Download Microsoft Certified Azure Fundamentals Exam (AZ-900) Questions and Answers 100% Pass and more Exams Computer Science in PDF only on Docsity!
Microsoft Certified Azure Fundamentals
Exam (AZ-900) Questions and Answers
100% Pass
What are some computing services offered by a Cloud Provider? ✔✔•Compute power - e.g. Servers or web applications
•Storage - e.g. Files and Databases
•Networking - e.g. secure connections between the cloud provider and on-premises.
•Analytics - e.g. visual telemetry and performance data
Jim the systems admin at a fictitious company is an absolute control freak! From the list below, choose the most appropriate cloud solution for him:
a). Virtual Machines
b). Containers
c). Serverless compute ✔✔ANSWER: a). Virtual Machines. Because he will emulate a physical system, Jim can do whatever he likes (e.g. install software, configure updates etc.)
Give the simplest definition of a container. ✔✔A container is similar to a VM but it doesn't need a guest operating system.
What is Serverless Computing? ✔✔Serverless computing lets you run application code(e.g. functions) without creating, configuring, or maintaining a server. When compared to VMs and Containers, it is the lightest and fastest deployment method.
Rob is new to cloud computing and is confused by the terms: "Vertical Scaling" and "Horizontal" scaling. Give him a brief rundown on the differences between the two! ✔✔Vertical scaling: aka "scaling up", is the process of adding resources to increase the power of an existing server. Some examples of vertical scaling are: adding more CPUs, or adding more memory.
Horizontal scaling: aka "scaling out", is the process of adding more servers that function together as one unit. For example, you have more than one server processing incoming requests
Define: Scalability as it relates to cloud computing ✔✔You can increase or decrease the resources and services used based upon the needs of your organization.
Define: Elasticity as it relates to cloud computing ✔✔As your workload changes due to a spike or drop in demand, a cloud computing system can compensate by automatically adding or removing resources. (e.g. a web-site during Black Friday Sale)
What is the primary benefit of CapEx? ✔✔Fixed Costs and a predictable expense for your budget! Companies on a tight budget will lean here.
What is the primary benefit of OpEx? ✔✔Grows if demand is increased and shrinks accordingly. For new companies / startups this will make lots of sense.
What is Cloud agility? ✔✔Cloud agility is the ability to rapidly change an IT infrastructure to adapt to the evolving needs of the business. For e.g. if your service peaks one month, you can scale to demand and pay a larger bill for the month. If the following month the demand drops, you can reduce the used resources and be charged less. This agility lets you manage your costs dynamically, optimizing spending as requirements change.
Describe the Public Cloud ✔✔Microsoft Azure is a public cloud provider. There is no local hardware to manage or keep up-to-date - everything runs on your cloud provider's hardware. In some cases, you can save additional costs by sharing computing resources with other cloud users.
Give one example of where you would use a public cloud solution ✔✔Deploy a website or blog. The web-server is handled by the cloud provider. You only worry about managing the site itself.
Give three disadvantages to using a public cloud model. ✔✔•Security Requirements
•Government Policies
•Business requirements for a legacy software / application.
Describe the Private Cloud ✔✔In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to compute resources to users in your organization (You take the place of Microsoft Azure).
Give one example of where you would use a private cloud solution ✔✔An organization has data that cannot be put in the public cloud, perhaps for legal reasons. An e.g. may be where government policy requires specific data to be kept in-country or privately.
Give three disadvantages to using a private cloud model. ✔✔•Initial CapEx costs and must purchase the hardware for startup and maintenance
•Owning the equipment limits agility - to scale you must buy, install, and setup new hardware
- Private clouds require IT skills and expertise.
Describe the Hybrid Cloud ✔✔Combine public and private cloud(on premises data-center). Simple as that.
b). PaaS
c). SaaS ✔✔ANSWER: c). SaaS On the other extremity, IaaS provides the greatest burden to the customer, with PaaS balancing between SaaS & IaaS.
List some core examples of Compute Services in Azure. ✔✔•Azure VMs
•Azure VM Scale Sets
•Azure Kubernetes Service
•Azure Service Fabric
•Azure Batch
•Azure Container Instances
•Azure Functions
Give a summary of the function of Azure Kubernetes Service ✔✔Used to manage(orchestrate) clusters of VMs that run containerized services (e.g. Docker).
Describe the Azure Service Fabric ✔✔Basically a wide range of Azure systems that run in the cloud or on-premises.
What is an Azure Container Instance / is it used for? ✔✔It is used to run applications in Azure without the need of a VM, or provisioned server.
Describe an Azure function in as few words as possible., then give an example. ✔✔An event- driven, serverless compute service (e.g. confirmation of a successful login to a bank account).
List some of the core products that make up Azure Networking. ✔✔•Azure Network Watcher
•Azure Express Route
•Azure Traffic Manager
•Azure Content Delivery Network
•Azure Application Gateway
•Azure Virtual Network
•Azure Load Balancer
What is the function of the Azure Content Delivery Network? ✔✔Delivers high-bandwidth content to customers globally
What is Azure Express Route? ✔✔Connects to Azure over high-bandwidth dedicated secure connections
Rob has started his own video surveillance company and wishes to park his customer's footage in the cloud where it is secure and highly accessible. Propose the most appropriate Azure storage solution to him. ✔✔Azure Blob Storage, is capable of storing very large objects like video files & bitmaps.
A small company with 10 employees and little capital want to migrate their small on-premises storage server to the cloud. Choose an appropriate Azure solution. ✔✔Azure File Storage is excellent for this scenario, because it consists of File shares that you can access and manage like a file server
A software/web developer has built a 2 Factor Authentication app on Azure. Where can he park separate events or functions that form the building blocks of communication in his application? He only wants these events or functions to run when triggered(e.g. when a customer attempts to authenticate). ✔✔Azure Queue storage. It is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS.
Describe Azure Table Storage in simple terms. ✔✔A NoSQL store that hosts unstructured data independent of any schema
List some of the key Database Services provided by Azure. ✔✔•Azure Cosmos DB
•Azure SQL Data Warehouse
•Azure Database Migration Service
•Azure SQL Database
True or False. Azure Cosmos DB only supports SQL databases. ✔✔FALSE. Comos DB is multi-model (it supports all kinds of different databases, even NoSQL ones!) and is globally distributed making workload migration between nearby geographical locations a breeze!
Azure offers services related to the IoT(Internet of Things). A manufacturing company has thousands of smart probes and sensors and would like a way to securely monitor communications and messages between them all. Suggest the most appropriate Azure IoT service. ✔✔Azure IoT Hub. It directly handles messages between IoT devices (Think of the Phillips Hue Hub, AppleTV for HomeKit, WINK Hub).
What is the IoT Central? ✔✔It is a SaaS based Azure software that makes it easy to connect, monitor, and manage your IoT assets (think of WINK, HomeKit etc. as examples)
What is an Azure Geography? ✔✔It is a special market(made up of at least 2 regions) that caters to customers who due to data-residency and compliance requirements, need to keep their data as geographically close as possible (e.g. a Law firm with Florida Bar Requirements). Geographies are also fault-tolerant.
what is an Availability Zone? ✔✔Availability Zones are physically separate locations within an Azure region (think of subsets within a Venn Diagram!) Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking.
What popular Azure services make use of Availability Zones? ✔✔Availability Zones are primarily for VMs, managed disks, load balancers, and SQL databases.
Describe in detail, the primary functions of the Azure Resource Manager. ✔✔Azure Resource Manager is the deployment and management service for Azure. It provides a consistent management layer that enables you to create, update, and delete resources in your Azure subscription. You can use its access control, auditing, and tagging features to secure and organize your resources after deployment.
Define an Azure Resource and give some examples. ✔✔A manageable item that is available through Azure. Virtual machines, storage accounts, web apps, databases, and virtual networks are examples of resources.
What is an Azure Resource group? ✔✔A container that holds related resources for an Azure solution. The resource group includes those resources that you want to manage as a group. You decide how to allocate resources to resource groups based on what makes the most sense for your organization. For example, networking resources can be placed in their own resource group.
What is the Azure Firewall? ✔✔It is a managed, cloud-based, network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
What is one of the primary benefits of Azure DDoS protection? ✔✔Azure DDoS protection identifies the attacker's attempt to overwhelm the network and blocks further traffic from reaching Azure services. Legitimate traffic from customers still flows into Azure without any interruption of service.
Describe Azure Active Directory. ✔✔Azure AD is a cloud-based identity service. It has built in support for synchronizing with your existing on-premises Active Directory or can be used stand- alone. This means that all your applications, whether on-premises, in the cloud (including Office 365), or even mobile can share the same credentials.
Two or more elements that confirm Identities, are required by Azure Multi-Factor Authentication. List three (3). ✔✔1. Something you know (e.g. password / answer to question).
- Something you possess (mobile app, keyfob etc.)
- Something you are (Bio-metrics: fingerprint, facescan etc.)
Where can an administrator look to begin examining the security of Azure-based solutions? ✔✔ANSWER: The Azure Security Center. It is a monitoring service that provides threat protection across all of your services both in Azure, and on-premises.
What is the primary benefit of the Azure Security Center? ✔✔You can use Azure Security Center in different stages of an incident response. These are: DETECT, ASSESS, DIAGNOSE, STABILIZE, CLOSE.
Describe two usage scenarios of the Azure Security Center. ✔✔1. Incidence Response Management.
- Security Policy and Vulnerability Management.
What is the purpose of the Azure Key Vault? ✔✔Encryption services all use keys to encrypt and decrypt data, so how do we ensure that the keys themselves are secure? Suppose we also wanted to protect passwords, certificates, and other pieces of sensitive info? In Azure, we can use Azure Key Vault to protect our secrets.
For an administrator, what are some added benefits of the Key Vault? ✔✔Centralized storage of secrets, secure access, permissions control, and access logging(for e.g. see when, where and how someone gained access to resources).
Michael wishes to enable his organization to send encrypted email and to classify and protect documents when needed. Choose an appropriate Azure service/solution. ✔✔Microsoft Azure Information Protection (AIP) will give Michael the tools he needs.
Azure Advanced Threat Protection is one of Microsoft's cloud based security services. What are the components of the Azure ATP? ✔✔•Azure ATP Portal: monitor and respond to suspicious activity.
True or False. A policy applied to a resource group affects all resources in that particular group. ✔✔ANSWER: TRUE.
Robert an Azure Administrator wishes to find alternative methods of applying policies (other than using the Azure Portal). Suggest some alternatives to help him out. ✔✔He can also apply policy via Azure PowerShell or the Azure CLI.
As it relates to Azure and policies, what is an initiative? ✔✔An initiative definition is a set or group of policy definitions to help track your compliance state for a larger goal.
How does RBAC(Role Based Access Control) define access? ✔✔When you are assigned to a role, RBAC allows you to perform specific actions, such as read, write, or delete. Therefore, if one role assignment grants you read permissions to a resource group, and a different role assignment grants you write permissions to the same resource group, you will have write permissions on that resource group.
List three best practices an administrator can use when setting up new resources in the Azure portal. ✔✔1. Segregate duties within your team and grant only the amount of access to users that they need to perform their jobs.
- Grant users the lowest privilege level that they need to do their work.
- Use Resource Locks to ensure critical resources aren't modified or deleted.
What is a Resource Lock? ✔✔Resource locks are a setting that can be applied to any resource to block modification or deletion. Resource locks can set to either Delete or Read-only. Delete will allow all operations against the resource but block the ability to delete it. Read-only will only allow read activities to be performed against it, blocking any modification or deletion of the resource.
Give a few examples of where applying a Resource Lock would be appropriate (For good exam practice, give it a try in the Azure Portal if you have a subscription!) ✔✔Use resource locks to protect those key pieces of Azure that could have a large impact if they were removed or modified. Some examples are ExpressRoute circuits, and virtual networks, critical databases, and domain controllers.
True or False. Tags can be applied to any kind of resource on Azure. ✔✔ANSWER: FALSE Not all resources in Azure support tags! You have to check and see which ones do.
Are applied Tags inherited? ✔✔ANSWER: NO. Every resource that needs to be tagged, should be tagged accordingly.
