AZ900 dumps prep

-

Link1

Link2

https://www.linkedin.com/pulse/azure-ai-900-notes-preetha-rajesh/

https://www.dumpsbase.com/freedumps/updated-microsoft-azure-fundamentals-az-900-exam-questions-v19-02-latest-study-guide-for-reading.html

https://www.dumpsbase.com/freedumps/updated-az-900-dumps-v18-02-to-help-you-prepare-for-microsoft-azure-fundamentals-exam.html

---------------------------------------------

An Azure service in private preview is released to all Azure customers. - NO

An Azure service in public preview is released to all Azure customers. - Yes

An Azure service in general availability is released to a subset of Azure customers. - NO

-------

Your Azure environment contains multiple Azure virtual machines.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.

Solution: You modify an Azure firewall.

Does this meet the goal?
Ans: NO
Le:
To make a virtual machine accessible from the internet over HTTP (Port 80), simply modifying an Azure Firewall is not sufficient on its own. While an Azure Firewall can manage and filter traffic, it requires additional configurations like a public IP address for the VM or a Destination Network Address Translation (DNAT) rule on the firewall to direct incoming traffic.

More fundamentally, access control for an individual virtual machine within a network containing other VMs is typically handled by a Network Security Group (NSG). An NSG attached to the VM's network interface or subnet must have an explicit inbound security rule that allows HTTP traffic on port 80. The default NSG configuration often blocks all inbound internet traffic. Modifying the NSG is considered the primary, most direct method to control traffic at the VM level.
-----------

1)Data that is copied to an Azure Storage account is maintained automatically in at least three copies. - Yes
Le
All Azure Storage redundancy options (LRS, ZRS, GRS, GZRS) maintain at least three copies of your data within the primary region to protect against local hardware failures.

Locally Redundant Storage (LRS), Geo-redundant storage (GRS) or Geo-zone-redundant storage (GZRS)
2)All data that is copied to an Azure Storage account is backed up automatically to another Azure data center.
NO

Replication to a second, geographically distant data center (geo-redundancy) requires choosing a specific option like Geo-Redundant Storage (GRS) or Geo-Zone-Redundant Storage (GZRS). The default and lowest-cost option, Locally Redundant Storage (LRS), only replicates data within a single data center in the primary region. 
3) An Azure Storage account can contain up to 2 TB of data and up to one million files.
No
Le
Azure Storage accounts can hold much more data and a higher number of files. A standard general-purpose v2 account can store up to 5 PiB (petabytes) of data by default, and this limit can be increased upon request. The number of blobs or files within an account generally has no set limit.

--------------------
The Azure admin portal (also known as the Microsoft Entra admin center for identity management) is accessed using the admin. subdomain
https://admin.portal.azure.com

The standard Azure portal for general resource management is accessed via https://portal.azure.com.

azurewebsites.net is a domain used for hosting web applications deployed through Azure App Services, not for the main management portal.

---------------------------
A statement question is as below,
All Azure services that are in public preview are provided without any documentation.

Le:
Public preview services generally have documentation available on Microsoft Learn

The correct option is "excluded from the Service Level Agreements."

Explanation
Services in public preview are made available for evaluation and testing purposes and are provided "as-is".
A key characteristic of public preview services is that they are excluded from the Service Level Agreements (SLAs). This means Microsoft does not guarantee specific uptime or performance levels for these services.
While these services may be configured through the Azure portal or CLI, the lack of an SLA is the most accurate and definitive characteristic that makes the original statement incorrect in a certification context.

------------------------------

Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.

Which Azure Resource Manager feature should you use before you generate the reports?

Ans:
Tags.

Le:
The correct Azure Resource Manager feature to use before generating billing reports for each office is tags.
Explanation
Tags in Azure are labels (key-value pairs) that can be applied to resources, resource groups, and subscriptions.
Tags allow you to categorize resources across different resource groups based on criteria relevant to your organization, such as by department, environment, or in this case, "office".
Once resources are tagged with their respective office, you can use Azure Cost Management and Billing tools to filter and group costs by these specific tag names and values, enabling you to generate detailed resource utilization reports for each of the 10 offices. 

Other options explaination:
Templates (ARM templates) are used to automate the deployment of resources consistently (Infrastructure as Code).

Locks are used to prevent accidental deletion or modification of critical resources.

Policies are used to enforce organizational standards and compliance rules, such as ensuring all resources are deployed to approved regions or have specific tags applied.
------------------------
Your company has 10 departments.

The company plans to implement an Azure environment.

You need to ensure that each department can use a different payment option for the Azure services it consumes.

What should you create for each department?

Ans: a subscription

Le:
Explanation
  • Subscriptions are the administrative and billing boundaries in Azure. Each subscription is linked to a specific payment method (like a credit card or wire transfer) and billing profile, which allows costs to be tracked and charged independently.
  • Reservations provide discounted pricing for committed usage but do not manage payment options or billing separation.
  • Resource groups are logical containers for organizing related Azure resources within a single subscription. While they help in managing and monitoring costs for a collection of resources (often with the help of tags), they cannot have a separate, independent payment method assigned to them.
  • container instance is a specific type of computing resource used to run containerized applications and is unrelated to organizational billing structure.
----------------------------
An Azure administrator plans to run a PowerShell script that creates Azure resources.

You need to recommend which computer configuration to use to run the script.

Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.

Does this meet the goal?
Ans: Yes

Le:
Azure Cloud Shell is a browser-based, authenticated shell experience that is hosted in the cloud and provides access to both Bash and PowerShell environments. It comes pre-installed with all necessary Azure tools and PowerShell modules, and it automatically authenticates your session within the Azure portal.

Since Chrome OS primarily runs web-based applications and fully supports modern browsers like Google Chrome, you can easily access the Azure portal and launch the Cloud Shell from it. The operating system of the local computer does not matter because the actual PowerShell environment runs in a container hosted in Azure, not on the local machine.

-------------------------
  • To achieve a hybrid cloud model, a company must always migrate from a private cloud model: No.
  • A company can extend the capacity of its internal network by using the public cloud: Yes.
  • In a public cloud model, only guest users at your company can access the resources in the cloud: No.
Le:
To achieve a hybrid cloud model, a company must always migrate from a private cloud model.
No. A company can start building its cloud infrastructure from any point—public, private, or simultaneously hybrid. There is no mandatory migration path from a private cloud to achieve a hybrid model; the core requirement is just the combination of both environments.
A company can extend the capacity of its internal network by using the public cloud
Yes. This concept is known as cloud bursting or cloud scaling. A company can link its on-premises private network to a public cloud provider's infrastructure and use the public cloud's resources to handle temporary spikes in demand or to expand capacity without needing to purchase and install new hardware locally.
In a public cloud model, only guest users at your company can access the resources in the cloud.
No. In a public cloud model, resources (like servers, storage, and applications) are owned and operated by a third-party cloud service provider and offered over the internet. Access is typically available to internal company employees, authenticated users, and the general public depending on how the services are configured and secured by the customer. Access control is managed through identity and access management (IAM), not an inherent restriction to only guest users.
-------------------------------------------

Ans: Yes

le:
The solution meets the goal. To run the az vm create command to create Azure resources, you only need the Azure CLI installed on a computer (Windows 10 in this case). After installing the CLI, an administrator must authenticate their session using az login from a command prompt or PowerShell session. Once signed in with appropriate permissions to the target subscription and resource group, they can execute the command successfully. The local computer's operating system does not restrict the ability to manage Azure resources via the CLI, provided the CLI software is installed and running.

Why this works:
Multi-Shell Compatibility: While often associated with Bash, the Azure CLI is a standalone binary that can be executed in both the Bash and PowerShell environments of Azure Cloud Shell.
Pre-Authentication: When you launch Cloud Shell from the portal, you are automatically authenticated to your active subscription (Subscription1), so the command can immediately begin provisioning resources.
One-Liner Syntax: For a single-line command like the one provided, the syntax remains generally consistent across shells, allowing it to run successfully without modification. 


------------------------------------------


Ans: No
Correct answer is the Azure portal

  • The Azure portal is the management console where you create and manage all your Azure services, including support requests. You can navigate to the "Help + support" section within the portal to create and manage support tickets.
  • While the general support.microsoft.com website exists, the specific, guided process for managing Azure resources and technical issues happens within the dedicated Azure environment.
------------------------------


Ans: The virtual machines can be moved to the new subscription
Le:

Azure Virtual Machines (VMs) and their associated resources can be moved between subscriptions, provided both subscriptions are within the same Microsoft Entra tenant and meet certain technical requirements. 

---------------------------------------

Answ: No
The solution to remove the unused groups does not meet the goal of reducing Azure costs.

Le:
Explanation
  • Azure Active Directory (Azure AD) groups are a feature of identity and access management and do not incur direct costs. They are essentially free containers for organizing users and managing access permissions.
  • Billable resources in the scenario that do incur costs are the 10 public IP addresses. You are charged an hourly rate for each public IP address provisioned in Azure.
  • Unused user accounts and network interfaces also do not generally incur direct charges in the basic tier of Azure AD or for just the network interface itself without a running VM.

which other Azure resources typically incur charges?
Key Billable Resources
  • Virtual Machines (VMs): Billed based on their size (vCPUs and memory), the operating system (Windows often costs more due to licensing), and how long they run.
  • Storage: You are charged for the amount of data stored, the type of storage (e.g., standard HDD vs. premium SSD), data redundancy options (LRS, GRS, etc.), and the number of read/write operations performed.
  • Public IP Addresses: Orphaned or unused public IP addresses incur a nominal charge. This was the key cost driver in your original scenario.
  • Data Egress (Outbound Data Transfer): While inbound data transfer (ingress) to Azure is generally free, outbound data transfer (egress) from Azure data centers to the internet is charged per gigabyte.
  • Databases: Services like Azure SQL Database and Azure Cosmos DB are billed based on performance tiers, capacity, and usage metrics.
  • Azure App Services: Platform-as-a-Service (PaaS) offerings are billed based on the chosen plan (Basic, Standard, Premium, etc.), which dictates available compute power, memory, and features.
  • Support Plans: The basic support plan is free, but higher tiers (Developer, Standard, Professional Direct) incur monthly fees for faster response times and technical assistance. 
Resources That Are Often Free (with caveats)
Many fundamental services are free but you must still pay for the underlying resources they consume. 

Service Category Free/Incur ChargesNotes
Azure AD Groups & UsersFreeNo direct cost for basic user accounts and groups; licenses (P1/P2) are separate charges.
Resource GroupsFreeLogical containers only, no charge for the container itself.
Virtual Networks (VNet)FreeThe network container itself is free, but associated resources like VPN Gateways incur hourly charges.
Azure AdvisorFreeProvides recommendations to optimize costs and security.

-------------------------------------------------
Answer: No change is needed.
The solution to allow connections from TCP port 8080 to a virtual machine in Azure is indeed to modify the network security group (NSG) associated with that virtual machine or its subnet.

Le:
Explanation
  • Network Security Group (NSG) in Azure acts as a virtual firewall, controlling inbound and outbound network traffic to network interfaces (NICs) or subnets within an Azure Virtual Network.
  • To allow traffic on a specific port, such as TCP port 8080, an administrator must create an inbound security rule within the relevant NSG. This rule specifies the source and destination ports, protocols, and an "Allow" or "Deny" action.
  • The other options serve different networking functions:
    • virtual network gateway connects Azure VNets to on-premises networks or other Azure VNets, not for basic port filtering.
    • virtual network is the fundamental building block for your private network in Azure.
    • route table controls how network traffic is routed within a virtual network.

------------------------------------------------------------
Data that is copied to an Azure Storage account is maintained automatically in at least three copies.
Answer: Yes.
All Azure Storage redundancy options (LRS, ZRS, GRS, GZRS) maintain at least three copies of your data within the primary region to protect against local hardware failures.

All data that is copied to an Azure Storage account is backed up automatically to another Azure data center.
Answer: No.

An Azure Storage account can contain up to 2 TB of data and up to one million files.
Answer: No.

-------------------------------------------------------

No

The solution to run the script from a computer that runs Linux and has the Azure CLI tools installed does not meet the goal of running a PowerShell script.

Explanation
  • The administrator needs to run a PowerShell script, which requires the PowerShell environment and the Azure PowerShell (Az) module to function correctly.
  • The Azure CLI (Command-Line Interface) is a separate command-line tool that uses a Bash-like syntax and different commands (e.g., az vm create instead of New-AzVM).
  • While both the Azure CLI and Azure PowerShell can be installed on Linux systems and manage Azure resources, they are distinct tools, and a PowerShell script will not run using only the Azure CLI environment. The correct configuration would require installing PowerShell Core (version 6 or higher) and the Az PowerShell module on the Linux computer.
----------------------------------------------------
Azure virtual machines are Infrastructure as a service (IaaS) and 
Azure SQL databases are Platform as a service (PaaS).
---------------------------------------------------

------------------------------------------------

Ans: No
Le:
  • To create a new Azure virtual machine (VM), an administrator must use dedicated Azure management tools.
  • The correct solutions for creating a VM, even from an Android laptop (via a web browser), would be using the Azure portal (portal.azure.com) or the Azure Cloud Shell (which supports PowerShell and Azure CLI commands).
--------------------------------------------------------------------

The correct option is to the same resource group.
Explanation
  • Permissions in Azure are managed using Role-Based Access Control (RBAC).
  • RBAC uses an inheritance model, meaning that permissions assigned at a higher scope are inherited by resources at a lower scope. The hierarchy of scopes is Management Group > Subscription > Resource Group > Resource.
  • By deploying virtual machines to the same resource group, an administrator can assign an RBAC role (e.g., Contributor or Reader) to that group once, and all the virtual machines within it will automatically inherit those permissions simultaneously.
  • Deploying them to the same Azure region (a physical location) or availability zone (for high availability) does not inherently affect the delegation of permissions. 
---------------------------------------------------------------------------
To prevent the deletion of resources within an Azure resource group (RG1), you should use the Locks setting.
Explanation
  • Locks allow you to apply governance mechanisms that restrict users from performing specific operations on critical resources, even if their Role-Based Access Control (RBAC) permissions would otherwise allow it.
  • There are two types of locks:
    • CanNotDelete (Delete Lock): Authorized users can read and modify the resource but cannot delete it.
    • ReadOnly: Authorized users can only read the resource, preventing any modifications or deletions.
    • When a lock is applied at a parent scope, such as a resource group, all resources within that group inherit the lock. Applying a "Delete" lock to RG1 will ensure that no resources inside can be accidentally deleted.
----------------------------------------------------------------------------
Azure Active Directory (Azure AD) requires the implementation of domain controllers on Azure virtual machines: No.
Le:
Azure AD is a cloud-based identity and access management service that operates without traditional domain controllers. While you can deploy Active Directory Domain Services (AD DS) on Azure VMs for specific hybrid scenarios, it is not a requirement for standard Azure AD functionality.

Azure Active Directory (Azure AD) provides authentication services for resources hosted in Azure and Microsoft 365: Yes.

le:
Azure AD is the centralized identity provider that manages secure access to cloud-based resources, including the Azure portal, Microsoft 365, and thousands of other SaaS applications

Each user account in Azure Active Directory (Azure AD) can be assigned only one license: No.

Le:
A single user account can be assigned multiple licenses for different Microsoft cloud services (e.g., a Microsoft 365 license and an Enterprise Mobility + Security license).

------------------------------------------------------------------------------
An Azure service in private preview is released to all Azure customers.
No. 

An Azure service in public preview is released to all Azure customers.
Yes. 

An Azure service in general availability is released to a subset of Azure customers.
No.
--------------------------------------------------------------------------------
In Azure Active Directory Premium, at least 99.9 percent availability is guaranteed: Yes.
Microsoft guarantees a monthly availability of at least 99.9% for the Premium tiers (P1 and P2) of Azure AD/Microsoft Entra ID.

The Service Level Agreement (SLA) for Azure Active Directory Basic is the same as the SLA for Azure Active Directory Free: No. 
The Free tier of Azure Active Directory has no financially backed Service Level Agreement (SLA) provided by Microsoft. The Basic and Premium tiers have a guaranteed SLA.

All paying Azure customers can claim a credit if their monthly uptime percentage is below the guaranteed amount in the Service Level Agreement (SLA): Yes. 
If a service falls below the guaranteed uptime percentage outlined in its specific SLA, paying customers can typically claim service credits (a percentage refund of their monthly service fees) toward future use of that service.
-----------------------------------------------------------------------------------
  • Monitor the health of Azure services: Monitor or Subscriptions (more specifically, the Service Health feature within the Monitor or Subscriptions blade).
  • Browse available virtual machine images: Marketplace.
  • View security recommendations: Advisor.
Explanation
The Monitor blade provides a unified platform for monitoring metrics, logs, and overall health of resources. You can use Service Health, accessible through the Monitor blade, to view the health of Azure services and regions.

The Marketplace is where you can find and browse all available solutions and images from Microsoft and third-party partners to deploy new resources like virtual machines.

Advisor is a personalized cloud consultant that provides recommendations to optimize your Azure deployments across several categories, including security, cost, performance, and reliability.
-----------------------------------------------------------------------------


-------------------------------------------------------------------------------
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.

Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer


Answer:
To view a list of planned maintenance events that can affect the availability of an Azure subscription, you should use the Service Health blade.
  • You can access it by clicking "All services" in the menu and searching for "Service Health".
---------------------------------------------------------------------------------------
You plan to extend your company’s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.

You need to create an Azure resource that identifies the VPN appliance.

Which Azure resource should you create? To answer, select the appropriate resource in the answer area.

Ans: Azure resource to create to identify your on-premises VPN appliance is a Local network gateway.

Explanation
When configuring a site-to-site VPN connection between your company's physical location and Azure, two key resources are involved: 

Virtual network gateway: This is the Azure-side resource that acts as the VPN endpoint within your Azure Virtual Network.

Local network gateway: This is an Azure object that you create specifically to represent your on-premises network and VPN device within Azure. It stores the public IP address of your on-premises VPN appliance (in this case, 131.107.200.1) and the on-premises network address ranges that Azure should route traffic to. 
------------------------------------------------------------------------------------------
You have an Azure environment.

You need to create a new Azure virtual machine from an Android laptop.

Solution: You use Bash in Azure Cloud Shell.

Ans: Yes
Explanation
The solution meets the goal. The Azure Cloud Shell is a browser-based shell experience hosted in the cloud. It is accessed via the Azure portal (portal.azure.com) in any modern web browser.

Android laptops have web browsers (like Google Chrome) that can access the Azure portal.
The Cloud Shell environment is independent of the local operating system.

You can select Bash within Cloud Shell, which comes pre-installed with the Azure CLI tools necessary to execute commands like az vm create to build a virtual machine.
Since the environment to run the script runs in the cloud and is accessible via a web browser on an Android laptop, this solution works.
-------------------------------------------------------------------------------------------
Your company plans to move several servers to Azure.

The company's compliance policy states that a server named FinServer must be on a separate network segment

You are evaluating which Azure services can be used to meet the compliance policy requirements.

Which Azure solution should you recommend?

Answer: a virtual network for FinServer and another virtual network for all the other servers

-------------------------------------------------------------------------------------------
Your company plans to request an architectural review of an Azure environment from Microsoft.

The company currently has a Basic support plan.

You need to recommend a new support plan for the company. The solution must minimize costs.

Which support plan should you recommend?

Answer: Professional Direct.

To minimize costs while meeting the requirement to formally request an architectural review of an Azure environment from Microsoft, you should recommend the Professional Direct support plan.

Explanation
The ability to request an architectural review from Microsoft experts is a feature that is only available starting with the Professional Direct support tier (or the more expensive Unified Enterprise plan). 


While the Developer and Standard plans offer "general guidance", they do not include the specific, in-depth architectural design assessment and formal review requested in the problem. The Professional Direct plan is the lowest-cost option that provides access to delivery managers who can provide this specific service. 
------------------------------------------------------------------------

Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.

Ans: Statement is incorrect.

ARM (Azure Resource Manager) is the right answer.
Azure Resource Manager (ARM): This acts as the management layer and deployment service for Azure. It provides a consistent interface (via the portal, CLI, PowerShell, or APIs) for creating, updating, and deleting resources and is the platform used for deploying objects via templates (ARM templates or Bicep). It ensures the deployment is consistent and repeatable across different environments.

Azure Policy: This service is primarily a governance and compliance tool. Its purpose is to enforce organizational standards and assess the compliance of existing and future resources against predefined rules (e.g., restricting resource locations, mandating specific tags, or preventing the creation of certain VM sizes). While it helps ensure consistency in configurations, it does not function as the primary deployment platform itself.
--------------------------------------------------------------------------


A platform as a service (PaaS) solution that hosts web apps in Azure provides full control of the operating systems that host applications.

No. In the PaaS model (like Azure App Services for web apps), Microsoft manages and controls the underlying operating systems and infrastructure. The user is responsible only for their application code and configuration, which is the key value proposition of PaaS.

A platform as a service (PaaS) solution that hosts web apps in Azure provides the ability to scale the platform automatically.

Yes. Automatic scaling (autoscale) is a core feature of Azure PaaS offerings. You can define rules based on metrics (like CPU usage or request queue length) that automatically increase or decrease the number of instances running your web app, ensuring performance and cost efficiency.

A platform as a service (PaaS) solution that hosts web apps in Azure provides professional development services to continuously add features to custom applications.

No. Azure provides the platform, tools, and infrastructure for you to develop and host your applications. Microsoft does not provide the professional software development services (writing the code, adding features) for your custom applications; that remains your responsibility or your development team's responsibility.

----------------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------

Your network contains an Active Directory forest. The forest contains 5,000 user accounts.

Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.

You need to recommend a solution to minimize the impact on users after the planned migration.

What should you recommend?

Answ:
sync all the Active Directory user accounts to Azure Active Directory (Azure AD).
-----------------------------------------------------------------------------------
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform.

No change required.
Le: one of the core benefits and built-in features of Azure SQL Data Warehouse (now known as Azure Synapse Analytics) is high availability.
------------------------------------------------------------------------------------


---------------------------------------------------------------------------------

Each Azure subscription can contain multiple account administrators.
No, this is incorrect. Historically (in the classic model), an Azure subscription had a single Account Administrator responsible for billing. 

Each Azure subscription can be managed by using a Microsoft account only.
No, this is incorrect. You can sign up for and manage Azure using a personal Microsoft account or a work/school account (which is backed by Microsoft Entra ID, previously Azure AD). 

An Azure resource group contains multiple Azure subscriptions.
No, this is incorrect. The relationship is the other way around in the Azure hierarchy: an Azure subscription is a logical container that holds one or more resource groups. 
---------------------------------------------------------------------------------


---------------------------------------------------------------------------------
Your company plans to purchase Azure.

The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email.

You need to recommend which support plan meets the support policy requirement.

Solution: Recommend a Basic support plan.

AnsNo. alteast need standar plan.
---------------------------------------------------------------------------------
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.

You need to recommend a storage solution for the data.

Which two solutions should you recommend? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Azure SQL Database
Azure Cosmos DB
Azure SQL Data Warehouse
Azure Database for PostgreSQL
Azure Data Lake
The two solutions you should recommend for storing 20 TB of infrequently accessed data that will be visualized by Power BI are Azure Data Lake and Azure SQL Data Warehouse (now known as Azure Synapse Analytics).

Azure Data Lake (specifically Data Lake Storage Gen2) is designed for big data analytics workloads, can handle petabyte-scale data, and is cost-effective for large volumes of data that aren't accessed frequently. It integrates seamlessly with Power BI.

Azure SQL Data Warehouse (Azure Synapse Analytics) is an analytics service that provides massive parallel processing and is optimized for data warehousing scenarios and large datasets. It integrates well with Power BI for visualization purposes.

---------------------------------------------------------------------------------

The company plans to reduce the following administrative responsibilities of network administrators:

• Backing up application data

• Replacing failed server hardware

• Managing physical server security

• Updating server operating systems

• Managing permissions to shared documents

The company plans to migrate several servers to Azure virtual machines.

You need to identify which administrative responsibilities will be reduced after the planned migration.

Which two responsibilities should you identify? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options:
Replacing failed server hardware
Backing up application data
Managing physical server security
Updating server operating systems
Managing permissions to shared documents

Answ:
The two administrative responsibilities that will be reduced after migrating to Azure virtual machines are Replacing failed server hardware and Managing physical server security.
---------------------------------------------------------------------------------


For each computer, all three Azure management tools—the Azure CLI, the Azure portal, and Azure PowerShell—can be used.
---------------------------------------------------------------------------------
Your company has an Azure subscription that contains the following unused resources:

* 20 user accounts in Azure Active Directory (Azure AD)

* Five groups in Azure AD

* 10 public [P addresses

* 10 network interfaces

* You need to reduce the Azure costs for the company.

Solution: You remove the unused user accounts.

Does this meet the goal?
No
---------------------------------------------------------------------------------
Authorization is the process of verifying a user's credentials.

Ans:
Authentication
---------------------------------------------------------------------------------
Your company plans to deploy several web servers and several database servers to Azure.

You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.

What should you include in the recommendation?

network security groups (NSGs)
Azure Service Bus
a local network gateway
a route filter

Ans: network security groups (NSGs)
---------------------------------------------------------------------------------



---------------------------------------------------------------------------------
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.

You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.

You need to identify which expenditure model to use for the planned Azure solution.

Which expenditure model should you identify?

operational
elastic
capital
scalable

Le:
The expenditure model you should identify is operational.
Migrating to an Azure pay-as-you-go subscription shifts your financial model from Capital Expenditure (CapEx) to Operational Expenditure (OpEx)
---------------------------------------------------------------------------------
Your company plans to migrate all its data and resources to Azure.

The company’s migration plan states that only platform as a service (PaaS) solutions must be used in Azure.

You need to deploy an Azure environment that supports the planned migration.

Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server.

installed.

Does this meet the goal?

Yes
No

Le:
No, the solution does not meet the goal.
The migration plan explicitly requires using only Platform as a Service (PaaS) solutions. While Azure App Service is a PaaS offering, Azure virtual machines are classified as Infrastructure as a Service (IaaS).

Correct PaaS Alternative:
To meet the requirement, the company should use Azure SQL Database or Azure SQL Managed Instance. These are fully managed database services where Azure handles patching, backups, and scaling, which aligns with the PaaS model.

---------------------------------------------------------------------------------
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

multiple subscriptions
multiple Azure Active Directory (Azure AD) directories
multiple regions
multiple resource groups
Le:
The two techniques you should recommend to segment Azure for different departments are multiple subscriptions and multiple resource groups.
Both of these options provide logical boundaries that help organize resources and manage access control for specific departmental needs. 
Comparison of Segmentation Techniques
Technique Description Best For
Multiple Subscriptions Provides high-level isolation with separate billing and distinct resource limits for each department. Departments with entirely independent budgets, distinct compliance requirements, or large-scale resource needs.
Multiple Resource Groups Organizes related resources within a single subscription into logical containers. Managing specific projects or application tiers within a department while sharing the same billing account.
---------------------------------------------------------------------------------
What are two characteristics of the public cloud? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

dedicated hardware
unsecured connections
limited storage
metered pricing
self-service management

Le
The two characteristics of the public cloud are metered pricing and self-service management. 
Metered pricing: Also known as a "pay-as-you-go" or consumption-based model, this ensures users are only billed for the specific amount of resources (compute, storage, bandwidth) they actually consume.
Self-service management: This allows users to provision, manage, and scale their own cloud resources (like virtual machines or web apps) through a portal or API without requiring direct manual intervention from the cloud provider's staff. 
---------------------------------------------------------------------------------
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information.

No change is needed.
DDoS protection
Azure Information Protection
Azure Active Directory (Azure AD) Identity Protection

Le:
The correct answer choice is Azure Information Protection (now part of Microsoft Purview Information Protection)

Azure Information Protection (AIP) is the service used to classify and protect documents and emails by applying labels. These labels can trigger actions such as adding visual watermarks, headers, footers, or encryption based on the sensitivity of the data (like credit card information) detected within the file. 
---------------------------------------------------------------------------------
Your company has an Azure subscription that contains the following unused resources:

* 20 user accounts in Azure Active Directory (Azure AD)

* Five groups in Azure AD

* 10 public !P addresses

* 10 network interfaces

You need to reduce the Azure costs for the company.

Solution: You remove the unused public IP addresses.

Does this meet the goal?

Yes
No

Yes, the solution meets the goal.
Removing unused public IP addresses will reduce your company's Azure costs.

Azure typically charges for public IP addresses based on the number of hours they are provisioned, even if they are not actively associated with or used by a running resource. By deleting these orphaned or unattached IP addresses, you stop the ongoing hourly billing for those specific resources.

Azure typically charges for public IP addresses based on the number of hours they are provisioned, even if they are not actively associated with or used by a running resource. By deleting these orphaned or unattached IP addresses, you stop the ongoing hourly billing for those specific resources.
---------------------------------------------------------------------------------
To what should an application connect to retrieve security tokens?

an Azure Storage account
Azure Active Directory (Azure AD)
a certificate store
an Azure key vault

An application should connect to Azure Active Directory (Azure AD), now part of Microsoft Entra ID, to retrieve security tokens. 
Azure AD is the central identity provider that authenticates users and applications, issuing tokens like access tokens, ID tokens, and refresh tokens. These tokens serve as digital passes that allow an authenticated entity to access protected resources for a specific period. 
---------------------------------------------------------------------------------


Statement 1 (Resource Groups): Creating a resource group is a free administrative action. Costs are only generated by the actual resources (like virtual machines or storage accounts) placed within the group, not the group itself.

Statement 2 (Inbound Data): Inbound data transfers (data going into Azure data centers) are generally free. While you pay for the VPN Gateway service itself, you are not charged for the specific volume of data being uploaded. [3, 4]

Statement 3 (Outbound Data): Outbound data transfers (data leaving Azure data centers, known as egress) are subject to data transfer pricing. After the first 5 GB per month (which is free), you are charged based on the amount of data transferred out to your on-premises network. [3, 4]
 
---------------------------------------------------------------------------------
What is required to use Azure Cost Management?

a Dev/Test subscription
Software Assurance
an Enterprise Agreement (EA)
a pay-as-you-go subscription

To use Azure Cost Management, the fundamental requirement is an Enterprise Agreement (EA) or a Microsoft Customer Agreement (MCA).

It is natively available for Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), and Azure plan subscriptions (for partners and their customers).

---------------------------------------------------------------------------------
What should you use to evaluate whether your company's Azure environment meets regulatory requirements?

Options:
Compliance Manager from the Security Trust Portal
the Advisor blade from the Azure policy
the Knowledge Center website
the Security Center blade from the Azure portal


Ans:
Compliance Manager from the Service Trust Portal. 
---------------------------------------------------------------------------------



Statement 1 (Regional Pricing): Azure service costs vary by region due to differences in infrastructure, labor, and energy costs. 

Statement 2 (Operational Charges): General-purpose v2 (GPv2) storage accounts follow a multi-part pricing model. You are charged for data storage (at rest) AND transactions (read/write operations).

Statement 3 (Data Transfer Fees): While inbound data (data coming into Azure) is generally free, outbound data transfer (egress) between Azure regions is a chargeable service.

---------------------------------------------------------------------------------
Which Azure service should you use to store certificates?

Azure Security Center
an Azure Storage account
Azure Key Vault
Azure Information Protection

Answ: Azure Key Vault
---------------------------------------------------------------------------------


You have an Azure environment. You need to create a new Azure virtual machine from an Android laptop.


Solution: You use PowerShell in Azure Cloud Shell.


Does this meet the goal?


Yes

No


Yes

---------------------------------------------------------------------------------



---------------------------------------------------------------------------------

Comments

Post a Comment

Popular posts from this blog

Powerapps overcome 2000 item limit from any datasource

-
Image
In Power Apps, delegation refers to whether a data processing task (like filtering, searching, or sorting) is performed by the  data source  (server-side) or by  Power Apps  itself (locally on the device).   Power Apps Land  +1 Delegable Functions These functions allow the data source to handle the heavy lifting. The app sends the query to the server, and only the results matching the criteria are returned to the device. This is essential for performance and accuracy when working with datasets exceeding 2,000 records.   LinkedIn  +3 Filter  &  LookUp : Delegable for most tabular data sources (Dataverse, SQL, SharePoint). Sort  &  SortByColumns : Generally delegable, but often restricted to single columns or specific data types. StartsWith : Frequently delegable and often used as a performance-friendly alternative to  Search . Sum, Average, Min, Max : Delegable on advanced data sources like SQL and Dataverse, though...
Read more

PowerApps multiselect cascading dropdown and save an item to SharePoint List

-
Image
 I have one scenario as below List 1: Division List has title field List 2: District List has Title and Division Field(LookUp from Division List) List 3: Facility List has Title, District Field(LookUp field from District List) List 4: County List has Title, Facility Field(LookUp field from Facility List) Main List: Spill Report is the main list  Division Field( Look up from Division List) District Field(Look up field from District List) Facility Field(Look up field from Facility List) County Field(Look up field from County List) List Screenshots provided below can be refered for clarification. ----------------------------------------------------------------------------------------------------- PowerApps Canvas Apps In Power Apps Canvas App, We need to first design the app with the 4 respective fields Since those fields are multiselect, then it is to combo box. Generally power apps are not supported for multiselect cascasding dropdown. Refere microsoft documentation, Know Limit...
Read more

Multi select cascading dropdown in Power Apps

-
Image
  Left(Concat(ColDivisionSelectedValues, Title & ";"),Len(Concat(ColDivisionSelectedValues, Title & ";")) -1) Plus icon Set(_popup,true); Set(DivisionGalleryViewing,true); Set(DropdownName,"Division"); Gallery Division: SortByColumns(ColDivisionDropdown, "Title") Check box OnCheck: Collect(ColDivisionSelectedValues, ThisItem) OnUnCheck: Remove(ColDivisionSelectedValues,ThisItem); Remove(     ColDistrictSelectedValues,     Filter(         ColDistrictSelectedValues,         Division.Value = ChkBoxDivision_1.Text     ) );
Read more