Practice Assessment for Exam AZ-900: Microsoft Azure Fundamentals (Original)

Which two factors affect Azure costs? Each correct answer presents a complete solution.

resource location, resource usage

Usage meters, such as CPU time, disk size, and write operations, are used to calculate your bill for an Azure resource. Deleting or deallocating a resource means that you will no longer be billed for it. Different regions can have different associated prices. Resources cost the same no matter the time of day or the day of the week.

You need to compare the costs of running an application in an on-premises datacenter with the costs of running the application in Azure.

What should you use to assist you?

Total Cost of Ownership (TCO) Calculator

The TCO Calculator helps you estimate the cost savings over time of operating a solution in Azure compared to operating in an on-premises datacenter.

You have an Azure virtual machine that is accessed only between 9:00 and 17:00 each day.

What should you do to minimize costs but preserve the associated hard disks and data?

Deallocate the virtual machine when it is not needed

If you have virtual machine workloads that are used only during certain periods, but you run them every hour of every day, then you are wasting money. These virtual machines are great candidates to deallocate when not in use and start back when required to save compute costs while the virtual machines are deallocated.

What can be applied to a resource to prevent accidental deletion?

a resource lock

A resource lock prevents resources from being accidentally deleted or changed. Resource tags offer the custom grouping of resources. Policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards. An initiative is a way of grouping related policies together.

You need to ensure that multi-factor authentication (MFA) is enabled on accounts with write permissions in an Azure subscription.

What should you implement?

Azure Policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources.

What can you use to restrict the deployment of a virtual machine to a specific location?

Azure Policy

Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of virtual machines to a specific location.

What can you use to ensure that a development team can only create virtual machines of a certain size?

Azure Policy

Azure Policy enables you to define both individual policies and groups of related policies called initiatives. Azure Policy evaluates your resources and highlights resources that are not compliant with the policies you created. Azure Policy can also prevent noncompliant resources from being created.

Which two actions can be performed by using Azure portal? Each correct answer presents a complete solution.

Create new resources, Create Microsoft Entra user

The Azure portal provides a GUI to view all the services you are using, create new services, configure your services, and view reports.

What can you use to create resources in Azure and includes a validation step to ensure all resources are created in a specific order based on dependencies, in parallel and idempotent?

Azure Resource Manager (ARM) templates

ARM templates define an application's infrastructure requirements for a repeatable deployment that is done in a consistent manner. A validation step ensures that all resources can be created in the proper order based on dependencies, in parallel and idempotent.

Which two tools can you use to create a new Azure virtual machine from a mobile device that runs Android?

PowerShell in Azure Cloud Shell, the Azure portal

The Azure portal can run on devices that have the Android operating system installed. The browser can be any type, such as Internet Explorer 11, Chrome, Firefox, or Safari (all the latest versions). When you visit the portal, you will see Cloud Shell. Users can then access Bash and PowerShell from within Cloud Shell. You can use Bash and PowerShell to create Azure virtual machines.

What provides recommendations to reduce the cost of Azure resources?

Azure Advisor

Azure Advisor analyzes the account usage and makes recommendations based on its set and configured rules.

Which Azure service evaluates Azure resources and makes recommendations to help improve reliability, security, performance, and cost reduction?

Azure Advisor

Azure Advisor evaluates Azure resources and makes recommendations to help improve reliability, security, and performance, achieve operational excellence, and reduce costs.

You plan to build a new solution in Azure that will use platform as a service (PaaS) products.

What should you use to estimate the monthly costs?

Azure Pricing calculator

The Azure Pricing calculator allows you to estimate and configure according to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.

What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?

Azure Policy

Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.

What can you apply to an Azure virtual machine to ensure that users cannot change or delete the resource?

a lock

Incorrect: A user-assigned managed identity –– Adding an identity will not add the ability to change or delete the resource.

Correct: A lock –– A resource lock will meet both requirements.

Incorrect: A tag –– A tag will not meet the requirements.

Incorrect: Conditional Access –– Conditional Access will not meet the requirements.

Which management layer accepts requests from any Azure tool or API and enables you to create, update, and delete resources in an Azure account?

Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure account.

Which two tools are accessible via Azure Cloud Shell to manage an Azure environment?

Azure CLI, Azure PowerShell

Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API. Azure Cloud Shell also supports Azure PowerShell as an executable program.

What should you use to access Azure Cloud Shell?

a web browser

Cloud Shell is an interactive, browser-accessible shell for managing Azure resources.

What can you use to manage servers across third party cloud platforms and on-premises environments?

Azure Arc

Azure Arc simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.

You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration.

What should you recommend?

Azure CLI

Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.

You need to review the root cause analysis (RCA) report for a service outage that occurred last week.

Where should you look for the report?

Azure Service Health

After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.

What should you proactively review and act on to avoid service interruptions, such as service retirements and breaking changes?

health advisories

Health advisories are issues that require that you take proactive action to avoid service interruptions, such as service retirements and breaking changes. Service issues are problems such as outages that require immediate actions.

What can you use to get notification about an outage in a specific Azure region?

Azure Service Health

Service Health notifies you of Azure-related service issues, such as region-wide downtime.

Select the answer that correctly completes the sentence.

[Answer choice] is the logical container used to combine and organize Azure resources.

a resource group

Resources are combined into resource groups, which act as a logical container into which Azure resources like web apps, databases, and storage accounts, are deployed and managed.

Select the answer that correctly completes the sentence.

[Answer choice] are physically separate datacenters within an Azure region.

Availability zones

Availability zones are physically separate datacenters within an Azure region. Each availability zone is made up of one or more datacenters equipped with independent power, cooling, and networking.

Select the answer that correctly completes the sentence.

In a region pair, a region is paired with another region in the same [answer choice].

geography

Each Azure region is always paired with another region within the same geography, such as US, Europe, or Asia, at least 300 miles away.

Which two components are created in an Azure subscription? Each correct answer presents a complete solution.

resource groups, resources

What is an Azure Storage account named storage001 an example of?

a resource

A resource is a manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.

For which resource does Azure generate separate billing reports and invoices by default?

subscriptions

Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs. Resource groups can be used to group costs, but you will not receive a separate invoice for each resource group. Management groups are used to efficiently manage access, policies, and compliance for subscriptions. You can set up billing profiles to roll up subscriptions into invoice sections, but this requires customization.

Which resource can you use to manage access, policies, and compliance across multiple subscriptions?

management groups

Management groups can be used in environments that have multiple subscriptions to streamline the application of governance conditions. Resource groups can be used to organize Azure resources. Administrative units are used to delegate the administration of Microsoft Entra resources, such as users and groups. Accounts are used to provide access to resources

Select the answer that correctly completes the sentence.

[Answer choice] is the deployment and management service for Azure.

Azure Resource Manager (ARM)

ARM is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in an Azure subscription. You use management features, such as access control, resource locks, and resource tags, to secure and organize resources after deployment.

Which Azure compute service can you use to deploy and manage a set of identical virtual machines?

Azure Virtual Machine Scale Sets

Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.

What can you use to execute code in a serverless environment?

Azure Functions

Azure Functions allows you to run code as a service without having to manage the underlying platform or infrastructure. Azure Logic Apps is similar to Azure Functions, but uses predefined workflows instead of developing your own code.

You need to allow resources on two different Azure virtual networks to communicate with each other.

What should you configure?

peering

You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.

What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?

service endpoints

Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and virtual machines. Peering allows you to connect virtual networks together.

Which two scenarios are common use cases for Azure Blob storage? Each correct answer presents a complete solution.

serving images or documents directly to a browser, storing data for backup and restore

Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure virtual machines. Azure Files supports mounting file storage shares.

Which Azure Storage service should you use to store unstructured files, such as images, that will be served on webpages?

Azure Blob storage

Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.

What is the purpose of defense in depth?

to use several layers of protection to prevent information from being accessed by unauthorized users

The objective of defense in depth is to use several layers of protection to prevent information from being accessed or stolen by unauthorized users.

What enables a user to sign in one time and use that credential to access multiple resources and applications from different providers?

single sign-on (SSO)

SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Conditional Access is a tool that Microsoft Entra uses to allow or deny access to resources based on identity signals. Microsoft Entra supports the registration of devices.

What Microsoft Entra feature can you use to configure security authentication that requires users to use their mobile phone to sign in?

multi-factor authentication (MFA)

MFA is the concept of requiring something more than only a password to sign in to an application. You can use the mobile phone to receive a phone call, text, or a code to get authenticated.

Which two services are provided by Microsoft Entra? Each correct answer presents a complete solution.

authentication, single sign-on (SSO)

Azure ADMicrosoft Entra provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD.

Which Microsoft Entra feature can you use to ensure that users can only access Microsoft Office 365 applications from approved client applications?

Conditional Access

Conditional Access allows administrators to control, allow, or deny access to resources based on certain signals. You can require that access to certain applications only be allowed if the users are using an approved client application. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Examples include a code on their mobile phone or a fingerprint scan.

What can you use to sync identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra tenant?

Microsoft Entra Connect

Microsoft Entra Connect syncs user identities from an on-premises Active Directory Domain Services (AD DS) domain to Microsoft Entra. Microsoft Entra Connect  allows you to use features such as single sign-on (SSO), MFA, and self-service password reset (SSPR) in both systems. SSPR prevents users from using known compromised passwords.

What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location?

Conditional Access

Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.

Which are two common scenarios for using resource tags? Each correct answer presents a complete solution.

associating costs with different environments, categorizing costs by department

You can use tags to categorize costs by department, such as human resources, marketing, or finance, or by environment, such as test or production. Resizing underutilized virtual machines is a good cost saving measure and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.

You need to associate the costs of resources to different groups within an organization without changing the location of the resources.

What should you use?

resource tags

Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for virtual machines running in a production environment.

Which feature in the Microsoft Purview governance portal should you use to manage access to data sources and datasets?

Data Policy

Incorrect: Data Catalog –– This enables data discovery.

Incorrect: Data Sharing –– This shares data within and between organizations.

Incorrect: Data Estate Insights –– This accesses data estate health.

Correct: Data Policy –– This governs access to data.

What can you use to automatically detect performance anomalies for web apps?

Azure Application Insights

Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.

Which Azure service can generate an alert if virtual machine utilization is over 80% for five minutes?

Azure Monitor

Azure Monitor is a platform for collecting, analyzing, visualizing, and alerting based on metrics. Azure Monitor can log data from an entire Azure and on-premises environment.

What are two basic services provided by all cloud providers? Each correct answer presents a complete solution.

compute, storage

All cloud providers provide compute and storage services. Colocation is when a business rents space in a shared physical datacenter. Application development is the responsibility of the customer and is typically done either in-house or through a third party.

What are two characteristics of the public cloud deployment model? Each correct answer presents a complete solution.

Servers and storage are owned and operated by a third-party cloud service provider

Services are offered over the internet and are available to anyone who wants to purchase them.

In a public cloud, services are offered over the internet and are available to anyone who wants to purchase them. A private cloud is limited to a single organization. Cloud resources, such as servers and storage, are owned and operated by a third-party cloud service provider and delivered over the internet. A private cloud consists of computing resources used exclusively by users from one business or organization.

What is an advantage of cloud computing compared to on-premises deployments?

You can scale more quickly.

Cloud computing allows you to scale more quickly. Owning your own CPUs and having full access in the event of an internet outage are not features of cloud computing. Working from multiple workstations is not specific to cloud computing compared to an on-premises deployment.

Select the answer that correctly completes the sentence.

[Answer choice] refers to upfront costs incurred one time, such as hardware purchases.

Capital expenditures

Capital expenditures are one-time expenses that can be deducted over time. Operational expenditures are billed as you use services and a do not have upfront costs.

Select the answer that correctly completes the sentence.

Increasing compute capacity for an app by adding RAM or CPUs to a virtual machine is called [answer choice].

vertical scaling

You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Select the answer that correctly completes the sentence.

Increasing compute capacity for an app by adding instances of resources such as virtual machines is called [answer choice].

horizontal scaling

Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically by adding RAM or CPUs to a virtual machine. Disaster recovery keeps data and other assets safe in the event of a disaster. High availability minimizes downtime when things go wrong.

Select the answer that correctly completes the sentence.

In cloud computing, [answer choice] allows you to deploy applications to regional datacenters around the world.

geo-location

You can deploy apps and data to regional datacenters around the globe, thereby ensuring that your customers always have the best performance in their region. This is referred to as geo-distribution.

Select the answer that correctly completes the sentence.

Increasing the capacity of an application by adding additional virtual machine is called [answer choice].

horizontal scaling

Scaling horizontally increases compute capacity by adding instances of resources, such as adding virtual machines to the configuration. You scale vertically to increase compute capacity by adding RAM or CPUs to a virtual machine. Agility refers to the ability to deploy new applications and services quickly. High availability minimizes downtime when things go wrong.

In which two deployment models are customers responsible for managing operating systems that host applications? Each correct answer presents a complete solution.

infrastructure as a service (IaaS), on-premises

Operating systems are managed by customers when using IaaS or an on-premises deployments. The operating systems are not accessible in PaaS and SaaS deployments.

Which type of cloud service model is typically licensed through a monthly or annual subscription?

software as a service (SaaS)

SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.

In which cloud service model is the customer responsible for managing the operating system?

Infrastructure as a service (IaaS)

IaaS consists of virtual machines and networking provided by the cloud provider. The customer is responsible for the OS and applications. The cloud provider is responsible for the OS in PaaS and SaaS.

What is the customer responsible for in a software as a service (SaaS) model?

data and access

SaaS allows you to pay to use an existing application on hardware managed by a third party. You supply data and configure access. Customers are only responsible for storage in a private cloud. Customers are responsible for virtual machines and runtime in IaaS and the private cloud.

Your organization is building a custom application.

You need to focus on application development rather than configuration and management of servers.

Which cloud service model should you use?

platform as a service (PaaS)

With PaaS, users can focus on application development because the cloud provider handles all the platform management. In SaaS, the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage, and applications. IaaS is the closest service model to managing physical servers.

What uses the infrastructure as a service (IaaS) cloud service model?

Azure virtual machines

Azure Virtual Machines is an IaaS offering. The customer is responsible for the configuration of the virtual machine as well as all operating system configurations. Azure App Services and Azure Cosmos DB are PaaS offerings. Microsoft Office 365 is a SaaS offering.