
(B) FALSE

Question 51. Two fundamental concepts that need to be un-

derstood when talking about identity and access control are
authentication and authorization. One of the differences be-
tween authentication and authorization is that Authentication
determines whether users are who they claim to be while Au-
thorization determines what users can and cannot access.
(A) TRUE
(B) FALSE

Question 52. Which of the following option is a cloud-based

solution that helps organizations classify and optionally protect
documents and emails by applying labels?
(A) Microsoft Azure Information Protection
(B) Microsoft Azure Email Protection
(C) Microsoft Azure Document Protection
73
(D) Microsoft Azure Data Protection

Question 53. A great place to start when examining the securi-

ty of your Azure-based solutions is Azure _______________ Center.
(A) Security
(B) Safety
(C) Examine
(D) Diagnose

74
Answers 45-53

Question 45. Which of the following option is a load balancer

Explanation 45. Azure Application Gateway is the correct

answer. Azure Application Gateway is a load balancer that
includes a Web Application Firewall (WAF) that provides protec-
tion from common, known vulnerabilities in websites and en-
ables you to manage traffic to your web applications. It is de-
signed to protect HTTP traffic.

Azure Firewall is a managed, cloud-based network security

service that protects your Azure Virtual Network resources. It’s
a fully stateful firewall-as-a-service with built-in high availability
and unrestricted cloud scalability. You can centrally create, en-
force, and log application and network connectivity policies
across subscriptions and virtual networks.

75
Network virtual appliance (NVA) is used in the Azure applica-
tion to enhance high availability. It is used as an advanced level
of control over traffic flows, such as when building a demilita-
rized zone (DMZ) in the cloud. Are widely available in the Azure
marketplace, covering a range of network capabilities. NVA is a
virtual machine preconfigured with a certain workload, in this
case, a firewall software product.

Question 46. There has been an attack on your public-facing

Explanation 46. DDoS protection is the correct answer.

DDoS protection will help prevent DDoS attacks. The rest op-
tions can protect your application but they won’t prevent
DDoS-style attacks.

Distributed denial of service (DDoS) attacks are some of the

largest availability and security concerns facing customers that
are moving their applications to the cloud. A DDoS attack at-
76
tempts to exhaust an application’s resources, making the appli-
cation unavailable to legitimate users. DDoS attacks can be
targeted at any endpoint that is publicly reachable through the
internet.

Question 47. Cloud security is a shared responsibility between

Explanation 47. Infrastructure as a Service (IaaS) is func-

tional and working is the correct answer. With In-
frastructure as a Service (IaaS), you are leveraging the low-
est-level service and asking Azure to create virtual machines
(VMs) and virtual networks. At this level, it’s still your responsi-
bility to patch and secure your operating systems and software,
as well as configure your network to be secure.

The cloud provider provides physical security to compute re-

sources. However, it’s your responsibility to patch and secure
your operating systems and software, as well as configure your
network to be secure.
77
Moving to the Platform as a Service (PaaS) outsources sever-
al security concerns. At this level, Azure is taking care of the
operating system and of most foundational software like data-
base management systems. Everything is updated with the lat-
est security patches and can be integrated with Azure Active
Directory for access controls.

PaaS also comes with many operational advantages. Rather

than building whole infrastructures and subnets for your envi-
ronments by hand, you can “point and click” within the Azure
portal or run automated scripts to bring complex, secured sys-
tems up and down, and scale them as needed.

With Software as a Service (SaaS), you outsource almost

everything. SaaS is software that runs with an internet in-
frastructure. The code is controlled by the vendor but config-
ured to be used by the customer.

Database as a service (DBaaS) is a cloud computing man-

aged service offering that provides access to a database with-
out requiring the setup of physical hardware, the installation of
software or the need to configure the database

78
Question 48. Azure Advanced Threat _________________ is a
cloud-based security solution that identifies, detects, and helps
you investigate advanced threats, compromised identities, and
malicious insider actions directed at your organization.
(A) Mitigation
(B) Protection
(C) Detection
(D) Response

Explanation 48. Protection is the correct answer. Azure

Advanced Threat Protection (Azure ATP) is a cloud-based
security solution that identifies, detects, and helps you investi-
gate advanced threats, compromised identities, and malicious
insider actions directed at your organization.

Azure ATP is capable of detecting known malicious attacks and

techniques, security issues, and risks against your network.

Azure ATP enables SecOp analysts and security professionals

struggling to detect advanced attacks in hybrid environments
to:
1. Monitor users, entity behavior, and activities with learning-
based analytics
2. Protect user identities and credentials stored in Active Direc-
tory
79
3. Identify and investigate suspicious user activities and ad-
vanced attacks throughout the kill chain
4. Provide clear incident information on a simple timeline for
fast triage

Question 49. Which statement is not true about Azure role-

based access control (Azure RBAC)?
(A) You can manage who has access to Azure resources
(B) You can't manage what users can do with Azure re-
sources
(C) Allow a user to manage all resources in a resource
group, such as virtual machines, websites, and subnets
(D) Allow an application to access all resources in a resource
group
(E) The four general built-in roles are Owner, Contributor,
Reader, User Access Administrator

Explanation 49. You can't manage what users can do with

Azure resources is the correct answer.
Azure role-based access control (Azure RBAC) helps you
manage who has access to Azure resources, what they can do
with those resources, and what areas they have access to.

Here are some examples of what you can do with Azure

RBAC:
80
1. Allow one user to manage virtual machines in a subscription
and another user to manage virtual networks
2. Allow a DBA group to manage SQL databases in a subscrip-
tion
3. Allow a user to manage all resources in a resource group,
such as virtual machines, websites, and subnets
4. Allow an application to access all resources in a resource
group

Azure role-based access control (Azure RBAC) has several

Azure built-in roles that you can assign to users, groups, ser-
vice principals, and managed identities. Role assignments are
the way you control access to Azure resources. If the built-in
roles don’t meet the specific needs of your organization, you
can create your own Azure custom roles.

The following lists four fundamental built-in roles. The first

three apply to all resource types.

Owner – Has full access to all resources including the right to

delegate access to others.

Contributor – Can create and manage all types of Azure re-

sources but can’t grant access to others.

Reader – Can view existing Azure resources.

81
User Access Administrator – Lets you manage user access to
Azure resources.

Question 50. Single sign-on (SSO) provides additional security

for your identities by requiring two or more elements for full au-
thentication.
(A) TRUE
(B) FALSE

Explanation 50. FALSE is the correct answer. Multi-factor

authentication (MFA) provides additional security for your
identities by requiring two or more elements for full authentica-
tion.
These elements fall into three categories:
1. Something you know
2. Something you possess
3. Something you are

Something you know would be a password or the answer to a

security question.
Something you possess could be a mobile app that receives
a notification or a token-generating device.
Something you are is typically some sort of biometric proper-
ty, such as a fingerprint or face scan used on many mobile de-
vices.

82
Single sign-on (SSO) is an authentication process that allows
a user to access multiple applications with one set of login cre-
dentials.

With SSO, a user logs in once and gains access to different ap-
plications, without the need to re-enter log-in credentials at
each application. SSO authentication facilitates seamless net-
work resource usage. SSO mechanisms vary, depending on the
application type.

Question 51. Two fundamental concepts that need to be un-

Explanation 51. TRUE is the correct answer.

Authentication is about validating your credentials such as
Username/User ID and password to verify your identity. The
system then checks whether you are what you say you are us-
ing your credentials. Whether in public or private networks, the
83
system authenticates the user identity through login pass-
words.

Authorization occurs after your identity is successfully au-

thenticated by the system, which therefore gives you full ac-
cess to resources such as information, files, databases, funds,
etc.

However, authorization verifies your rights to grant you access

to resources only after determining your ability to access the
system and up to what extent.

In other words, authorization is the process to determine

whether the authenticated user has access to particular re-
sources.

Here’s a brief overview of the differences between authen-

tication and authorization:

Authentication
1. Determines whether users are who they claim to be
2. Challenges the user to validate credentials (for example,
through passwords, answers to security questions, or facial
recognition)
3. Usually done before authorization
84
Authorization
1. Determines what users can and cannot access
2. Verifies whether access is allowed through policies and rules
3. Usually done after successful authentication

Question 52. Which of the following option is a cloud-based

Explanation 52. Microsoft Azure Information Protection is

the correct answer.
Microsoft Azure Information Protection (sometimes referred
to as AIP) is a cloud-based solution that helps organizations
classify and optionally protect documents and emails by apply-
ing labels.

Labels can be applied automatically based on rules and condi-

tions. Labels can also be applied manually. You can also guide
users to choose recommended labels with a combination of
automatic and manual steps.
85
The following picture shows an example of Azure Information
Protection in action on a user’s computer. The administrator
has configured a label with rules that detect sensitive data and
in our example, this is credit card information.

When a user saves a Word document that contains a credit

card number, she sees a custom tooltip that recommends the
label that the administrator has configured. This label classifies
the document and protects it.

Question 53. A great place to start when examining the securi-

ty of your Azure-based solutions is Azure _______________ Center.
(A) Security
(B) Safety
(C) Examine
(D) Diagnose

86
Explanation 53. Security is the correct answer.
A great place to start when examining the security of your
Azure-based solutions is Azure Security Center.

Security Center is a monitoring service that provides threat pro-

tection across all of your services both in Azure, and on-
premises. Security Center can:
1. Provide security recommendations based on your configura-
tions, resources, and networks.

2. Monitor security settings across on-premises and cloud

workloads, and automatically apply required security to new
services as they come online.

3. Continuously monitor all your services, and perform auto-

matic security assessments to identify potential vulnerabilities
before they can be exploited.

4. Use machine learning to detect and block malware from be-

ing installed on your virtual machines and services. You can
also define a list of allowed applications to ensure that only the
apps you validate are allowed to execute.

5. Analyze and identify potential inbound attacks, and help to

investigate threats and any post-breach activity that might
have occurred.

87
6. Provide just-in-time access control for ports, reducing your
attack surface by ensuring the network only allows traffic that
you require.

88
CHAPTER 5
MONITOR INFRASTRUCTURE
STANDARDS WITH
AZURE POLICY

Questions 54-65

Question 54. You are looking for ways to understand how your
application is performing, and to identify possible issues affect-
ing the performance. Which of the following Azure service will
you enable?
(A) Trust Center
(B) Azure Service Health
(C) Azure Monitor
(D) Service Trust Portal

Question 55. Which of the following Azure service allows you

to segregate duties within your team and grant only the amount
of access to users that they need to perform their jobs?
(A) Initiatives
(B) Blueprints
(C) Policy
(D) Role-based Access Control

89
Question 56. Imagine that you want to control costs, so you
ask the administrator of your Azure tenant to define a policy
that prohibits the creation of any VM with more than 2GB RAM.
Which Azure service will you enable in order to achieve this?
(A) Azure Policy
(B) Azure Resource Manager
(C) Azure Blueprint
(D) Azure Active Directory

Question 57. Type the missing command that deletes the poli-
cy requirements through PowerShell.
PS C:\> $MyResourceGroup = Get-AzResourceGroup -Name
‘MyResourceGroup101’
PS C:\>_____________________________-Name ‘MyPolicyAssign-
ment201′ -Scope $MyResourceGroup.ResourceId -Force’

(A) Remove-AzPolicy
(B) Remove-AzPolicyAssignment
(C) Delete-AzPolicyAssignment
(D) Delete-AzPolicy

Question 58. The Azure service that collects, analyzes, and

provides actions on telemetry from your cloud and on-premises
environments and provides up-to-date status information
about the health of Azure services is called Azure ______________.
90
(A) Blueprint
(B) Monitor
(C) Policy
(D) Initiative

Question 59. Which Azure service allows you to create, assign,

and, manage policies to enforce different rules and effects over
your resources and stay compliant with your corporate stan-
dards and service-level agreements (SLAs)?
(A) Azure Active Directory
(B) Azure Blueprint
(C) Azure Policy
(D) Azure Resource Manager

Question 60. Azure Blueprints enables cloud architects and

central information technology groups to define a repeatable
set of Azure resources that implements and adheres to an or-
ganization’s standards.
(A) TRUE
(B) FALSE

Question 61. The feature that helps you organize and simplify
management of your policies is called Azure _________________.
(A) Blueprint
(B) Monitor
91
(C) Policy
(D) Initiative

Question 62. Where can you download published audit reports

and other compliance-related information related to Microsoft’s
cloud service?
(A) Azure Resource Manager
(B) Service Trust PortalService Trust Portal
(C) Microsoft Trust Center
(D) Azure Active Directory

Question 63. Which of the following policy definitions has a

set of conditions/rules to specify the resource types that your
organization can deploy?
(A) Allowed Storage Account SKUs
(B) Allowed Resource Type
(C) Allowed Locations
(D) Allowed Virtual Machine SKUs

Question 64. Which of the following policy definitions enables

you to restrict the locations that your organization can specify
when deploying resources?
(A) Allowed Storage Account SKUs
(B) Allowed Resource Type
(C) Allowed Locations
92
(D) Allowed Virtual Machine SKUs

Question 65. Which of the following policy definitions prevents

a list of resource types from being deployed?
(A) Allowed Storage Account SKUs
(B) Not allowed resource types
(C) Allowed Locations
(D) Allowed Virtual Machine SKUs

93
Answers 54-65

Explanation 54. Azure Monitor is the correct answer.

Azure Monitor maximizes the availability and performance of
your applications and services by delivering a comprehensive
solution for collecting, analyzing, and acting on telemetry from
your cloud and on-premises environments. It helps you under-
stand how your applications are performing and proactively
identifies issues affecting them and the resources they depend
on.

Just a few examples of what you can do with Azure Monitor in-
clude:
1. Detect and diagnose issues across applications and depen-
dencies with Application Insights.
2. Correlate infrastructure issues with Azure Monitor for
94
VMs and Azure Monitor for Containers.
3. Drill into your monitoring data with Log Analytics for trou-
bleshooting and deep diagnostics.
4. Support operations at scale with smart alerts and auto-
mated actions.
5. Create visualizations with Azure dashboards and work-
books.

Question 55. Which of the following Azure service allows you

to segregate duties within your team and grant only the amount
of access to users that they need to perform their jobs?
(A) Initiatives
(B) Blueprints
(C) Policy
(D) Role-based Access Control

Explanation 55. Role-based Access Control is the correct

answer. Azure role-based access control (Azure RBAC) is a
system that provides fine-grained access management of
Azure resources. Using Azure RBAC, you can segregate duties
within your team and grant only the amount of access to users
that they need to perform their jobs.

Question 56. Imagine that you want to control costs, so you

ask the administrator of your Azure tenant to define a policy
95
that prohibits the creation of any VM with more than 2GB RAM.
Which Azure service will you enable in order to achieve this?
(A) Azure Policy
(B) Azure Resource Manager
(C) Azure Blueprint
(D) Azure Active Directory

Explanation 56. Azure Policy is the correct answer. Azure

Once your administrator implements the policy, Azure Policy

will stop anyone from creating a new VM outside the list of al-
lowed stock-keeping units (SKUs). Also, if you try to update an
existing VM, it will be checked against the policy. Finally, Azure
Policy will audit all the existing VMs in our organization to en-
sure our policy is enforced.

Question 57. Type the missing command that deletes the poli-
cy requirements through PowerShell.
PS C:\> $MyResourceGroup = Get-AzResourceGroup -Name
‘MyResourceGroup101’
PS C:\>_____________________________-Name ‘MyPolicyAssign-
96
ment201′ -Scope $MyResourceGroup.ResourceId -Force’

(A) Remove-AzPolicy
(B) Remove-AzPolicyAssignment
(C) Delete-AzPolicyAssignment
(D) Delete-AzPolicy

Explanation 57. Remove-AzPolicyAssignment is the correct

answer. You can delete policy requirements through the por-
tal or through the PowerShell command Remove-AzPolicyAs-
signment.

PS C:\> $MyResourceGroup = Get-AzResourceGroup -Name

'MyResourceGroup101'

PS C:\> Remove-AzPolicyAssignment -Name 'MyPolicyAs-

signment201' -Scope $MyResourceGroup.ResourceId -Force'

The first command gets a resource group named MyResource-

Group101 by using the Get-AzResourceGroup cmdlet. The
command stores that object in the $MyResourceGroup vari-
able.

The second command removes the policy assignment named

MyPolicyAssignment201 that was assigned at a resource group

97
level. The ResourceId property of $MyResourceGroup identifies
the resource group.

-Name Specifies the name of the policy assignment that this

cmdlet removes.

-Scope Specifies the scope at which the policy is applied.

The term scope refers to all the resources, resource groups,

subscriptions, or management groups that the definition is as-
signed to. Assignments are inherited by all child resources. This
design means that a definition applied to a resource group is
also applied to resources in that resource group. However, you
can exclude a subscope from the assignment.

For example, at the subscription scope, you can assign a defin-

ition that prevents the creation of networking resources. You
could exclude a resource group in that subscription that is in-
tended for networking infrastructure. You then grant access to
this networking resource group to users that you trust with cre-
ating networking resources.

Question 58. The Azure service that collects, analyzes, and

provides actions on telemetry from your cloud and on-premises
environments and provides up-to-date status information
about the health of Azure services is called Azure ______________.

98
(A) Blueprint
(B) Monitor
(C) Policy
(D) Initiative

Explanation 58. Monitor is the correct answer. The Azure

service that collects, analyzes, and provides actions on teleme-
try from your cloud and on-premises environments and pro-
vides up-to-date status information about the health of Azure
services is called Azure Monitor.

Question 59. Which Azure service allows you to create, assign,

Explanation 59. Azure Policy is the correct answer. Azure

Policy is an Azure service you use to create, assign, and man-
age policies. These policies enforce different rules and effects
over your resources so that those resources stay compliant
with your corporate standards and service level agreements.
99
Once your administrator implements the policy, Azure Policy
will stop anyone from creating a new VM outside the list of al-
lowed stock-keeping units (SKUs). Also, if you try to update an
existing VM, it will be checked against the policy. Finally, Azure
Policy will audit all the existing VMs in our organization to en-
sure our policy is enforced.

Question 60. Azure Blueprints enables cloud architects and

central information technology groups to define a repeatable
set of Azure resources that implements and adheres to an or-
ganization’s standards.
(A) TRUE
(B) FALSE

Explanation 60. TRUE is the correct answer. Azure Blue-

prints enables cloud architects and central information tech-
nology groups to define a repeatable set of Azure resources
that implements and adheres to an organization’s standards.

Blueprints are a declarative way to orchestrate the deployment

of various resource templates and other artifacts such as:
1. Role Assignments
2. Policy Assignments
3. Azure Resource Manager templates
100
4. Resource Groups

Blueprint objects are replicated to multiple Azure regions. This

replication provides low latency, high availability, and consistent
access to your blueprint objects, regardless of which region
Azure Blueprints deploys your resources to.

Question 61. The feature that helps you organize and simplify
management of your policies is called Azure _________________.
(A) Blueprint
(B) Monitor
(C) Policy
(D) Initiative

Explanation 61. Initiative is the correct answer. The feature

that helps you organize and simplify management of your poli-
cies is called Azure initiative.

Managing a few policy definitions is easy, but once you have

more than a few, you will want to organize them. That’s where
initiatives come in.

An Azure initiative is a collection of Azure policy definitions

that are grouped together towards a specific goal or purpose in
mind. Azure initiatives simplify the management of your policies
101
by grouping a set of policies together as one single item. Even if
you have a single policy, we recommend using initiatives if you
anticipate increasing the number of policies over time.

Question 62. Where can you download published audit reports

Explanation 62. Microsoft Trust Center is the correct an-

swer. Service Trust Portal (STP) hosts the Compliance Man-
ager service and is the Microsoft public site for publishing audit
reports and other compliance-related information relevant to
Microsoft’s cloud services.

STP users can download audit reports produced by external

auditors and gain insight from Microsoft-authored reports that
provide details on how Microsoft builds and operates its cloud
services.

STP also includes information about how Microsoft online ser-

vices can help your organization maintain and track compliance
102
with standards, laws, and regulations, such as:
1. ISO
2. SOC
3. NIST
4. FedRAMP
5. GDPR

Question 63. Which of the following policy definitions has a

Explanation 63. Allowed Resource Type is the correct an-

swer. Allowed Resource Type has a set of conditions/rules to
specify the resource types that your organization can deploy.
Its effect is to deny all resources that are not part of this defined
list.

Question 64. Which of the following policy definitions enables

you to restrict the locations that your organization can specify
when deploying resources?
(A) Allowed Storage Account SKUs
103
(B) Allowed Resource Type
(C) Allowed Locations
(D) Allowed Virtual Machine SKUs

Explanation 64. Allowed Locations is the correct answer.

Allowed Locations enables you to restrict the locations that
your organization can specify when deploying resources. Its ef-
fect is used to enforce your geographic compliance require-
ments.

Question 65. Which of the following policy definitions prevents

a list of resource types from being deployed?
(A) Allowed Storage Account SKUs
(B) Not allowed resource types
(C) Allowed Locations
(D) Allowed Virtual Machine SKUs

Explanation 65. Not allowed resource types is the correct

answer. Not allowed resource types prevents a list of re-
source types from being deployed.

104
CHAPTER 6
AZURE RESOURCE MANAGER

Questions 66-76

Question 66. Type the missing command that tags the Virtual
Machine ‘examsdigest-vm1’ with the key ‘exams’ and value
‘azure’, through Azure CLI.
__________________________ - -tags exams=azure -g examsdigest-
lessons-rg -n examsdigest-vm1 – -resource-type “Microsoft.-
Compute/virtualMachines”

(A) az resource tag

(B) az tag vm
(C) az resource vm
(D) az tag machine

Question 67. What you can do in order to restrict which Azure

regions you can deploy resources to?
(A) Create a Resource Group
(B) Apply tags
(C) Create a Policy
(D) Use resource locks

105
Question 68. _________________ provide a way for administrators
to lock down Azure resources to prevent deletion or changing
of a resource.
(A) Resource Groups
(B) Tags
(C) Policies
(D) Resource Locks

Question 69. You can use tags to automate the shutdown and
startup of virtual machines in development environments.
(A) TRUE
(B) FALSE

Question 70. Which of the following approaches would be the

most efficient way to ensure a naming convention was followed
across your subscription?
(A) Send out an email with the details of your naming con-
ventions and hope it is followed
(B) Create a policy with your naming requirements and as-
sign it to the scope of your subscription
(C) Plan a training session for all users
(D) Give all other users except for yourself read-only access
to the subscription. Have all requests to create resources sent
to you so you can review the names being assigned to re-
sources, and then create them
106
Question 71. In order to associate a cost center with resources
for an internal chargeback or to store production, department
association and organize them into taxonomies, you will use a
feature called _________________.
(A) Resource Groups
(B) Tags
(C) Policy
(D) Resource Locks

Question 72. Which of the following statements are not true

about Role-Based Access Control (RBAC)? (Choose all that ap-
ply)
(A) RBAC doesn't allow one user to manage VMs in a sub-
scription, and another user to manage virtual networks
(B) RBAC allows an application to access all resources in a
resource group
(C) RBAC allows a user to manage all resources in a re-
source group, such as VMs, websites, and virtual subnets
(D) RBAC doesn't allow a database administrator (DBA)
group to manage SQL databases in a subscription

Question 73. You have been asked by the business’s Manager

to apply a solution that prevents any sort of modification or
deletion of critical Azure resources. Which of the following fea-
107
ture will you apply in order to make it happen?
(A) Azure Resource Groups
(B) Tags
(C) Azure Policies
(D) Resource Locks

Question 74. Which of the following are important factors to

consider when defining your resource group? (Choose all that
apply)
(A) All the resources in your group should share the same
lifecycle
(B) Each resource can only exist in one resource group
(C) You can add or remove a resource to a resource group
at any time
(D) A resource group can contain resources that are located
in different regions
(E) A resource group can be used to scope access control
for administrative actions

Question 75. If you delete a resource group, all resources con-

tained within are also deleted.
(A) TRUE
(B) FALSE

108
Question 76. Imagine the following scenario. One role assign-
ment grants you read permissions to a resource group, and a
different role assignment grants you write permissions to the
same resource group. What permission(s) would you have on
that resource group?
(A) Read permission
(B) Write permission
(C) Both read and write permission
(D) The last permission granted

109
Answers 66-76

(A) az resource tag

(B) az tag vm
(C) az resource vm
(D) az tag machine

Explanation 66. az resource tag is the correct answer.

Tags are name/value pairs of text data that you can apply to re-
sources, resource groups, and subscriptions to logically orga-
nize them into a taxonomy. Tags allow you to associate custom
details about your resource has the following properties:
1. department (like finance, marketing, and more)
2. environment (prod, test, dev)
3. cost center
4. life cycle and automation (like shutdown and startup of virtu-
al machines)
110
Full command syntax:
az resource tag --tags exams=azure -g examsdigest-lessons-
infrastructure-rg -n examsdigest-vm1 --resource-type "Mi-
crosoft.Compute/virtualMachines"

Question 67. What you can do in order to restrict which Azure

regions you can deploy resources to?
(A) Create a Resource Group
(B) Apply tags
(C) Create a Policy
(D) Use resource locks

Explanation 67. Create a Policy is the correct answer.

Azure Policy is a service you can use to create, assign, and
manage policies. These policies apply and enforce rules that
your resources need to follow. These policies can enforce these
rules when resources are created and can be evaluated against
existing resources to give visibility into compliance.

You’d like to ensure that all resources have

the Examsdigest tag associated with them and block creation
if it doesn’t exist. You’ll need to create a new policy definition
and then assign it to a scope; in this case, the scope will be
our examsdigest-lessons-rg resource group.
111
1. You could use policy to restrict which Azure regions you can
deploy resources to.
2. You could use policy to restrict which types of virtual ma-
chine sizes can be deployed.
3. You could also use policy to enforce naming conventions.

Question 68. _________________ provide a way for administrators

to lock down Azure resources to prevent deletion or changing
of a resource.
(A) Resource Groups
(B) Tags
(C) Policies
(D) Resource Locks

Explanation 68. Resource Locks is the correct answer.

Resource Locks provide a way for administrators to lock down
Azure resources to prevent deletion or changing of a resource.
These are very useful when you have an important resource in
your subscription that users should not be able to delete or
change and can help prevent accidental and malicious
changes or deletion.

Resource locks can set to either Delete or Read-only. Delete will

allow all operations against the resource but block the ability to
112
delete it. Read-only will only allow read activities to be per-
formed against it, blocking any modification or deletion of the
resource.

Question 69. You can use tags to automate the shutdown and
startup of virtual machines in development environments.
(A) TRUE
(B) FALSE

Explanation 69. TRUE is the correct answer.

You can retrieve all the resources in your subscription with a

specific tag name or value. Tags enable you to retrieve related
resources from different resource groups. This approach is
helpful when you need to organize resources for billing or man-
agement.

Tagging resources can also help in monitoring to track down

impacted resources. Monitoring systems could include tag data
with alerts, giving you the ability to know exactly who is im-
pacted.
113
It’s also common for tags to be used in automation. If you want
to automate the shutdown and startup of virtual machines in
development environments during off-hours to save costs, you
can use tags to assist in this automation. Add
a shutdown:8PM and startup:6AM tag to the virtual ma-
chines, then create an automation job that looks for these tags,
and shuts them down or starts them up based on the tag value.

Question 70. Which of the following approaches would be the

Explanation 70. Create a policy with your naming require-

ments and assign it to the scope of your subscription is the
correct answer.
114
Creating a policy with your naming requirements and as-
sign it to the scope of your subscription is the most efficient
way to ensure a naming convention was followed across your
subscription.

Azure Policy is a service you can use to create, assign, and

manage policies. These policies apply and enforce rules that
your resources need to follow. These policies can enforce these
rules when resources are created and can be evaluated against
existing resources to give visibility into compliance.

You’d like to ensure that all resources have the Examsdigest tag
associated with them and block creation if it doesn’t exist.
You’ll need to create a new policy definition and then assign it
to a scope; in this case, the scope will be our examsdigest-
lessons-rg resource group.

You could use policy to restrict which Azure regions you can
deploy resources to.

You could use policy to restrict which types of virtual machine

sizes can be deployed.

You could also use policy to enforce naming conventions.

115
Question 71. In order to associate a cost center with resources
for an internal chargeback or to store production, department
association and organize them into taxonomies, you will use a
feature called _________________.
(A) Resource Groups
(B) Tags
(C) Policy
(D) Resource Locks

Explanation 71. Tags is the correct answer.

Tags are name/value pairs of text data that you can apply to re-
sources, resource groups and subscriptions to logically orga-
nize them into a taxonomy. Tags allow you to associate custom
details about your resource, in addition to the standard Azure
properties a resource has the following properties:
1. department (like finance, marketing, and more)
2. environment (prod, test, dev)
3. cost center
4. life cycle and automation (like shutdown and startup of virtu-
al machines)

Question 72. Which of the following statements are not true

about Role-Based Access Control (RBAC)? (Choose all that ap-
ply)
(A) RBAC doesn't allow one user to manage VMs in a
116
subscription, and another user to manage virtual networks
(B) RBAC allows an application to access all resources in a
resource group
(C) RBAC allows a user to manage all resources in a re-
source group, such as VMs, websites, and virtual subnets
(D) RBAC doesn't allow a database administrator (DBA)
group to manage SQL databases in a subscription

Explanation 72. A and D are the correct answers.

Azure role-based access control (Azure RBAC) is a system
that provides fine-grained access management of Azure re-
sources. Using Azure RBAC, you can segregate duties within
your team and grant only the amount of access to users that
they need to perform their jobs.

Here are some examples of what you can do with Azure

RBAC:
1. Allow one user to manage virtual machines in a subscription
and another user to manage virtual networks.
2. Allow a DBA group to manage SQL databases in a subscrip-
tion.
3. Allow a user to manage all resources in a resource group,
such as virtual machines, websites, and subnets.
4. Allow an application to access all resources in a resource
group.
117
The way you control access to resources using Azure RBAC is
to create role assignments.
This is a key concept to understand – it's how permissions are
enforced.

A role assignment consists of three elements:

1. security principal
2. role definition
3. scope.

A security principal is an object that represents a user, group,

service principal, or managed identity that is requesting access
to Azure resources.

A role definition is a collection of permissions. A role definition

lists the operations that can be performed, such as read, write,
and delete. Roles can be high-level, like owners, or specific, like
virtual machine readers.

Here are some best practices you should use when setting
up resources.

1. Segregate duties within your team and grant only the amount
of access to users that they need to perform their jobs.
118
2. Instead of giving everybody unrestricted permissions in your
3. Azure subscription or resources, allow only specific actions
at a particular scope.
4. When planning your access control strategy, grant users the
lowest privilege level that they need to do their work. Use Re-
source Locks to ensure critical resources aren't modified or
deleted.

Question 73. You have been asked by the business’s Manager

to apply a solution that prevents any sort of modification or
deletion of critical Azure resources. Which of the following fea-
ture will you apply in order to make it happen?
(A) Azure Resource Groups
(B) Tags
(C) Azure Policies
(D) Resource Locks

Explanation 73. Resource Locks is the correct answer.

Resource Locks provide a way for administrators to lock down
Azure resources to prevent deletion or changing of a resource.

These are very useful when you have an important resource in

your subscription that users should not be able to delete or
change and can help prevent accidental and malicious
changes or deletion.
119
Resource locks can set to either Delete or Read-only. Delete will
allow all operations against the resource but block the ability to
delete it.

Read-only will only allow read activities to be performed against

it, blocking any modification or deletion of the resource.

CanNotDelete means authorized users can still read and mod-

ify a resource, but they can’t delete the resource.

ReadOnly means authorized users can read a resource, but

they can’t delete or update the resource. Applying this lock is
similar to restricting all authorized users to the permissions
granted by the Reader role.

When you apply a lock at a parent scope, all resources within

that scope inherit the same lock. Even the resources you add
later inherit the lock from the parent. The most restrictive lock in
the inheritance takes precedence.

Unlike role-based access control, you use management locks

to apply a restriction across all users and roles.

120
Question 74. Which of the following are important factors to
consider when defining your resource group? (Choose all that
apply)
(A) All the resources in your group should share the
same lifecycle
(B) Each resource can only exist in one resource group
(C) You can add or remove a resource to a resource
group at any time
(D) A resource group can contain resources that are lo-
cated in different regions
(E) A resource group can be used to scope access con-
trol for administrative actions

Explanation 74. A, B, C, D, and E are the correct answers.

All the answers are important factors to consider when
defining your resource group. A resource group is a con-
tainer that holds related resources for an Azure solution. The
resource group can include all the resources for the solution, or
only those resources that you want to manage as a group.

You decide how you want to allocate resources to resource

groups based on what makes the most sense for your organi-
zation.

Generally, add resources that share the same lifecycle to the

121
same resource group so you can easily deploy, update, and
delete them as a group.

The resource group stores metadata about the resources.

Therefore, when you specify a location for the resource group,
you are specifying where that metadata is stored.

For compliance reasons, you may need to ensure that your data
is stored in a particular region.

There are some important factors to consider when defin-

ing your resource group:
1. All the resources in your group should share the same lifecy-
cle. You deploy, update, and delete them together. If one re-
source, such as a database server, needs to exist on a different
deployment cycle it should be in another resource group.
2. Each resource can only exist in one resource group.
3. Some resources can exist outside of a resource group.
These resources are deployed to the subscription, manage-
ment group, or tenant. Only specific resource types are sup-
ported at these scopes.
4. You can add or remove a resource to a resource group at any
time.
5. You can move a resource from one resource group to anoth-
er group. Move resources to new resource group or subscrip-
122
tion.
6. A resource group can contain resources that are located in
different regions.
7. A resource group can be used to scope access control for
administrative actions.
8. A resource can interact with resources in other resource
groups. This interaction is common when the two resources are
related but don’t share the same lifecycle (for example, web
apps connecting to a database).

Question 75. If you delete a resource group, all resources con-

tained within are also deleted.
(A) TRUE
(B) FALSE

Explanation 75. TRUE is the correct answer.

Resource groups are a fundamental element of the Azure plat-
form. A resource group is a logical container for resources de-
ployed on Azure.

These resources are anything you create in Azure subscription-

like virtual machines, Application Gateways, and CosmosDB in-
stances. All resources must be in a resource group and a re-
source can only be a member of a single resource group.

123
Resource groups exist to help manage and organize your Azure
resources. By placing resources of similar usage, type, or loca-
tion, you can provide some order and organization to resources
you create in Azure.

If you delete a resource group, all resources contained

within are also deleted.

Question 76. Imagine the following scenario. One role assign-

ment grants you read permissions to a resource group, and a
different role assignment grants you write permissions to the
same resource group. What permission(s) would you have on
that resource group?
(A) Read permission
(B) Write permission
(C) Both read and write permission
(D) The last permission granted

Explanation 76. Both read and write permission is the cor-

rect answer. You would have Both read and write permis-
sion. It doesn’t matter which permission is granted first or last.

124
CHAPTER 7
OPTIMIZE SPENDING FOR AZURE

Questions 77-76

Question 77. Which of the following feature analyzes your de-

ployed services and looks for ways to improve your security,
performance, operational excellence, and cost?
(A) Azure Advisor
(B) Azure Cost Management
(C) Azure role-based access controlAzure role-based ac-
cess control
(D) Azure Policy

Question 78. Which of the following factors affect your month-

ly costs when using Azure services? (Choose all that apply)
(A) Resource type
(B) Services
(C) Location
(D) Azure billing zones

125
Question 79. The tool in Azure that allows you to see historical
breakdowns of what services you are spending your money on
is called Azure _________________ Management.
(A) Bill
(B) Price
(C) Cost
(D) Spend

Question 80. The Availability Zone is considered a factor that

affects the monthly costs when using Azure services costs.
(A) TRUE
(B) FALSE

Question 81. Which of the following meters track the usage of

the Virtual Machine that you provision in Azure? (Choose all
that apply)
(A) Compute Hours
(B) IP Address Hours
(C) Data Transfer In
(D) Data Transfer Out
(E) Standard IO-Disk

Question 82. Which of the following approaches is not a cost-

saving solution?
(A) Deallocate virtual machines during off-hours
126
(B) Use Azure Reserved Virtual Machine Instances
(C) Load balance your virtual machines for incoming mes-
sages
(D) Right-size underutilized virtual machines

Question 83. Which of the following tool helps you to predict

the estimated monthly Azure bill for the services you use or for
the service you will use?
(A) Azure Pricing Calculator
(B) Azure Estimate Calculator
(C) Azure Monthly Calculator
(D) Azure Cost Calculator

Question 84. Which of the following statement is not true re-

gards the factors that affect the monthly cost?
(A) A Zone is a geographical grouping of Azure Regions for
billing purposes
(B) Most of the time inbound data transfers (data going into
Azure datacenters) are free
(C) Azure usage rates and billing periods are the same be-
tween Enterprise, Web Direct, and Cloud Solution Provider
(CSP) customers
(D) The usage that a meter tracks and the number of meters
associated with a resource depend on the resource type

127
Question 85. Which tab of the Azure pricing calculator page
will you use to put together your estimate?
(A) Products
(B) Example Scenarios
(C) Saved Estimated
(D) FAQ

128
Answers 77-85

Question 77. Which of the following feature analyzes your de-

Explanation 77. Azure Advisor is the correct answer. Azure

Advisor is a free service built into Azure that provides recom-
mendations on high availability, security, performance, opera-
tional excellence, and cost. Advisor analyzes your deployed
services and looks for ways to improve your environment
across each of these areas.

Question 78. Which of the following factors affect your month-

ly costs when using Azure services? (Choose all that apply)
(A) Resource type
(B) Services
(C) Location
(D) Azure billing zones

129
Explanation 78. A, B, C and D are the correct answers. All
answers can affect your monthly costs when using Azure
services.

Resource type
Costs are resource-specific, so the usage that a meter tracks
and the number of meters associated with a resource depend
on the resource type.

Each meter tracks a particular kind of usage. For example, a

meter might track bandwidth usage (ingress or egress network
traffic in bits-per-second), the number of operations, size (stor-
age capacity in bytes), or similar items.

Services
Azure usage rates and billing periods can differ between Enter-
prise, Web Direct, and Cloud Solution Provider (CSP) cus-
tomers. Some subscription types also include usage al-
lowances, which affect costs.

Location
Azure has datacenters all over the world. Usage costs vary be-
tween locations that offer particular Azure products, services,
and resources based on popularity, demand, and local in-
frastructure costs.
130
Azure billing zones
Bandwidth refers to data moving in and out of Azure datacen-
ters. Most of the time inbound data transfers (data going into
Azure datacenters) are free. For outbound data transfers (data
going out of Azure datacenters), the data transfer pricing is
based on Billing Zones.

A Zone is a geographical grouping of Azure Regions for billing

purposes. Billing zones aren’t the same as an Availability Zone.

In Azure, the term zone is for billing purposes only, and the full
term Availability Zone refers to the failure protection that Azure
provides for datacenters.

Question 79. The tool in Azure that allows you to see historical
breakdowns of what services you are spending your money on
is called Azure _________________ Management.
(A) Bill
(B) Price
(C) Cost
(D) Spend

Explanation 79. Cost is the correct answer. The tool in

Azure that allows you to see historical breakdowns of what ser-
131
vices you are spending your money on is called Azure Cost
Management.

Azure Cost Management is a free, built-in Azure tool that can

be used to gain greater insights into where your cloud money is
going.

You can see historical breakdowns of what services you are

spending your money on and how it is tracking against budgets
that you have set. You can set budgets, schedule reports, and
analyze your cost areas.

Question 80. The Availability Zone is considered a factor that

affects the monthly costs when using Azure services costs.
(A) TRUE
(B) FALSE

Explanation 80. FALSE is the correct answer. The Availabil-

ity Zone is not considered a factor that affects the
monthly costs when using Azure services costs.

The primary factors that affect the monthly costs including re-
source type, services, the user’s location, and the billing
zone.

132
Resource type
Costs are resource-specific, so the usage that a meter tracks
and the number of meters associated with a resource depend
on the resource type.

Each meter tracks a particular kind of usage. For example, a

meter might track bandwidth usage (ingress or egress network
traffic in bits-per-second), the number of operations, size (stor-
age capacity in bytes), or similar items.

Azure billing zones

Bandwidth refers to data moving in and out of Azure datacen-
ters. Most of the time inbound data transfers (data going into
133
Azure datacenters) are free. For outbound data transfers (data
going out of Azure datacenters), the data transfer pricing is
based on Billing Zones.

A Zone is a geographical grouping of Azure Regions for billing

purposes. Billing zones aren’t the same as an Availability Zone.
In Azure, the term zone is for billing purposes only, and the full
term Availability Zone refers to the failure protection that Azure
provides for datacenters.

Question 81. Which of the following meters track the usage of

the Virtual Machine that you provision in Azure? (Choose all
that apply)
(A) Compute Hours
(B) IP Address Hours
(C) Data Transfer In
(D) Data Transfer Out
(E) Standard IO-Disk

Explanation 81. A,B,C,D and E are the correct answers. All

the answers are correct. When you provision an Azure re-
source, Azure creates one or more meter instances for that re-
source. The meters track the resources’ usage and generate a
usage record that is used to calculate your bill.

134
For example, a single virtual machine that you provision in
Azure might have the following meters tracking its usage:
1. Compute Hours
2. IP Address Hours
3. Data Transfer In
4. Data Transfer Out
5. Standard Managed Disk
6. Standard Managed Disk Operations
7. Standard IO-Disk
8. Standard IO-Block Blob Read
9. Standard IO-Block Blob Write
10. Standard IO-Block Blob Delete

The meters and pricing vary per product and often have differ-
ent pricing tiers based on the size or capacity of the resource.

At the end of each monthly billing cycle, the usage values will
be charged to your payment method and the meters are reset.
You can check the billing page in the Azure portal at any time to
get a quick summary of your current usage and see any invoic-
es from past billing cycles.

The key takeaway is that resources are always

charged based on usage. For example, if you de-allocate a
VM then you will not be billed for compute hours, I/O reads or
135
writes or the private IP address since the VM is not running and
has no allocated compute resources. However, you will incur
storage costs for the disks.

De-allocating a VM is not the same as deleting a VM. De-allo-

cation means the VM is not assigned to a CPU or network in a
datacenter. However, your persistent disks remain, and the re-
source is present in your subscription. It’s similar to turning off
your physical computer.

Question 82. Which of the following approaches is not a cost-

saving solution?
(A) Deallocate virtual machines during off-hours
(B) Use Azure Reserved Virtual Machine Instances
(C) Load balance your virtual machines for incoming
messages
(D) Right-size underutilized virtual machines

Explanation 82. Load balance your virtual machines for in-

coming messages is the correct answer. Load
balancing refers to evenly distributing load (incoming network
traffic) across a group of backend resources or servers, is used
for performance optimization and is not considered a cost-
saving solution.

136
Deallocate virtual machines in off-hours – If you have virtual
machine workloads that are only used during certain periods,
but you’re running them every hour of every day, you’re wasting
money. These VMs are great candidates to shut down when
not in use and start back up on a schedule, saving you com-
pute costs while the VM is deallocated.

This approach is an excellent strategy for development envi-

ronments. It’s often the case that development may happen
only during business hours, giving you the flexibility to de-
allocate these systems in the off hours and stopping your com-
pute costs from accruing.

Reserved Instances – If you have virtual machine workloads

that are static and predictable, using Reserved Instances is a
fantastic way to potentially save up to 70 to 80 percent off the
pay-as-you-go cost. The savings can be significant, depending
on the VM size and duration the machine runs.

Right-size underutilized virtual machines – Right-sizing a

virtual machine is the process of resizing it to a proper size.

Let’s imagine you have a server running as a domain controller

that is sized as a Standard_D4sv3, but your VM is sitting at 90
percent idle the vast majority of the time. By resizing this VM to
137
a Standard_D2sv3, you reduce your compute cost by 50 per-
cent.

Question 83. Which of the following tool helps you to predict

Explanation 83. Azure Pricing Calculator is the correct an-

swer. The Azure Pricing Calculator, helps you to predict the
estimated monthly Azure bill for any Azure workload. Once you
have Azure services running, the Azure Portal helps you to
monitor the actual costs that you have incurred.

Microsoft developed the Azure pricing calculator to estimate

what it might cost to run over the next 12 months. The Azure
pricing calculator is a free web-based tool that allows you to in-
put Azure services and modify properties and options of the
services. It outputs the costs per service and total cost for the
full estimate.

138
Question 84. Which of the following statement is not true re-
gards the factors that affect the monthly cost?
(A) A Zone is a geographical grouping of Azure Regions for
billing purposes
(B) Most of the time inbound data transfers (data going into
Azure datacenters) are free
(C) Azure usage rates and billing periods are the same
between Enterprise, Web Direct, and Cloud Solution
Provider (CSP) customers
(D) The usage that a meter tracks and the number of meters
associated with a resource depend on the resource type

Explanation 84. Azure usage rates and billing periods are

the same between Enterprise, Web Direct, and Cloud Solu-
tion Provider (CSP) customers is the correct answer.

Services
Azure usage rates and billing periods can differ between En-
terprise, Web Direct, and Cloud Solution Provider (CSP) cus-
tomers.

Resource type
Costs are resource-specific, so the usage that a meter tracks
and the number of meters associated with a resource depend
on the resource type.
139
Location
Azure has datacenters all over the world. Usage costs vary be-
tween locations that offer particular Azure products, services,
and resources based on popularity, demand, and local in-
frastructure costs.

Azure billing zones

Bandwidth refers to data moving in and out of Azure datacen-
ters. Most of the time inbound data transfers (data going into
Azure datacenters) are free. For outbound data transfers (data
going out of Azure datacenters), the data transfer pricing is
based on Billing Zones.

A Zone is a geographical grouping of Azure Regions for billing

purposes.

Question 85. Which tab of the Azure pricing calculator page

will you use to put together your estimate?
(A) Products
(B) Example Scenarios
(C) Saved Estimated
(D) FAQ

Explanation 85. Products is the correct answer. On the

140
pricing calculator page, you’ll see several tabs:
1. Products. This tab is where you’ll do most of your activity.
This tab has all the Azure services listed and is where you’ll add
or remove services to put together your estimate.

2. Example Scenarios This tab has several examples of in-

frastructure involved in common cloud-based solutions. You
can add all the components of the entire scenario to estimate
the cost.

3. Saved Estimates. This tab has all of your previously saved

estimates. We’ll go through this process in a moment.

4. FAQ. Just as it says, this tab has answers to some frequently

asked questions.

The Products tab has all the Azure services listed and is where

you’ll add or remove services to get your estimate.

Clicking on any of the categories will display the services in

that category. There’s also a search box where you can search
through all services for the service you’re looking for. Clicking
on the service will add it to your estimate. You can add just one
service, or you can add as many as you need, including multi-
ples of the same service.
141
BONUS PRACTICE EXAM TEST
Question 1. Which of the following cloud services requires the
least amount of user management, as a service provider is re-
sponsible for managing everything, and the end-user just uses
the software?
(A) Infrastructure as a service (IaaS)
(B) Platform as a service (PaaS)
(C) Software as a service (SaaS)
(D) Infrastructure as a service (IaaS) and Platform as a ser-
vice (PaaS)

Question 2. Which Azure support plan is best for Non-critical

workloads?
(A) Azure Standard
(B) Azure Professional Direct
(C) Azure Developer
(D) Azure doesn't offer support for Non-critical workloads
but only for Business-critical workloads

Question 3. Which of the following statements are true about

Azure Load Balancer? (Choose all that apply)
(A) Azure Load Balancer works with internet-facing traffic
only
(B) Azure Load Balancer distributes traffic among similar
142
systems, making your services more highly available
(C) When you use Azure Load Balancer, there's no in-
frastructure or software for you to maintain
(D) You can't define forwarding rules based on the source IP
on Azure Load Balancer
(E) Azure Load balancer supports only inbound scenarios
(F) Enable support for load-balancing of IPv6

Question 4. Which of the following techniques will you use to

build and host web apps, mobile backends, and/or RESTful
APIs without managing infrastructure?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Question 5. A content ________________ network is a distributed

network of servers that can efficiently deliver web content to
users.
(A) Delivery
(B) Public
(C) Private
(D) Scalable

143
Question 6. Imagine that you work on a multivendor market-
place application that runs on millions of mobile devices. De-
mand is unpredictable because you see a spike in usage
whenever vendors send promotional newsletters. Which Azure
compute resource is the best match for this workload?
(A) Virtual Machines
(B) Containers
(C) Azure App Service
(D) Serverless computing

Question 7. Which of the following compute performing tech-

Question 8. Suppose you have an application running locally

on your own server. You reach the point that you need addi-
tional capacity but you don’t want to buy upgraded on-premis-
es hardware, so you decide to move to Azure. Which compute
option would give you the quickest route to getting your appli-
cation running in Azure?
144
(A) Serverless computing
(B) Azure App Service
(C) Containers
(D) Virtual Machine

Question 9. Which of the following primary types of data in

Azure Storage the data are organised by tags or keys and pro-
vide a hierarchy for the data?
(A) Structured data
(B) Semi-structured data
(C) Unstructured data
(D) Organised data

Question 10. Recently you noticed a huge spike in user volume

due to an ad campaign. Your app uses Azure data storage,
what feature of pay-as-you-go storage will be most beneficial
in order to meet the unexpected new user demand?
(A) The ability to replicate data for safety and high availabili-
ty
(B) The ability to meet compliance requirements for data
storage
(C) The ability to provision and deploy new infrastructure
quickly
(D) The ability to predict the service costs in advance

145
Question 11. Which of the following feature can help your
business achieve comprehensive business continuity on Azure
and reduces the likelihood of interruptions due to events such
as natural disasters or power outages?
(A) Geography pairs
(B) Zone pairs
(C) Region pairs
(D) It's not possible to achieve comprehensive business
continuity on Azure

Question 12. To what level of physical granularity can you de-

ploy an app?
(A) Geography
(B) Datacenter
(C) Region
(D) Server rack

Question 13. Application availability refers to what?

146
Question 14. Which of the following option is a load balancer
that includes a Web Application Firewall (WAF) that provides
protection from common, known vulnerabilities in websites?
(A) Azure Firewall
(B) Azure Application Gateway
(C) Network virtual appliances (NVAs)
(D) Azure Application Gateway and Network virtual appli-
ances (NVAs)

Question 15. There has been an attack on your public-facing

Question 16. Cloud security is a shared responsibility between

you and your cloud provider. Which category of cloud services
requires the greatest security effort on your part?
(A) Infrastructure as a Service (IaaS)
(B) Platform as a Service (PaaS)
(C) Software as a Service (SaaS)
(D) Database-as-a-Service (DBaaS)
147
Question 17. Azure Advanced Threat _________________ is a
cloud-based security solution that identifies, detects, and helps
you investigate advanced threats, compromised identities, and
malicious insider actions directed at your organization.
(A) Mitigation
(B) Protection
(C) Detection
(D) Response

Question 18. Which of the following are important factors to

148
Question 19. Which of the following statements are not true
about Role-Based Access Control (RBAC)? (Choose all that ap-
ply)
(A) RBAC doesn't allow one user to manage VMs in a sub-
scription, and another user to manage virtual networks
(B) RBAC allows an application to access all resources in a
resource group
(C) RBAC allows a user to manage all resources in a re-
source group, such as VMs, websites, and virtual subnets
(D) RBAC doesn't allow a database administrator (DBA)
group to manage SQL databases in a subscription

Question 20. Which of the following tool helps you to predict

149
THE END

150
Enrich your online experience with Exams-
digest.
Your purchase of this product includes free access to all 100+
practice questions online and much more at examsdigest.com.
You will have access for one (1) month. You may also access
our full library of Practice exams and share with other learners.
Send us an email to [email protected] now and start your
online practice experience!

Examsdigest includes:
✓ Access to 1000+ Questions
✓ Access to 150+ Quizzes
✓ 6+ Certification Paths
✓ 24/7 Support
✓ Interactive Interview Questions
✓ Access on the go

About examsdigest.
Examsdigest started in 2019 and haven’t stopped smashing it
since. Examsdigest is a global, education tech-oriented com-
pany that doesn’t sleep. Their mission is to be a part of your life
transformation by providing you the necessary training to hit
your career goals.

151

AZ-900 Azure Fundamentals Practice Tests
83% (6)
AZ-900 Azure Fundamentals Practice Tests
314 pages
AZ-900 - Azure Fundamentals Exam Preparation - Taygan
100% (4)
AZ-900 - Azure Fundamentals Exam Preparation - Taygan
15 pages
AZ-900 Exam - All You Need To Know
No ratings yet
AZ-900 Exam - All You Need To Know
9 pages
Latest Microsoft AZ-900 Dumps Questions
80% (5)
Latest Microsoft AZ-900 Dumps Questions
13 pages
Microsoft Azure AZ-900 Exam Dumps With P PDF
0% (1)
Microsoft Azure AZ-900 Exam Dumps With P PDF
3 pages
Microsoft AZ 900
No ratings yet
Microsoft AZ 900
265 pages
Microsoft - Azure 900 Premium
100% (6)
Microsoft - Azure 900 Premium
177 pages
Cloud Solutions for IT Professionals
100% (6)
Cloud Solutions for IT Professionals
453 pages
AZ-900 Cheatsheet
100% (13)
AZ-900 Cheatsheet
22 pages
Az 900
82% (17)
Az 900
318 pages
Microsoft EXAM CRAM AZ-900 Azure Fundamentals
100% (2)
Microsoft EXAM CRAM AZ-900 Azure Fundamentals
203 pages
Az 900
100% (1)
Az 900
16 pages
Microsoft Azure Cloud Concepts Overview
100% (6)
Microsoft Azure Cloud Concepts Overview
53 pages
AZ-900 Microsoft Azure Exam Overview
100% (3)
AZ-900 Microsoft Azure Exam Overview
150 pages
AZ 900T00A ENU TrainerHandbook PDF
82% (11)
AZ 900T00A ENU TrainerHandbook PDF
158 pages
AZ-900 Exam Prep: Key Insights & Tips
80% (5)
AZ-900 Exam Prep: Key Insights & Tips
80 pages
Free AZ-900 Exam Questions Guide
No ratings yet
Free AZ-900 Exam Questions Guide
173 pages
AZ 900 Exam Dumps NEW Reviewed 26june
No ratings yet
AZ 900 Exam Dumps NEW Reviewed 26june
45 pages
Azure Fundamentals Overview and Benefits
67% (3)
Azure Fundamentals Overview and Benefits
35 pages
Az 900 1
100% (2)
Az 900 1
342 pages
Azure AZ 900
100% (1)
Azure AZ 900
163 pages
AZ-900 Exam - Free Actual Q&as, Page 1 - ExamTopics
100% (2)
AZ-900 Exam - Free Actual Q&as, Page 1 - ExamTopics
184 pages
AZ-900 Microsoft Azure Exam Guide
No ratings yet
AZ-900 Microsoft Azure Exam Guide
186 pages
Microsoft Azure Fundamentals AZ-900 Exam
100% (3)
Microsoft Azure Fundamentals AZ-900 Exam
7 pages
Microsoft Azure Fundamentals Exam Ref AZ-900
100% (7)
Microsoft Azure Fundamentals Exam Ref AZ-900
152 pages
Azure Cloud Services Migration Quiz
100% (3)
Azure Cloud Services Migration Quiz
58 pages
AZ 900.prepaway - Premium.exam.230q
100% (1)
AZ 900.prepaway - Premium.exam.230q
185 pages
Sharp J. Exam Ref AI-900 Microsoft Azure AI Fundamentals 2022 PDF
100% (5)
Sharp J. Exam Ref AI-900 Microsoft Azure AI Fundamentals 2022 PDF
366 pages
AZ-900 Exam Cram FULL-2024 - HANDOUT
100% (1)
AZ-900 Exam Cram FULL-2024 - HANDOUT
307 pages
AZ 104 Microsoft Azure Administrator
100% (10)
AZ 104 Microsoft Azure Administrator
431 pages
AZ-900 Exam Questions and Answers Guide
100% (2)
AZ-900 Exam Questions and Answers Guide
82 pages
AZ 900 Questions - Part1to13
100% (1)
AZ 900 Questions - Part1to13
70 pages
Az 900
No ratings yet
Az 900
16 pages
Microsoft Azure Fundamentals Exam Guide
No ratings yet
Microsoft Azure Fundamentals Exam Guide
182 pages
Az-104 Slides PDF
100% (7)
Az-104 Slides PDF
383 pages
Microsoft Azure Fundamentals: Microsoft AZ-900 Dumps Available Here at
No ratings yet
Microsoft Azure Fundamentals: Microsoft AZ-900 Dumps Available Here at
9 pages
Az 900
No ratings yet
Az 900
159 pages
AZ900-With Comments
No ratings yet
AZ900-With Comments
442 pages
AZ 900T01 A Microsoft Azure Fundamentals
100% (2)
AZ 900T01 A Microsoft Azure Fundamentals
203 pages
Microsoft - Premium.az 900.by .VCEplus.48q
100% (4)
Microsoft - Premium.az 900.by .VCEplus.48q
32 pages
AZ 900 Examcollection 185q
100% (2)
AZ 900 Examcollection 185q
160 pages
Azure Cloud Service Models Explained
100% (2)
Azure Cloud Service Models Explained
25 pages
AZ 900 Cheatsheet
100% (1)
AZ 900 Cheatsheet
75 pages
AZ 305 Designing Microsoft Azure Infrastructure Solutions
100% (10)
AZ 305 Designing Microsoft Azure Infrastructure Solutions
278 pages
AZ-900 Practice Questions
33% (3)
AZ-900 Practice Questions
11 pages
Introduction to Microsoft Azure
No ratings yet
Introduction to Microsoft Azure
45 pages
AZ-900 Slides - 5th May
100% (2)
AZ-900 Slides - 5th May
285 pages
Az 900
No ratings yet
Az 900
15 pages
AZ-900 - Practice Test 6
No ratings yet
AZ-900 - Practice Test 6
58 pages
Azure Fundaments - MyNotes
100% (6)
Azure Fundaments - MyNotes
32 pages
Azure Fundamentals for Beginners
100% (2)
Azure Fundamentals for Beginners
642 pages
Az 900
67% (3)
Az 900
180 pages
Nityte: AZ-900 Microsoft Azure Fundamentals 188Q
No ratings yet
Nityte: AZ-900 Microsoft Azure Fundamentals 188Q
158 pages
AZ 900 Dumps
43% (7)
AZ 900 Dumps
11 pages
AZ-900 Study Guide
No ratings yet
AZ-900 Study Guide
3 pages
AZ-900 Microsoft Azure Exam Study Guide
No ratings yet
AZ-900 Microsoft Azure Exam Study Guide
8 pages
AZ-900 Exam Prep Guide: Azure Fundamentals
No ratings yet
AZ-900 Exam Prep Guide: Azure Fundamentals
8 pages
Study Guide For Exam AZ-900 - Microsoft Azure Fundamentals - Microsoft Learn
No ratings yet
Study Guide For Exam AZ-900 - Microsoft Azure Fundamentals - Microsoft Learn
12 pages
Microsoft AZ-900 Exam
No ratings yet
Microsoft AZ-900 Exam
6 pages
WWW - Testpreptraining.ai-Az-900 Microsoft Azure Fundamentals Tutorials
No ratings yet
WWW - Testpreptraining.ai-Az-900 Microsoft Azure Fundamentals Tutorials
10 pages
Experiment 6,7
No ratings yet
Experiment 6,7
14 pages
Project Management Methodology
No ratings yet
Project Management Methodology
20 pages
Load Balancing
No ratings yet
Load Balancing
23 pages
Cobol WOW
No ratings yet
Cobol WOW
350 pages
1075 Week 8
No ratings yet
1075 Week 8
4 pages
United Republic of Tanzania Business Registrations and Licensing Agency Application For Registration of Business Name
No ratings yet
United Republic of Tanzania Business Registrations and Licensing Agency Application For Registration of Business Name
2 pages
Salesforce Salesforce Associate
0% (1)
Salesforce Salesforce Associate
6 pages
11) Create A Binary Search Tree and Perform The Following Operations On It
No ratings yet
11) Create A Binary Search Tree and Perform The Following Operations On It
9 pages
Agent Initialization Delay Fix
No ratings yet
Agent Initialization Delay Fix
7 pages
Commvault Professional - Overview
No ratings yet
Commvault Professional - Overview
3 pages
Migrating A Maintenance Plan From One SQL Server To Another
No ratings yet
Migrating A Maintenance Plan From One SQL Server To Another
5 pages
CA4 KQSProg Guide Rev G
No ratings yet
CA4 KQSProg Guide Rev G
29 pages
Query Processing Overview
No ratings yet
Query Processing Overview
4 pages
Permanent SW Change
No ratings yet
Permanent SW Change
15 pages
CNC Router 3D Picture Setup Guide
No ratings yet
CNC Router 3D Picture Setup Guide
3 pages
Lect01-Annotated DB
No ratings yet
Lect01-Annotated DB
31 pages
Hosts
No ratings yet
Hosts
888 pages
Css q2 Week6 g12
No ratings yet
Css q2 Week6 g12
4 pages
Handling JSON
No ratings yet
Handling JSON
4 pages
Ai Project Report
No ratings yet
Ai Project Report
14 pages
AWS Cheat Sheet for Certification
83% (6)
AWS Cheat Sheet for Certification
30 pages
Module 6 It Culture and Society
No ratings yet
Module 6 It Culture and Society
6 pages
Admin Guide Fresh Product Forecasting AddOn 1.2 FBS
No ratings yet
Admin Guide Fresh Product Forecasting AddOn 1.2 FBS
44 pages
Literature Review Library Management System
100% (1)
Literature Review Library Management System
6 pages
Practical Report Merged+
No ratings yet
Practical Report Merged+
25 pages
3271S1TKCE40312018 - Praktikum Komputer - Pertemuan 5 - Materi Tambahan
No ratings yet
3271S1TKCE40312018 - Praktikum Komputer - Pertemuan 5 - Materi Tambahan
6 pages
MIDTERM EXAMINATION Mid Term 9
No ratings yet
MIDTERM EXAMINATION Mid Term 9
6 pages
Questions and Answers-1
No ratings yet
Questions and Answers-1
6 pages
Natural Language Coding with LLM
No ratings yet
Natural Language Coding with LLM
12 pages
Negative Effects of Online Games on Students
No ratings yet
Negative Effects of Online Games on Students
32 pages