Topic 1, Exam Pool A
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct.
When you are implementing a software as a service (SaaS) solution, you are responsible for configuring high availability.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . defining scalability rules
- C . installing the SaaS solution
- D . configuring the SaaS solution
You have an on-premises network that contains several servers.
You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers are available if a single Azure data center goes offline for an extended period.
What should you include in the recommendation?
- A . fault tolerance
- B . elasticity
- C . scalability
- D . low latency
A
Explanation:
Fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components.
In this question, you could have servers that are replicated across datacenters.
Availability zones expand the level of control you have to maintain the availability of the applications and data on your VMs. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your solutions to use replicated VMs in zones, you can protect your applications and data from the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly available in another zone.
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
This question requires that you evaluate the underlined text to determine if it is correct.
An organization that hosts its infrastructure in a private cloud can decommission its data center.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . in a hybrid cloud
- C . in the public cloud
- D . on a Hyper-V host
C
Explanation:
A private cloud is hosted in your datacenter. Therefore, you cannot close your datacenter if you are using a private cloud.
A public cloud is hosted externally, for example, in Microsoft Azure. An organization that hosts its infrastructure in a public cloud can close its data center.
Public cloud is the most common deployment model. In this case, you have no local hardware to manage or keep up-to-date everything runs on your cloud provider’s hardware.
Microsoft Azure is an example of a public cloud provider.
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization.
This offers a simulation of a public cloud to your users, but you remain completely responsible for the purchase and maintenance of the hardware and software services you provide.
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-cloud-deployment-models
What are two characteristics of the public cloud? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . dedicated hardware
- B . unsecured connections
- C . limited storage
- D . metered pricing
- E . self-service management
D, E
Explanation:
With the public cloud, you get pay-as-you-go pricing C you pay only for what you use, no CapEx costs. With the public cloud, you have self-service management. You are responsible for the deployment and configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the cloud resources is managed by the cloud provider.
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-cloud-deployment-models
This question requires that you evaluate the underlined text to determine if it is correct.
When planning to migrate a public website to Azure, you must plan to pay monthly usage costs.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Deploy a VPN
- C . pay to transfer all the website data to Azure
- D . reduce the number of connections to the website
A
Explanation:
In Azure you only pay for outbound traffic which is charged in GB as you are entitled to 5GB in a month but afterwards you pay for data being transferred out. However, with inbound data traffic into your environment, this is free.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Section: Understand Core Azure Services
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Section: Understand Core Azure Services
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
Section: Understand Core Azure Services
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
- A . one network security group (ASG)
- B . 10 virtual network gateways
- C . 10 Azure ExpressRoute circuits
- D . one Azure firewall
D
Explanation:
Section: Understand Core Azure Services
HOTSPOT
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.
Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.
Explanation:
Section: Understand Core Azure Services
DRAG DROP
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
Explanation:
Section: Understand Core Azure Services
You plan to map a network drive from several computers that run Windows 10 to Azure Storage. You need to create a storage solution in Azure for the planned mapped drive.
What should you create?
- A . an Azure SQL database
- B . a virtual machine data disk
- C . a Files service in a storage account
- D . a Blobs service in a storage account
C
Explanation:
Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on. Instead, you must access your Azure file share with the storage account key for the storage account containing your Azure file share. A storage account key is an administrator key for a storage account, including administrator permissions to all files and folders within the file share you’re accessing, and for all file shares and other storage resources (blobs, queues, tables, etc) contained within your storage account.
Reference: https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
HOTSPOT
You plan to implement an Azure database solution.
You need to implement a database solution that meets the following requirements:
✑ Can add data concurrently from multiple regions
✑ Can store JSON documents
Which database service should you deploy? To answer, select the appropriate service in the answer area.
Explanation:
Section: Understand Core Azure Services
Reference: https://docs.microsoft.com/en-us/azure/azure-functions/functions-integrate-store-unstructured-data-cosmosdb?tabs=csharp
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.
What should the company use to build, test, and deploy predictive analytics solutions?
- A . Azure Logic Apps
- B . Azure Machine Learning designer
- C . Azure Batch
- D . Azure Cosmos DB
B
Explanation:
Section: Understand Core Azure Services
HOTSPOT
Several support engineers plan to manage Azure by using the computers shown in the following table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
Reference: https://buildazure.com/2016/08/18/powershell-now-open-source-and-cross-platform-linux-macos-windows/
HOTSPOT
Several support engineers plan to manage Azure by using the computers shown in the following table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
Reference: https://buildazure.com/2016/08/18/powershell-now-open-source-and-cross-platform-linux-macos-windows/
This question requires that you evaluate the Bold text to determine if it is correct.
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Resource groups provide
- C . Azure Resource Manager provides
- D . Management groups provide
C
Explanation:
Section: Understand Core Azure Services
DRAG DROP
Match the Azure service to the correct description.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Core Azure Services
Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business units
require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
- A . Azure Resource Manager templates
- B . virtual machine scale sets
- C . the Azure API Management service
- D . management groups
A
Explanation:
You can use Azure Resource Manager templates to automate the creation of the Azure resources.
Deploying resource through templates is known as ‘Infrastructure as code’.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
DRAG DROP
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.
Explanation:
Box 1:
Azure Functions provides the platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.
Box 2:
Azure Databricks is a big analysis service for machine learning.
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components including ‘MLib’. Mlib is a Machine Learning library consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.
Box 3:
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM) service for developers and DevOps professionals. Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful analytics tools to help you diagnose issues and to understand what users actually do with your app.
Box 4:
Azure App Service hosts web apps.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-spark-based-analytics-platform
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://docs.microsoft.com/en-us/azure/app-service/overview
HOTSPOT
You plan to deploy a critical line-of-business application to Azure.
The application will run on an Azure virtual machine.
You need to recommend a deployment solution for the application. The solution must provide a guaranteed availability of 99.99 percent.
What is the minimum number of virtual machines and the minimum number of availability zones you should recommend for the deployment? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
You need a minimum of two virtual machines with each one located in a different availability zone.
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers industry best 99.99% VM uptime SLA.
Reference: https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Which Azure service should you use to correlate events from multiple resources into a centralized repository?
- A . Azure Event Hubs
- B . Azure Analysis Services
- C . Azure Monitor
- D . Azure Log Analytics
A
Explanation:
Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive and process millions of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics provider or batching/storage adapters.
Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to get actionable insights. Event Hubs uses a partitioned consumer model, enabling multiple applications to process the stream concurrently and letting you control the speed of processing.
Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or Azure Data Lake Storage for long-term retention or micro-batch processing.
Reference: https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify a DDoS protection plan.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure firewall.
Does this meet the goal?
- A . Yes
- B . No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure Traffic Manager profile.
Does this meet the goal?
- A . Yes
- B . No
Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . a Canadian government contractor
- B . a European government contractor
- C . a United States government entity
- D . a United States government contractor
- E . a European government entity
CD
Explanation:
Reference: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/2-what-is-azure-government
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password.
Which Azure service should you use?
- A . Azure AD Connect Health
- B . Azure AD Privileged Identity Management
- C . Azure Advanced Threat Protection (ATP)
- D . Azure AD Identity Protection
D
Explanation:
Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy. A sign-in risk represents the probability that a given authentication request isn’t authorized by the identity owner.
There are several types of risk detection. One of them is Anonymous IP Address. This risk detection type indicates sign-ins from an anonymous IP address (for example, Tor browser or anonymous VPN). These IP addresses are typically used by actors who want to hide their login telemetry (IP address, location, device, etc.) for potentially malicious intent.
You can configure the sign-in risk policy to require that users change their password.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
DRAG DROP
Match the term to the correct definition.
Instructions: To answer, drag the appropriate term from the column on the left to its description on the right. Each term may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
- A . network security groups (NSGs)
- B . Azure Service Bus
- C . a local network gateway
- D . a route filter
A
Explanation:
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
To what should an application connect to retrieve security tokens?
- A . an Azure Storage account
- B . Azure Active Directory (Azure AD)
- C . a certificate store
- D . an Azure key vault
This question requires that you evaluate the underlined text to determine if it is correct.
Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . Management groups
- C . Azure policies
- D . Azure App Service plans
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
What should you recommend?
- A . Implement Azure Multi-Factor Authentication (MFA)
- B . Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
- C . Instruct all users to change their password
- D . Create a guest user account in Azure Active Directory (Azure AD) for each user
B
Explanation:
To migrate to Azure and decommission the on-premises data center, you would need to create the 5,000 user accounts in Azure Active Directory. The easy way to do this is to sync all the Active Directory user accounts to Azure Active Directory (Azure AD). You can even sync their passwords to further minimize the impact on users.
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the operations that are related to synchronize identity data between your on-premises environment and Azure AD.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
HOTSPOT
You create a resource group named RG1 in Azure Resource Manager.
You need to prevent the deletion of the resources in RG1.
Which setting should you use? To answer, select the appropriate setting in the answer area.
Explanation:
You can configure a lock on a resource group to prevent the accidental deletion.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly.
In the portal, the locks are called Delete and Read-only respectively.
✑ CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.
✑ ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Basic support plan.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
The Basic support plan does not have any technical support for engineers.
Access to Support Engineers via email or phone is available in the following support plans: Premier, Professional Direct and standard.
Reference: https://azure.microsoft.com/en-gb/support/plans/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Standard support plan.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
Reference: https://azure.microsoft.com/en-gb/support/plans/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase Azure.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email. You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Premier support plan.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
Reference: https://azure.microsoft.com/en-gb/support/plans/
Your company plans to request an architectural review of an Azure environment from Microsoft.
The company currently has a Basic support plan.
You need to recommend a new support plan for the company. The solution must minimize costs.
Which support plan should you recommend?
- A . Premier
- B . Developer
- C . Professional Direct
- D . Standard
A
Explanation:
The Premier support plan provides customer specific architectural support such as design reviews, performance tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists.
Reference: https://azure.microsoft.com/en-gb/support/plans/
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Azure Pricing and Support
What is required to use Azure Cost Management?
- A . a Dev/Test subscription
- B . Software Assurance
- C . an Enterprise Agreement (EA)
- D . a pay-as-you-go subscription
C
Explanation:
Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), or Microsoft Partner Agreement (MPA) can use Azure Cost Management.
Cost management is the process of effectively planning and controlling costs involved in your business. Cost management tasks are normally performed by finance, management, and app teams. Azure Cost Management + Billing helps organizations plan with cost in mind. It also helps to analyze costs effectively and take action to optimize cloud spending.
Reference: https://docs.microsoft.com/en-gb/azure/cost-management/overview-cost-mgt
This question requires that you evaluate the underlined text to determine if it is correct.
Your Azure trial account expired last week. You are now unable to create additional Azure Active Directory (Azure AD) user accounts.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . start an existing Azure virtual machine
- C . access your data stored in Azure
- D . access the Azure portal
B
Explanation:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are unable to start a VM after a trial has expired.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Azure Pricing and Support
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Azure Pricing and Support
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Section: Understand Azure Pricing and Support
This question requires that you evaluate the underlined text to determine if it is correct.
You have several virtual machines in an Azure subscription. You create a new subscription. The virtual machines cannot be moved to the new subscription.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . The virtual machines can be moved to the new subscription
- C . The virtual machines can be moved to the new subscription only if they are all in the same resource group
- D . The virtual machines can be moved to the new subscription only if they run Windows Server 2016.
B
Explanation:
You can move a VM and its associated resources to a different subscription by using the Azure portal.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public [P addresses
* 10 network interfaces
* You need to reduce the Azure costs for the company.
Solution: You remove the unused user accounts.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You are not charged for user accounts. Therefore, deleting unused user accounts will not reduce the Azure costs for the company.
Reference: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public !P addresses
* 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused public IP addresses.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.
Reference: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
Note: This question is part of a series of questions that present the same scenario. Each question in
the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has an Azure subscription that contains the following unused resources:
* 20 user accounts in Azure Active Directory (Azure AD)
* Five groups in Azure AD
* 10 public [P addresses
* 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused groups.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will not reduce your Azure costs.
Reference: https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-reconfiguring-idle-virtual-network-gateways
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment.
You need to create a new Azure virtual machine from an Android laptop.
Solution: You use the Azure portal.
Does this meet the goal?
- A . Yes
- B . No
A
Explanation:
The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments.
Create custom dashboards for an organized view of resources. Configure accessibility options for an optimal experience.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android operating system.
Reference: https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, white others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment.
You need to create a new Azure virtual machine from an Android laptop.
Solution: You use the PowerApps portal.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual machines. Therefore, this solution does not meet the goal.
PowerApps Portals allow organizations to create websites which can be shared with users external to their organization either anonymously or through the login provider of their choice like LinkedIn, Microsoft Account, other commercial login providers.
Reference: https://powerapps.microsoft.com/en-us/blog/introducing-powerapps-portals-powerful-low-code-websites-for-external-users/
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment.
You need to create a new Azure virtual machine from an Android laptop.
Solution: You use Bash in Azure Cloud Shell.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
Reference:
https://www.thomasmaurer.ch/2019/01/azure-cloud-shell/
https://www.pcmag.com/encyclopedia/term/66542/android-laptop
This question requires that you evaluate the underlined text to determine if it is correct.
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the undefined text If it makes the statement correct, select "No change is needed." If the statement is incorrect select the answer choice that makes the statement correct.
- A . No change is needed.
- B . Resource groups provide
- C . Azure Resource Manager provides
- D . Management groups provide
HOTSPOT
You need to manage Azure by using Azure Cloud Shell.
Which Azure portal icon should you select? To answer, select the appropriate icon in the answer area.
A team of developers at your company plans to deploy, and then remove, 50 customized virtual
machines each week. Thirty of the virtual machines run Windows Server 2016 and 20 of the virtual machines run Ubuntu Linux.
You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.
What should you recommend?
- A . Azure virtual machine scale sets
- B . Microsoft Managed Desktop
- C . Azure DevTest Labs
- D . Azure Reserved Virtual Machine (VM) Instances
C
Explanation:
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks: Quickly provision Windows and Linux environments by using reusable templates and artifacts.
Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
HOTSPOT
You have an Azure environment that contains 10 web apps.
To which URL should you connect to manage all the Azure resources? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the data disks of the virtual machine.
What should you identify? To answer, select the appropriate service in the answer area.
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . Azure SQL Database
- B . Azure Cosmos DB
- C . Azure SQL Data Warehouse
- D . Azure Database for PostgreSQL
- E . Azure Data Lake
This question requires that you evaluate the underlined text to determine if it is correct.
When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same Azure region
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . by using the same Azure Resource Manager template
- C . to the same resource group
- D . to the same availability zone
HOTSPOT
Which cloud deployment is used for Azure virtual machines and Azure SQL database? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Azure virtual machine = Infrastructure as a service (IaaS)
Azure SQL databases = Platform as a service (PaaS)
You plan to migrate several servers from an on-premises network to Azure.
You need to identify the primary benefit of using a public cloud service for the servers.
What should you identify?
- A . The public cloud is owned by the public, NOT a private corporation.
- B . All public cloud resources can be freely accessed by every member of the public.
- C . The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the cloud.
- D . The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.
D
Explanation:
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies create resources such as virtual machines and virtual networks on the hardware resources.
What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
- A . Compliance Manager from the Security Trust Portal
- B . the Advisor blade from the Azure policy
- C . the Knowledge Center website
- D . the Security Center blade from the Azure portal
D
Explanation:
The Security Center blade from the Azure portal includes the ‘regulatory compliance dashboard’.
The regulatory compliance dashboard provides insight into your compliance posture for a set of supported standards and regulations, based on continuous assessments of your Azure environment.
In the Azure Security Center regulatory compliance blade, you can get an overview of key portions of your compliance posture with respect to a set of supported standards. Currently supported standards are Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP.
In the dashboard, you will find your overall compliance score, and the number of passing versus failing assessments with each standard. You can now focus your attention on the gaps in compliance for a standard or regulation that is important to you.
Reference: https://azure.microsoft.com/en-us/blog/regulatory-compliance-dashboard-in-azure-security-center-now-available/
This question requires that you evaluate the underlined text to determine if it is correct.
Authorization is the process of verifying a user’s credentials.
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . Authentication
- C . Federation
- D . Ticketing
B
Explanation:
Authentication, not authorization is the process of verifying a user’s credentials.
The difference between authentication and authorization is:
Authentication is proving your identity, proving that you are who you say you are. The most common example of this is logging in to a system by providing credentials such as a username and password.
Authorization is what you’re allowed to do once you’ve been authenticated. For example, what resources you’re allowed to access and what you can do with those resources.
Your company plans to automate the deployment of servers to Azure.
Your manager is concerned that you may expose administrative credentials during the deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.
What should you include in the recommendation?
- A . Azure Key Vault
- B . Azure Multi-Factor Authentication (MFA)
- C . Azure Security Center
- D . Azure Information Protection
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct.
You have an Azure virtual network named VNET1 in a resource group named RG1.
You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1.
VNET1 is deleted automatically.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . is moved automatically to another resource group
- C . continues to function normally
- D . is now a read-only object
C
Explanation:
The VNet will be marked as ‘Non-compliant’ when the policy is assigned. However, it will not be deleted and will continue to function normally.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
If there are any existing resources that aren’t compliant with a new policy assignment, they appear under Non-compliant resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
https://docs.microsoft.com/en-us/azure/governance/policy/assign-policy-portal
What can Azure Information Protection encrypt?
- A . an Azure Storage account
- B . documents and email messages
- C . an Azure SQL database
- D . network traffic
B
Explanation:
Azure Information Protection can encrypt documents and emails.
Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
The protection technology uses Azure Rights Management (often abbreviated to Azure RMS). This technology is integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory.
This protection technology uses encryption, identity, and authorization policies. Similarly to the labels that are applied, protection that is applied by using Rights Management stays with the documents and emails, independently of the location―inside or outside your organization, networks, file servers, and applications.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
https://docs.microsoft.com/en-us/azure/information-protection/quickstart-label-dnf-protectedemail
This question requires that you evaluate the underlined text to determine if it is correct.
If a resource group named RG1 has a delete lock, only a member of the global administrators group can delete RG1.
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . the delete lock must be removed before an administrator
- C . an Azure policy must be modified before an administrator
- D . an Azure tag must be added before an administrator
Your company has an Azure environment that contains resources in several regions.
A company policy states-that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
What should you create?
- A . a read-only lock
- B . a reservation
- C . an Azure policy
- D . a management group
C
Explanation:
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest.
Azure Policy offers several built-in policies that are available by default. In this question, we would use the ‘Allowed Locations’ policy to define the locations where resources can be deployed.
Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview
Your company plans to move several servers to Azure.
The company’s compliance policy states that a server named FinServer must be on a separate network segment
You are evaluating which Azure services can be used to meet the compliance policy requirements.
Which Azure solution should you recommend?
- A . a resource group for FinServer and another resource group for all the other servers
- B . a virtual network for FinServer and another virtual network for all the other servers
- C . a VPN for FinServer and a virtual network gateway for each other server
- D . one resource group for all the servers and a resource lock for FinServer
B
Explanation:
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer from the other servers in networking terms is to place the server in a different virtual network to the other servers.
Reference: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
DRAG DROP
Match the Azure Cloud Services benefit to the correct description.
Instructions: To answer, drag the appropriate benefit from the column on the left to its description on the right. Each benefit may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
What is guaranteed in an Azure Service Level Agreement (SLA) for virtual machines?
- A . uptime
- B . feature availability
- C . bandwidth
- D . performance
A
Explanation:
The SLA for virtual machines guarantees ‘uptime’. The amount of uptime guaranteed depends on factors such as whether the VMs are in an availability set or availability zone if there is more than one VM, the distribution of the VMs if there is more than one or the disk type if it is a single VM.
The SLA for Virtual Machines states:
For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the same Azure region, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
For all Virtual Machines that have two or more instances deployed in the same Availability Set or in the same Dedicated Host Group, we guarantee you will have Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all Operating System Disks and Data Disks, we guarantee you will have Virtual Machine Connectivity of at least 99.9%.
Reference: https://azure.microsoft.com/en-us/support/legal/sla/summary/
https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct.
An Azure service is available to all Azure customers when it is in public preview
Instructions: Review the underlined text If it makes the statement correct, select "No change is needed." If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . private preview
- C . development
- D . an Enterprise Agreement (EA) subscription
A
Explanation:
Reference: https://www.neowin.net/news/several-more-azure-services-now-available-in-private-public-preview/
Public Preview means that the service is in public beta and can be tried out by anyone with an Azure subscription. Services in public preview are often offered at a discount price.
Public previews are excluded from SLAs and in some cases, no support is offered.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:
Each correct selection is worth one point.
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
You need to recommend an Azure deployment that provides the ability to segment Azure for the departments.
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
- A . multiple subscriptions
- B . multiple Azure Active Directory (Azure AD) directories
- C . multiple regions
- D . multiple resource groups
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct.
You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will automatically refund your bank account.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed.
- B . automatically migrate the resource to another subscription
- C . automatically credit your account
- D . send you a coupon code that you can redeem for Azure credits
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
- A . tags
- B . templates
- C . locks
- D . policies
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits.
What should you do to increase the limits?
- A . Create a service health alert
- B . Upgrade your support plan
- C . Modify an Azure policy
- D . Create a new support request
D
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-resource-limits#obtaining-a-larger-quota-for-sql-managed-instance
Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request, select ‘Service and subscription limits (quotas)’ for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select ‘SQL Database Managed Instance’ as the quote type.
Reference: https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-resource-limits#obtaining-a-larger-quota-for-sql-managed-instance
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
This question requires that you evaluate the underlined text to determine if it is correct.
After you create a virtual machine, you need to modify the network security group (NSG) to allow connections from TCP port 8080.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . virtual network gateway
- C . virtual network
- D . route table
This question requires that you evaluate the underlined text to determine if it is correct.
Azure Germany can be used by legal residents of Germany only.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . no change is needed
- B . only enterprises that are registered in Germany
- C . only enterprises that purchase their azure licenses from a partner based in Germany
- D . any user or enterprise that requires its data to reside in Germany
This question requires that you evaluate the underlined text to determine if it is correct.
If a resource group named RG1 has a delete lock, only a member of the global administrators group can delete RG1.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
- A . No change is needed
- B . the delete lock must be removed before an administrator can delete RG1.
- C . an Azure policy must be modified before an administrator can delete RG1.
- D . an Azure tag must be added before an administrator can delete RG1.
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Your company plans to migrate all on-premises data to Azure. You need to identify whether Azure complies with the company’s regional requirements.
What should you use?
- A . the Knowledge Center
- B . Azure Marketplace
- C . the Azure portal
- D . the Trust Center
HOTSPOT
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to implement several security services for an Azure environment.
You need to identify which Azure services must be used to meet the following security requirements:
✑ Monitor threats by using sensors
✑ Enforce azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? To answer, select the appropriate option in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1:
To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP).
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
Sensors are software packages you install on your servers to upload information to Azure ATP.
Box 2:
To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection.
Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to.
Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
You need to configure an Azure solution that meets the following requirements:
✑ Secures websites from attacks
✑ Generates reports that contain details of attempted attacks
What should you include in the solution?
- A . Azure Firewall
- B . a network security group (NSG)
- C . Azure Information Protection
- D . DDoS protection
D
Explanation:
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application’s availability and its ability to handle legitimate requests. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as required in this question.
Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.
Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1?
- A . Azure Service Fabric
- B . Azure Monitor
- C . Azure virtual machines
- D . Azure Advisor
HOTSPOT
You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.
You need to create an Azure resource that identifies the VPN appliance.
Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
You need to identify the type of failure for which an Azure availability zone can be used to protect access to Azure services.
What should you identify?
- A . a physical server failure
- B . an Azure region failure
- C . a storage failure
- D . an Azure data center failure