AZ900

AZ900
Question #1Topic 1
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Hide Solution Discussion 97

Correct
Answer:
Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service
provides an environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have
no direct access to the virtual machine, the operating system or
IIS.
Box 2: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform
automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on
virtual machines running IIS. Autoscaling means adding more load balanced virtual machines
to host the web apps.
Box 3: Yes -
PaaS provides a framework that developers can build upon to develop or customize cloud-
based applications. PaaS development tools can cut the time it takes to code new apps with
pre-coded application components built into the platform, such as workflow, directory services,
security features, search and so on.
References:
https://azure.microsoft.com/en-gb/overview/what-is-paas/
Question #2Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: Yes -
Traditionally, IT expenses have been considered a Capital Expenditure (CapEx). Today, with the
move to the cloud and the pay-as-you-go model, organizations have the ability to stretch their
budgets and are shifting their IT CapEx costs to Operating Expenditures (OpEx) instead. This
flexibility, in accounting terms, is now an option due to the ‫ג‬€as a Service‫ג‬€ model of
purchasing software, cloud storage and other IT related resources.
Box 2: No -
Two virtual machines using the same size could have different disk configurations. Therefore,
the monthly costs could be different.
Box 3: Yes -
When an Azure virtual machine is stopped, you don‫ג‬€™t pay for the virtual machine. However,
you do still pay for the storage costs associated to the virtual machine.
The most common storage costs are for the disks attached to the virtual machines. There are
also other storage costs associated with a virtual machine such as storage for diagnostic data
and virtual machine backups.
References:
https://meritsolutions.com/capex-vs-opex-cloud-computing-blog/
Question #3Topic 1
HOTSPOT -
To complete the sentence, select the appropriate option in the answer area.
Hot Area:

Correct
Answer:
When you are implementing a Software as a Service (SaaS) solution, you are responsible for
configuring the SaaS solution. Everything else is managed by the cloud provider.
SaaS requires the least amount of management. The cloud provider is responsible for
managing everything, and the end user just uses the software.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the
Internet. Common examples are email, calendaring and office tools
(such as Microsoft Office 365).
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from
a cloud service provider. You rent the use of an app for your organization and your users
connect to it over the Internet, usually with a web browser. All of the underlying infrastructure,
middleware, app software and app data are located in the service provider‫ג‬€™s data center. The
service provider manages the hardware and software and with the appropriate service
agreement, will ensure the availability and the security of the app and your data as well.
Reference:
https://azure.microsoft.com/en-in/overview/what-is-saas/
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/5-types-of-
cloud-services
Question #4Topic 1
You have an on-premises network that contains several servers.
You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers are available if a single
Azure data center goes offline for an extended period.
What should you include in the recommendation?
 A. fault tolerance
 B. elasticity
 C. scalability
 D. low latency

Correct Answer: A
Fault tolerance is the ability of a system to continue to function in the event of a failure of
some of its components.
In this question, you could have servers that are replicated across datacenters.
Availability zones expand the level of control you have to maintain the availability of the
applications and data on your VMs. Availability Zones are unique physical locations within an
Azure region. Each zone is made up of one or more datacenters equipped with independent
power, cooling, and networking. To ensure resiliency, there are a minimum of three separate
zones in all enabled regions. The physical separation of Availability Zones within a region
protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your
solutions to use replicated VMs in zones, you can protect your applications and data from the
loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly
available in another zone.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Question #5Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
A private cloud is hosted in your datacenter. Therefore, you cannot close your datacenter if you
are using a private cloud.
A public cloud is hosted externally, for example, in Microsoft Azure. An organization that hosts
its infrastructure in a public cloud can close its data center.
Public cloud is the most common deployment model. In this case, you have no local hardware
to manage or keep up-to-date ‫ג‬€" everything runs on your cloud provider's hardware.
Microsoft Azure is an example of a public cloud provider.
In a private cloud, you create a cloud environment in your own datacenter and provide self-
service access to compute resources to users in your organization.
This offers a simulation of a public cloud to your users, but you remain completely responsible
for the purchase and maintenance of the hardware and software services you provide.
Reference:
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-cloud-
deployment-models
Welcome to ExamTopics
Question #6Topic 1
What are two characteristics of the public cloud? Each correct answer presents a complete
solution.
 A. dedicated hardware
 B. unsecured connections
 C. limited storage
 D. metered pricing
 E. self-service management

Correct Answer: DE
With the public cloud, you get pay-as-you-go pricing ‫ג‬€" you pay only for what you use, no
CapEx costs.
With the public cloud, you have self-service management. You are responsible for the
deployment and configuration of the cloud resources such as virtual machines or web sites.
The underlying hardware that hosts the cloud resources is managed by the cloud provider.
Incorrect Answers:
A: You don‫ג‬€™t have dedicated hardware. The underlying hardware is shared so you could have
multiple customers using cloud resources hosted on the same physical hardware.
B: Connections to the public cloud are secure.
C: Storage is not limited. You can have as much storage as you like.
References:
deployment-models
Question #7Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
When planning to migrate a public website to Azure, you must plan to pay monthly usage costs.
This is because Azure uses the pay-as-you-go model.
Question #8Topic 1
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution that might meet the stated goals. Some
question sets might have more than one correct solution, while others might not have a correct
solution.
After you answer a question in this section, you will NOT be able to return to it. As a result,
these questions will not appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company‫ג‬€™s migration plan states that only Platform as a Service (PaaS) solutions must
be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure SQL databases.
Does this meet the goal?
 A. Yes
 B. No

Correct Answer: A
Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore,
this solution does meet the goal.
Question #9Topic 1
solution.
be used in Azure.
Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL
Server installed.
 A. Yes
 B. No

Correct Answer: A
Azure App Service is a PaaS (Platform as a Service) service. Azure virtual machines are an IaaS
(Infrastructure as a Service) service, and a Paas service.
Therefore, this solution does meet the goal.
Note: Like IaaS, PaaS includes infrastructure‫ג‬€"servers, storage, and networking‫ג‬€"but also
middleware, development tools, business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the complete web application lifecycle:
building, testing, deploying, managing, and updating.
Reference:
https://azure.microsoft.com/en-us/overview/what-is-paas/
Question #10Topic 1
solution.
be used in Azure.
Solution: You create an Azure App Service and Azure Storage accounts.
 A. Yes
 B. No

Correct Answer: B
Question #11Topic 1
Your company hosts an accounting application named App1 that is used by all the customers
of the company.
App1 has low usage during the first three weeks of each month and very high usage during the
last week of each month.
Which benefit of Azure Cloud Services supports cost management for this type of usage
pattern?
 A. high availability
 B. high latency
 C. elasticity
 D. load balancing

Correct Answer: C
Elasticity in this case is the ability to provide additional compute resource when needed and
reduce the compute resource when not needed to reduce costs.
Autoscaling is an example of elasticity.
Elastic computing is the ability to quickly expand or decrease computer processing, memory
and storage resources to meet changing demands without worrying about capacity planning
and engineering for peak usage. Typically controlled by system monitoring tools, elastic
computing matches the amount of resources allocated to the amount of resources actually
needed without disrupting operations. With cloud elasticity, a company avoids paying for
unused capacity or idle resources and doesn‫ג‬€™t have to worry about investing in the purchase
or maintenance of additional resources and equipment.
References:
https://azure.microsoft.com/en-gb/overview/what-is-elastic-computing/
Question #12Topic 1
You plan to migrate a web application to Azure. The web application is accessed by external
users.
You need to recommend a cloud deployment solution to minimize the amount of administrative
effort used to manage the web application.
 A. Software as a Service (SaaS)

 B. Platform as a Service (PaaS)
 C. Infrastructure as a Service (IaaS)
 D. Database as a Service (DaaS)

Correct Answer: B
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and
mobile apps for any platform or device and connect to data anywhere, in the cloud or on-
premises. App Service includes the web and mobile capabilities that were previously delivered
separately as Azure Websites and Azure Mobile
Services.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-
services
Question #13Topic 1
HOTSPOT -
Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases?
To answer, select the appropriate options in the answer area.
Hot Area:

Correct
Answer:
Box 1:
Azure virtual machines are Infrastructure as a Service (IaaS).
Infrastructure as a Service is the most flexible category of cloud services. It aims to give you
complete control over the hardware that runs your application (IT infrastructure servers and
virtual machines (VMs), storage, networks, and operating systems). Instead of buying
hardware, with IaaS, you rent it.
Box 2:
Azure SQL databases are Platform as a Service (Paas).
Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that
handles most of the database management functions such as upgrading, patching, backups,
and monitoring without user involvement. Azure SQL Database is always running on the latest
stable version of SQL Server
Database Engine and patched OS with 99.99% availability. PaaS capabilities that are built-in
into Azure SQL database enable you to focus on the domain specific database administration
and optimization activities that are critical for your business.
Reference:
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/5-types-of-
cloud-services https://docs.microsoft.com/en-us/azure/sql-database/sql-database-paas-index
Question #14Topic 1
You have an on-premises network that contains 100 servers.
You need to recommend a solution that provides additional resources to your users. The
solution must minimize capital and operational expenditure costs.
 A. a complete migration to the public cloud

 B. an additional data center
 C. a private cloud
 D. a hybrid cloud

Correct Answer: D
A hybrid cloud is a combination of a private cloud and a public cloud.
Capital expenditure is the spending of money up-front for infrastructure such as new servers.
With a hybrid cloud, you can continue to use the on-premises servers while adding new servers
in the public cloud (Azure for example). Adding new servers in
Azure minimizes the capital expenditure costs as you are not paying for new servers as you
would if you deployed new server on-premises.
Incorrect Answers:
A: A complete migration of 100 servers to the public cloud would involve a lot of operational
expenditure (the cost of migrating all the servers).
B: An additional data center would involve a lot of capital expenditure (the cost of the new
infrastructure).
C: A private cloud is hosted on on-premises servers to this would involve a lot of capital
expenditure (the cost of the new infrastructure to host the private cloud).
Reference:
deployment-models
Question #15Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
It is not true that a company must always migrate from a private cloud model to implement a
hybrid cloud. You could start with a public cloud and then combine that with an on-premise
infrastructure to implement a hybrid cloud.
Box 2: Yes -
A company can extend the capacity of its internal network by using the public cloud. This is
very common. When you need more capacity, rather than pay out for new on-premises
infrastructure, you can configure a cloud environment and connect your on-premises network to
the cloud environment by using a VPN.
Box 3: No -
It is not true that only guest users can access cloud resources. You can give anyone with an
account in Azure Active Directory access to the cloud resources.
There are many authentication scenarios but a common one is to replicate your on-premises
Active Directory accounts to Azure Active Directory and provide access to the Azure Active
Directory accounts. Another commonly used authentication method is ‫ג‬€˜Federation‫ג‬€™ where
authentication for access to cloud resources is passed to another authentication provider such
as an on-premises Active Directory. https://azure.microsoft.com/en-gb/overview/what-is-
hybrid-cloud-computing/
Question #16Topic 1
You plan to migrate several servers from an on-premises network to Azure.
What is an advantage of using a public cloud service for the servers over an on-premises
network?
 A. The public cloud is owned by the public, NOT a private corporation

 B. The public cloud is a crowd-sourcing solution that provides corporations with the
ability to enhance the cloud
 C. All public cloud resources can be freely accessed by every member of the public
 D. The public cloud is a shared entity whereby multiple corporations each use a portion
of the resources in the cloud

Correct Answer: D
The public cloud is a shared entity whereby multiple corporations each use a portion of the
resources in the cloud. The hardware resources (servers, infrastructure etc.) are managed by
the cloud provider. Multiple companies create resources such as virtual machines and virtual
networks on the hardware resources.
Incorrect Answers:
A: The public cloud is not owned by the public. In the case of Microsoft Azure, the cloud is
owned by Microsoft.
B: The public cloud is a not crowd-sourcing solution. In the case of Microsoft Azure, the cloud
is owned by Microsoft.
C: It is not true that public cloud resources can be freely accessed by every member of the
public. You pay for a cloud subscription and create accounts for your users to access your
cloud resources. No one can access your cloud resources until you create user accounts and
provide the appropriate access permissions.
Question #17Topic 1
HOTSPOT -
Hot Area:
Correct
Answer:
Azure Site Recovery helps ensure business continuity by keeping business apps and workloads
running during outages. Site Recovery replicates workloads running on physical and virtual
machines (VMs) from a primary site to a secondary location.
Reference:
https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-overview
Question #18Topic 1
In which type of cloud model are all the hardware resources owned by a third-party and shared
between multiple tenants?
 A. private
 B. hybrid
 C. public

Correct Answer: C
Microsoft Azure, Amazon Web Services and Google Cloud are three examples of public cloud
services.
Microsoft, Amazon and Google own the hardware. The tenants are the customers who use the
public cloud services.
Question #19Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-hybrid-cloud-computing/
Question #20Topic 1
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.
You need to identify which expenditure model to use for the planned Azure solution.
Which expenditure model should you identify?
 A. operational
 B. elastic
 C. capital
 D. scalable
Correct Answer: A
One of the major changes that you will face when you move from on-premises cloud to the
public cloud is the switch from capital expenditure (buying hardware) to operating expenditure
(paying for service as you use it). This switch also requires more careful management of your
costs. The benefit of the cloud is that you can fundamentally and positively affect the cost of a
service you use by merely shutting down or resizing it when it's not needed.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Question #21Topic 1
DRAG DROP -
Match the Azure Cloud Services benefit to the correct description.
Instructions: To answer, drag the appropriate benefit from the column on the left to its
description on the right. Each benefit may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:

Correct
Answer:
Box 1:
Fault tolerance is the ability of a service to remain available after a failure of one of the
components of the service. For example, a service running on multiple servers can withstand
the failure of one of the servers.
Box 2:
Disaster recovery is the recovery of a service after a failure. For example, restoring a virtual
machine from backup after a virtual machine failure.
Box 3:
Dynamic scalability is the ability for compute resources to be added to a service when the
service is under heavy load. For example, in a virtual machine scale set, additional instances of
the virtual machine are added when the existing virtual machines are under heavy load.
Box 4:
Latency is the time a service to respond to requests. For example, the time it takes for a web
page to be returned from a web server. Low latency means low response time which means a
quicker response.
References:
https://msdn.microsoft.com/en-us/magazine/mt422582.aspx
https://searchdisasterrecovery.techtarget.com/definition/cloud-disaster-recovery-cloud-DR
http://www.siasmsp.com/the-benefit-of-scalability-in-cloud-computing-2/
https://azure.microsoft.com/en-in/overview/what-is-cloud-computing/
Question #22Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
It is not true that a company must always migrate from an internal network to implement a
hybrid cloud. You could start with a public cloud and then combine that with an on-premise
infrastructure to implement a hybrid cloud.
Box 2: Yes -
A company can extend the computing resources of its internal network by using the public
cloud. This is very common. When you need more resources, rather than pay out for new on-
premises infrastructure, you can configure a cloud environment and connect your on-premises
network to the cloud environment by using a VPN.
Box 3: No -
It is not true that only guest users can access cloud resources. You can give anyone with an
account in Azure Active Directory access to the cloud resources.
There are many authentication scenarios but a common one is to replicate your on-premises
Active Directory accounts to Azure Active Directory and provide access to the Azure Active
Directory accounts. Another commonly used authentication method is ‫ג‬€˜Federation‫ג‬€™ where
authentication for access to cloud resources is passed to another authentication provider such
as an on-premises Active Directory.
Reference:
Question #23Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Question #24Topic 1
Your company has an on-premises network that contains multiple servers.
The company plans to reduce the following administrative responsibilities of network
administrators:
✑ Backing up application data
✑ Replacing failed server hardware
✑ Managing physical server security
✑ Updating server operating systems
✑ Managing permissions to shared documents
The company plans to migrate several servers to Azure virtual machines.
You need to identify which administrative responsibilities will be eliminated after the planned
migration.
Which two responsibilities should you identify? Each correct answer presents a complete
solution.
 A. Replacing failed server hardware

 B. Backing up application data
 C. Managing physical server security
 D. Updating server operating systems
 E. Managing permissions to shared documents

Correct Answer: AC
Azure virtual machines run on Hyper-V physical servers. The physical servers are owned and
managed by Microsoft. As an Azure customer, you have no access to the physical servers.
Microsoft manage the replacement of failed server hardware and the security of the physical
servers so you don‫ג‬€™t need to.
Incorrect Answers:
B: Microsoft have no control over the applications you run on the virtual machines. Therefore, it
is your responsibility to ensure that application data is backed up.
D: Microsoft do not manage the operating systems you run on the virtual machines. Therefore,
it is your responsibility to ensure that the operating systems are updated.
E: Microsoft have no control over the shared folders you host on the virtual machines.
Therefore, it is your responsibility to ensure that folder permissions are configured
appropriately.
Question #25Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
One of the major changes that you will face when you move from on-premises cloud to the
public cloud is the switch from capital expenditure (buying hardware) to operating expenditure
(paying for service as you use it).
Box 1: No -
With the pay-as-go model, you pay for services as you use them. This is Opex (Operational
Expenditure), not CapEx (Captial Expenditure). CapEx is where you pay for something upfront.
For example, buying a new physical server.
Box 2: No -
Paying for electricity for your own datacenter will be classed as CapEx, not OpEx.
Box 3: Yes -
Deploying your own datacenter is an example of CapEx. This is because you need to purchase
all the infrastructure upfront before you can use it.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Question #26Topic 1
You plan to provision Infrastructure as a Service (IaaS) resources in Azure.
Which resource is an example of IaaS?
 A. an Azure web app

 B. an Azure virtual machine
 C. an Azure logic app
 D. an Azure SQL database

Correct Answer: B
An Azure virtual machine is an example of Infrastructure as a Service (IaaS).
Azure web app, Azure logic app and Azure SQL database are all examples of Platform as a
Service (Paas).
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-iaas/
Question #27Topic 1
To which cloud models can you deploy physical servers?
 A. private cloud and hybrid cloud only

 B. private cloud only
 C. private cloud, hybrid cloud and public cloud
 D. hybrid cloud only

Correct Answer: A
A private cloud is on-premises so you can deploy physical servers.
A hybrid cloud is a mix of on-premise and public cloud resources. You can deploy physical
servers on-premises.
Reference:
Question #28Topic 1
DRAG DROP -
Match the cloud model to the correct advantage.
Instructions: To answer, drag the appropriate cloud model from the column on the left to its
advantage on the right. Each cloud model may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point
Select and Place:

Correct
Answer:
Box 1: Public Cloud -

With a public cloud, there is no capital expenditure on server hardware etc. You only pay for
cloud resources that you use as you use them.
Box 2: Private Cloud -

A private cloud exists on premises, so you have complete control over security.
Box 3: Hybrid Cloud -
A hybrid cloud is a mix of public cloud resources and on-premises resources. Therefore, you
have a choice to use either.
Question #29Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the
public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This
would create a hybrid cloud.
Box 2: Yes -
A hybrid cloud is a combination of a private cloud and public cloud. Therefore, to create a
hybrid cloud, you must deploy resources to a public cloud.
Box 3: No.
It is not true that a private cloud must be disconnected from the Internet. Private clouds can be
and most commonly are connected to the Internet. ‫ג‬€Private cloud‫ג‬€ means that the physical
servers are managed by you. It does not mean that it is disconnected from the Internet.
Reference:
https://azure.microsoft.com/en-gb/overview/what-are-private-public-hybrid-clouds/
Question #30Topic 1
You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The
on-premises virtual machines and the Azure virtual machines connect to each other.
Which type of cloud model is this?
 A. hybrid
 B. private
 C. public

Correct Answer: A
References:
Question #31Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service
provides an environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have
no direct access to the virtual machine, the operating system or
IIS.
Box 2: Yes -
Box 3: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform
automatically. This is known as autoscaling. Behind the scenes, the web apps are hosted on
virtual machines running IIS. Autoscaling means adding more load balanced virtual machines
to host the web apps.
References:
Question #32Topic 1
solution.
be used in Azure.
Solution: You create Azure virtual machines, Azure SQL databases, and Azure Storage
accounts.
 A. Yes
 B. No

Correct Answer: B
Platform as a service (PaaS) is a complete development and deployment environment in the
cloud. PaaS includes infrastructure ‫ג‬€" servers, storage, and networking ‫ג‬€" but also
middleware, development tools, business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the complete web application lifecycle:
building, testing, deploying, managing, and updating.
However, virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant
computing infrastructure, provisioned and managed over the internet.
References:
https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question #33Topic 1
Your company plans to deploy several custom applications to Azure. The applications will
provide invoicing services to the customers of the company. Each application will have several
prerequisite applications and services installed.
You need to recommend a cloud deployment solution for all the applications.
What should you recommend?
 A. Software as a Service (SaaS)

 B. Platform as a Service (PaaS)
 C. Infrastructure as a Service (laaS)

Correct Answer: C
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and
managed over the internet. The IaaS service provider manages the infrastructure, while you
purchase, install, configure, and manage your own software
Incorrect Answers:
A: Software as a service (SaaS) allows users to connect to and use cloud-based apps over the
Internet. Common examples are email, calendaring, and office tools. In this scenario, you need
to run your own apps, and therefore require an infrastructure.
B:
Platform as a service (PaaS) is a complete development and deployment environment in the
cloud. PaaS includes infrastructure‫ג‬€"servers, storage, and networking‫ג‬€"but also middleware,
development tools, business intelligence (BI) services, database management systems, and
more. PaaS is designed to support the complete web application lifecycle: building, testing,
deploying, managing, and updating.
References:
https://azure.microsoft.com/en-us/overview/what-is-saas/
Question #34Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Building a data center infrastructure is capital expenditure, not operation expenditure.
Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as staff salaries.
Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as leasing software. If you purchased
software as a one-off purchase, that would be CapEx, but leasing software is ongoing so it‫ג‬€™s
OpEx.
Question #35Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.
Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/database-security
Question #36Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://azure.microsoft.com/en-us/overview/what-is-saas/
Question #37Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Box 2: No -
Each resource can exist in only one resource group.
Box 3: Yes -
Resources from multiple different regions can be placed in a resource group. The resource
group only contains metadata about the resources it contains.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
https://www.codeisahighway.com/effective-ways-to-delete-resources-in-a-resource-group-on-
azure/
Question #38Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview
https://docs.microsoft.com/en-us/azure/cosmos-db/account-databases-containers-items
https://www.red-gate.com/simple-talk/cloud/azure/overview-of-azure-cosmos-db
Question #39Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview
Question #40Topic 1
be used in Azure.
You need to deploy an Azure environment that meets the company‫ג‬€™s migration plan.
What should you create?
 A. Azure virtual machines, Azure SQL databases, and Azure Storage accounts.
 B. an Azure App Service and Azure virtual machines that have Microsoft SQL Server
installed.
 C. an Azure App Service and Azure SQL databases.
 D. Azure storage account and web server in Azure virtual machines.

Correct Answer: C
Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore,
this solution does meet the goal.
Question #41Topic 1
What does a customer provide in a software as a service (SaaS) model?
 A. application data
 B. data storage
 C. compute resources
 D. application software

Correct Answer: A
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from
a cloud service provider. You rent the use of an app for your organization and your users
connect to it over the Internet, usually with a web browser. All of the underlying infrastructure,
middleware, app software and app data are located in the service provider‫ג‬€™s data center. The
service provider manages the hardware and software and with the appropriate service
agreement, will ensure the availability and the security of the app and your data as well.
Reference:
https://azure.microsoft.com/en-in/overview/what-is-saas/
Question #42Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-iaas/
https://azure.microsoft.com/en-gb/overview/what-is-saas/
Question #43Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Question #44Topic 1
HOTSPOT -
Hot Area:
Correct
Answer:
A resource group is a logical container for Azure resources. Resource groups make the
management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group,
such as virtual machines, websites, and subnets. The permissions you apply to the resource
group apply to all resources contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/
overview#resource-groups https://docs.microsoft.com/en-us/azure/role-based-access-
control/overview
Question #45Topic 1
solution.
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single
data center fails.
Solution: You deploy the virtual machines to two or more availability zones.
 A. Yes
 B. No

Correct Answer: A
applications and data on your VMs. An Availability Zone is a physically separate zone, within an
Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your
solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a
datacenter. If one zone is compromised, then replicated apps and data are instantly available in
another zone.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/availability
Question #46Topic 1
This question requires that you evaluate the underlined text to determine if it is correct.
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the
platform.
Instructions: Review the underlined text. If it makes the statement correct, select ‫ג‬€No change
is needed‫ג‬€. If the statement is incorrect, select the answer choice that makes the statement
correct.
 A. No change is needed

 B. automatic scaling
 C. data compression
 D. versioning

Correct Answer: A
Azure Data Warehouse (now known as Azure Synapse Analytics) is a PaaS offering from
Microsoft. As with all PaaS services from Microsoft, SQL Data
Warehouse offers an availability SLA of 99.9%. Microsoft can offer 99.9% availability because it
has high availability features built into the platform.
References:
https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-faq
Question #47Topic 1
solution.
data center fails.
Solution: You deploy the virtual machines to two or more regions.
 A. Yes
 B. No
Correct Answer: A
By deploying the virtual machines to two or more regions, you are deploying the virtual
machines to multiple datacenters. This will ensure that the services running on the virtual
machines are available if a single data center fails.
Azure operates in multiple datacenters around the world. These datacenters are grouped in to
geographic regions, giving you flexibility in choosing where to build your applications.
You create Azure resources in defined geographic regions like 'West US', 'North Europe', or
'Southeast Asia'. You can review the list of regions and their locations.
Within each region, multiple datacenters exist to provide for redundancy and availability.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions
Question #48Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
A resource can interact with resources in other resource groups.
Box 2: Yes -
Deleting the resource group will remove the resource group as well as all the resources in that
resource group. This can be useful for the management of resources. For example, a virtual
machine has several components (the VM itself, virtual disks, network adapter etc.). By placing
the VM in its own resource group, you can delete the VM along with all its associated
components by deleting the resource group.
Another example is when creating a test environment. You could place the entire test
environment (Network components, virtual machines etc.) in one resource group. You can then
delete the entire test environment by deleting the resource group.
Box 3: Yes -
Resources from multiple different regions can be placed in a resource group. The resource
group only contains metadata about the resources it contains.
References:
https://www.codeisahighway.com/effective-ways-to-delete-resources-in-a-resource-group-on-
azure/
Question #49Topic 1
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized
by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each correct answer presents a complete
solution.
 A. Azure Data Lake

 B. Azure Cosmos DB
 C. Azure SQL Data Warehouse
 D. Azure SQL Database
 E. Azure Database for PostgreSQL

Correct Answer: AC
You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL
Data Warehouse.
Azure Data Lake includes all of the capabilities required to make it easy for developers, data
scientists and analysts to store data of any size and shape and at any speed, and do all types
of processing and analytics across platforms and languages. It removes the complexities of
ingesting and storing all your data while making it faster to get up and running with batch,
streaming and interactive analytics. It also integrates seamlessly with operational stores and
data warehouses so that you can extend current data applications.
References:
https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-power-bi
https://azure.microsoft.com/en-gb/solutions/data-lake/
https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-power-bi
Question #50Topic 1
HOTSPOT -
You have an Azure environment that contains 10 web apps. To which URL should you connect
to manage all the Azure resources? To answer, select the appropriate options in the answer
area.
Hot Area:

Correct
Answer:
The Azure portal is a web-based management interface where you can view and manage all
your Azure resources in one unified hub, including web apps, databases, virtual machines,
virtual networks, storage and Visual Studio team projects.
The URL of the Azure portal is https://portal.azure.com.
References:
https://azure.microsoft.com/en-gb/features/azure-portal/
Question #51Topic 1
You need to identify the type of failure for which an Azure Availability Zone can be used to
protect access to Azure services.
What should you identify?
 A. a physical server failure

 B. an Azure region failure
 C. a storage failure
 D. an Azure data center failure

Correct Answer: D
applications and data on your VMs. An Availability Zone is a physically separate zone, within an
Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your
solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a
datacenter. If one zone is compromised, then replicated apps and data are instantly available in
another zone.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/availability
Question #52Topic 1
HOTSPOT -
You plan to extend your company‫ג‬€™s network to Azure. The network contains a VPN appliance
that uses an IP address of 131.107.200.1.
You need to create an Azure resource that defines the VPN appliance in Azure.
Which Azure resource should you create? To answer, select the appropriate resource in the
answer area.
Hot Area:

Correct
Answer:
A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A
Virtual Network Gateway is the VPN object at the Azure end of the
VPN. A ‫ג‬€˜connection‫ג‬€™ is what connects the Local Network Gateway and the Virtual Network
Gateway to bring up the VPN.
The local network gateway typically refers to your on-premises location. You give the site a
name by which Azure can refer to it, then specify the IP address of the on-premises VPN device
to which you will create a connection. You also specify the IP address prefixes that will be
routed through the VPN gateway to the VPN device. The address prefixes you specify are the
prefixes located on your on-premises network. If your on-premises network changes or you
need to change the public IP address for the VPN device, you can easily update the values later.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-
resource-manager-portal
Question #53Topic 1
solution.
data center fails.
Solution: You deploy the virtual machines to two or more resource groups.
 A. Yes
 B. No

Correct Answer: B
A resource group is a logical container for Azure resources. When you create a resource group,
you specify which location to create the resource group in.
However, when you create a virtual machine and place it in the resource group, the virtual
machine can still be in a different location (different datacenter).
Therefore, creating multiple resource groups, even if they are in separate datacenters does not
ensure that the services running on the virtual machines are available if a single data center
fails.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/
overview#resource-groups
Question #54Topic 1
solution.
data center fails.
Solution: You deploy the virtual machines to a scale set.
 A. Yes
 B. No

Correct Answer: B
This answer does not specify that the scale set will be configured across multiple data centers
so this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The
number of VM instances can automatically increase or decrease in response to demand or a
defined schedule. Scale sets provide high availability to your applications, and allow you to
centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault
domains to maximize availability and resilience to outages due to data center outages, and
planned or unplanned maintenance events.
Reference:
Question #55Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be
associated with one Azure AD tenant.
Box 2: Yes -
Box 3: No -
If your subscription expires, you lose access to all the other resources associated with the
subscription. However, the Azure AD directory remains in Azure. You can associate and
manage the directory using a different Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-
subscriptions-associated-directory
Question #56Topic 1
Resource groups provide organizations with the ability to manage the compliance of Azure
resources across multiple subscriptions.
correct.

 B. Management groups
 C. Azure policies
 D. Azure App Service plans

Correct Answer: C
Azure policies can be used to define requirements for resource properties during deployment
and for already existing resources. Azure Policy controls properties such as the types or
locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These
policies enforce different rules and effects over your resources, so those resources stay
compliant with your corporate standards and service level agreements. Azure Policy meets this
need by evaluating your resources for non- compliance with assigned policies. All data stored
by Azure Policy is encrypted at rest.
For example, you can have a policy to allow only a certain SKU size of virtual machines in your
environment. Once this policy is implemented, new and existing resources are evaluated for
compliance. With the right type of policy, existing resources can be brought into compliance.
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question #57Topic 1
Your company plans to migrate to Azure. The company has several departments. All the Azure
resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? Each correct answer
presents a complete solution.
 A. multiple subscriptions
 B. multiple Azure Active Directory (Azure AD) directories
 C. multiple regions
 D. multiple resource groups

Correct Answer: AD
An Azure subscription is a container for Azure resources. It is also a boundary for permissions
to resources and for billing. You are charged monthly for all resources in a subscription. A
single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The
resource group can include all the resources for the solution, or only those resources that you
want to manage as a group.
To enable each department administrator to manage the Azure resources used by that
department, you will need to create a separate subscription per department. You can then
assign each department administrator as an administrator for the subscription to enable them
to manage all resources in that subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-
subscription https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-
change-subscription-administrator
Question #58Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: Yes -
You can use the same account to manage multiple subscriptions. You can create an additional
subscription for your account in the Azure portal. You may want an additional subscription to
avoid hitting subscription limits, to create separate environments for security, or to isolate data
for compliance reasons.
Box 2: No -
You cannot merge two subscriptions into a single subscription. However, you can move some
Azure resources from one subscription to another. You can also transfer ownership of a
subscription and change the billing type for a subscription.
Box 3: Yes -
A company can have multiple subscriptions and store resources in the different subscriptions.
However, a resource instance can exist in only one subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-
subscription
Question #59Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
You can move a VM and its associated resources to a different subscription by using the Azure
portal.
Moving between subscriptions can be handy if you originally created a VM in a personal
subscription and now want to move it to your company's subscription to continue your work.
You do not need to start the VM in order to move it and it should continue to run during the
move.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
Question #60Topic 1
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises
network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer
presents part of the solution.
 A. a virtual network gateway
 B. a load balancer
 C. an application gateway
 D. a virtual network
 E. a gateway subnet

Correct Answer: AE
To implement a solution that enables the client computers on your on-premises network to
communicate to the Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway
needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is
known as a gateway subnet and must be named ‫ג‬€˜GatewaySubnet‫ג‬€™.
Note: a virtual network (answer D) is also required. However, as we already have virtual
machines deployed in a Azure, we can assume that the virtual network is already in place.
References:
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-
microsoft-azure-virtual-network
Question #61Topic 1
You attempt to create several managed Microsoft SQL Server instances in an Azure
environment and receive a message that you must increase your Azure subscription limits.
What should you do to increase the limits?
 A. Create a service health alert

 B. Upgrade your support plan
 C. Modify an Azure policy
 D. Create a new support request

Correct Answer: D
Many Azure resource have quote limits. The purpose of the quota limits is to help you control
your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request,
select ‫ג‬€˜Service and subscription limits (quotas)‫ג‬€™ for the Issue type, select your
subscription and the service you want to increase the quota for. For this question, you would
select ‫ג‬€˜SQL Database Managed Instance‫ג‬€™ as the quote type.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-
resource-limits#obtaining-a-larger-quota-for-sql-managed-instance
Question #62Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
You can assign service administrators and co-administrators in the Azure Portal but there can
only be one account administrator.
Box 2: No -
You need an Azure Active Directory account to manage a subscription, not a Microsoft account.
An account is created in the Azure Active Directory when you create the subscription. Further
accounts can be created in the Azure Active Directory to manage the subscription.
Box 3: No -
Resource groups are logical containers for Azure resources. However, resource groups do not
contain subscriptions. Subscriptions contain resource groups.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-
tenants-for-microsoft-cloud-offerings
Question #63Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Availability zones can be used with many Azure services, not just VMs.
Box 3: No -
Availability Zones are unique physical locations within a single Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/availability-zones/az-region#azure-regions-with-
availability-zones
Question #64Topic 1
HOTSPOT -
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the unmanaged data disks of
the virtual machine.
What should you identify? To answer, select the appropriate service in the answer area.
Hot Area:

Correct
Answer:
Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS
and data disks are implemented as virtual disks where data is durably persisted in the Azure
Storage platform and then delivered to the virtual machines for maximum performance. Azure
Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-pageblob-overview
Question #65Topic 1
Your company plans to move several servers to Azure.
The company‫ג‬€™s compliance policy states that a server named FinServer must be on a
separate network segment.
You are evaluating which Azure services can be used to meet the compliance policy
requirements.
Which Azure solution should you recommend?
 A. a resource group for FinServer and another resource group for all the other servers
 B. a virtual network for FinServer and another virtual network for all the other servers
 C. a VPN for FinServer and a virtual network gateway for each other server
 D. one resource group for all the servers and a resource lock for FinServer

Correct Answer: B
Networks in Azure are known as virtual networks. A virtual network can have multiple IP
address spaces and multiple subnets. Azure automatically routes traffic between different
subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to
separate FinServer from the other servers in networking terms is to place the server in a
different virtual network to the other servers.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
Question #66Topic 1
You plan to map a network drive from several computers that run Windows 10 to Azure
Storage.
You need to create a storage solution in Azure for the planned mapped drive.
 A. an Azure SQL database

 B. a virtual machine data disk
 C. a File service in a storage account
 D. a Blob service in a storage account

Correct Answer: C
Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly
used in Windows and Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a
drive letter or mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows
Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos
authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity, although
this is a feature we are working on.
Instead, you must access your Azure file share with the storage account key for the storage
account containing your Azure file share. A storage account key is an administrator key for a
storage account, including administrator permissions to all files and folders within the file
share you're accessing, and for all file shares and other storage resources (blobs, queues,
tables, etc) contained within your storage account.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
Question #67Topic 1
HOTSPOT -
You plan to implement an Azure database solution.
You need to implement a database solution that meets the following requirements:
✑ Can add data concurrently from multiple regions
✑ Can store JSON documents
Which database service should you deploy? To answer, select the appropriate service in the
answer area.
Hot Area:

Correct
Answer:
Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With a click
of a button, Cosmos DB enables you to elastically and independently scale throughput and
storage across any number of Azure regions worldwide.
Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure
Functions, Cosmos DB makes storing data quick and easy with much less code than required
for storing data in a relational database.
References:
https://docs.microsoft.com/en-us/azure/cosmos-db/introduction
https://docs.microsoft.com/en-us/azure/azure-functions/functions-integrate-store-
unstructured-data-cosmosdb?tabs=csharp
Question #68Topic 1
Your company plans to migrate all its network resources to Azure.
You need to start the planning process by exploring Azure.
What should you create first?
 A. a subscription
 B. a resource group
 C. a virtual network
 D. a management group

Correct Answer: A
The first thing you create in Azure is a subscription. You can think of an Azure subscription as
an ‫ג‬€˜Azure account‫ג‬€™. You get billed per subscription.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or
services, for which charges accrue based on either a per-user license fee or on cloud-based
resource consumption.
✑ Microsoft's Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS,
and Dynamics 365) charge per-user license fees.
✑ Microsoft's Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud
offerings (Azure) charge based on cloud resource consumption.
You can also use a trial subscription, but the subscription expires after a specific amount of
time or consumption charges. You can convert a trial subscription to a paid subscription.
Organizations can have multiple subscriptions for Microsoft's cloud offerings.
References:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-
tenants-for-microsoft-cloud-offerings
Question #69Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Azure resources deployed to a single resource group can be located in different regions. The
resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You
may be wondering, "Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the
resource group location matter at all?" The resource group stores metadata about the
resources. When you specify a location for the resource group, you're specifying where that
metadata is stored. For compliance reasons, you may need to ensure that your data is stored in
a particular region.
Box 2: No -
Tags for Resources are not inherited by default from their Resource Group
Box 3: Yes -
A resource group can be used to scope access control for administrative actions. By default,
permissions set at the resource level are inherited by the resources in the resource group.
Reference:
Question #70Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs
compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can't be read, overwritten, or
modified. To read or download a blob in archive, you must first rehydrate it to an online tier.
Example usage scenarios for the archive access tier include:
✑ Long-term backup, secondary backup, and archival datasets
✑ Original (raw) data that must be preserved, even after it has been processed into final usable
form.
✑ Compliance and archival data that needs to be stored for a long time and is hardly ever
accessed.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-
portal#archive-access-tier
Question #71Topic 1
HOTSPOT -
You plan to deploy a critical line-of-business application to Azure.
The application will run on an Azure virtual machine.
You need to recommend a deployment solution for the application. The solution must provide a
guaranteed availability of 99.99 percent.
What is the minimum number of virtual machines and the minimum number of availability
zones you should recommend for the deployment? To answer, select the appropriate options in
the answer area.
Hot Area:

Correct Answer:
You need a minimum of two virtual machines with each one located in a different availability
zone.
Availability Zones is a high-availability offering that protects your applications and data from
datacenter failures. Availability Zones are unique physical locations within an Azure region.
Each zone is made up of one or more datacenters equipped with independent power, cooling,
and networking. To ensure resiliency, there‫ג‬€™s a minimum of three separate zones in all
enabled regions. The physical separation of Availability Zones within a region protects
applications and data from datacenter failures. Zone-redundant services replicate your
applications and data across Availability Zones to protect from single-points-of-failure. With
Availability
Zones, Azure offers industry best 99.99% VM uptime SLA.
References:
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Question #72Topic 1
Which Azure service should you use to collect events from multiple resources into a centralized
repository?
 A. Azure Event Hubs

 B. Azure Analysis Services
 C. Azure Monitor
 D. Azure Stream Analytics
Correct Answer: A
Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive
and process millions of events per second. Data sent to an event hub can be transformed and
stored by using any real-time analytics provider or batching/storage adapters.
Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to
get actionable insights. Event Hubs uses a partitioned consumer model, enabling multiple
applications to process the stream concurrently and letting you control the speed of
processing.
Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or
Azure Data Lake Storage‫ג‬€‰for long-term retention or micro-batch processing.
Reference:
https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about
Question #73Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Question #74Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: Yes -
There are different replication options available with a storage account. The ‫ג‬€˜minimum‫ג‬€™
replication option is Locally Redundant Storage (LRS). With LRS, data is replicated
synchronously three times within the primary region.
Box 2: No -
Data is not backed up automatically to another Azure Data Center although it can be depending
on the replication option configured for the account. Locally
Redundant Storage (LRS) is the default which maintains three copies of the data in the data
center.
Geo-redundant storage (GRS) has cross-regional replication to protect against regional
outages. Data is replicated synchronously three times in the primary region, then replicated
asynchronously to the secondary region.
Box 3: No -
The limits are much higher than that. The current storage limit is 2 PB for US and Europe, and
500 TB for all other regions (including the UK) with no limit on the number of files.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
Question #75Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Regions that support availability zones support Linux virtual machines.
Box 3: Yes -
Each zone is made up of one or more datacenters equipped with independent power, cooling,
and networking. To ensure resiliency, there‫ג‬€™s a minimum of three separate zones in all
enabled regions. The physical separation of Availability Zones within a region protects
applications and data from datacenter failures. Zone-redundant services replicate your
applications and data across Availability Zones to protect from single-points-of-failure. With
Availability
Zones, Azure offers industry best 99.99% VM uptime SLA.
References:
https://docs.microsoft.com/en-gb/azure/availability-zones/az-overview
Question #76Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
North America has several Azure regions, including West US, Central US, South Central US, East
Us, and Canada East.
Box 2: Yes -
A region is a set of datacenters deployed within a latency-defined perimeter and connected
through a dedicated regional low-latency network.
Box 3: No -
Outbound data transfer is charged at the normal rate and inbound data transfer is free.
References:
https://azure.microsoft.com/en-us/global-infrastructure/regions/
https://azure.microsoft.com/en-us/pricing/details/bandwidth/
Question #77Topic 1
solution.
data center fails.
Solution: You deploy the virtual machines to two or more scale sets.
 A. Yes
 B. No

Correct Answer: B
This answer does not specify that the scale set will be configured across multiple data centers
so this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The
number of VM instances can automatically increase or decrease in response to demand or a
defined schedule. Scale sets provide high availability to your applications, and allow you to
centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault
domains to maximize availability and resilience to outages due to data center outages, and
planned or unplanned maintenance events.
Reference:
Question #78Topic 1
You need to be notified when Microsoft plans to perform maintenance that can affect the
resources deployed to an Azure subscription.
What should you use?
 A. Azure Monitor
 B. Azure Service Health
 C. Azure Advisor
 D. Microsoft Trust Center

Correct Answer: B
Azure Service Health provides a personalized view of the health of the Azure services and
regions you're using. This is the best place to look for service impacting communications about
outages, planned maintenance activities, and other health advisories because the
authenticated Service Health experience knows which services and resources you currently
use.
Reference:
https://docs.microsoft.com/en-us/azure/service-health/overview
Question #79Topic 1
DRAG DROP -
Match the Azure Services service to the correct description.
Instructions: To answer, drag the appropriate service from the column on the left to its
description on the right. Each service may be used once, more than once, or not at all.
Select and Place:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure-sphere/product-overview/what-is-azure-sphere
https://docs.microsoft.com/en-us/azure/iot-central/core/overview-iot-central
https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub
Question #80Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/overview
Question #81Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://blog.abouttmc.com/azure-cloud-total-cost-of-ownership
Question #82Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
applications and data on your VMs. Availability Zones are unique physical locations within an
Azure region. Each zone is made up of one or more datacenters equipped with independent
power, cooling, and networking. To ensure resiliency, there are a minimum of three separate
zones in all enabled regions. The physical separation of Availability Zones within a region
protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your
solutions to use replicated VMs in zones, you can protect your applications and data from the
loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly
available in another zone.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Question #83Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
A subscription can have multiple administrators, but there can only be one account
administrator.
Box 2: Yes -
An Azure subscription is linked to a single account, the one that was used to create the
subscription and is used for billing purposes. You can have more than one subscription.
Box 3: No -
A subscription can contain multiple resource groups but a resource group can only belong to
one subscription. Resource groups can contain multiple resources.
Reference:
https://k21academy.com/microsoft-azure/az-900/az-900-azure-subscriptions/
https://azure.microsoft.com/en-us/blog/organizing-subscriptions-and-resource-groups-within-
the-enterprise/
Question #84Topic 1
An Azure region contains one or more data centers that are connected by using a low-latency
network.
correct.

 B. Is found in each country where Microsoft has a subsidiary office
 C. Can be found in every country in Europe and the Americas only
 D. Contains one or more data centers that are connected by using a high-latency
network

Correct Answer: A
A region is a set of data centres deployed within a latency-defined perimeter and connected
through a dedicated regional low-latency network.
Microsoft Azure currently has 55 regions worldwide.
Regions are divided into Availability Zones. Availability Zones are physically separate locations
within an Azure region. Each Availability Zone is made up of one or more datacenters equipped
with independent power, cooling, and networking.
References:
https://azure.microsoft.com/en-gb/global-infrastructure/regions/
Question #85Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-
membership https://petri.com/understanding-hybrid-azure-active-directory-join
Question #86Topic 1
You need to ensure that the services running on the virtual machines remain available if a
single data center fails.
What are two possible solutions? Each correct answer presents a complete solution.
 A. Deploy the virtual machines to two or more availability zones.

 B. Deploy the virtual machines to two or more resource groups.
 C. Deploy the virtual machines to a scale set.
 D. Deploy the virtual machines to two or more regions.

Correct Answer: AD
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions
Question #87Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual
machines in a virtual network can connect to the other virtual machines in the same virtual
network. Even if the virtual machines are on separate subnets within the virtual network, they
can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual
machine must be deployed to a separate virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Question #88Topic 1
DRAG DROP -
Match the Azure service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the
right. Each service may be used once, more than once, or not at all.
Select and Place:

Correct
Answer:
Question #89Topic 1
DRAG DROP -
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its
Select and Place:

Correct
Answer:
Box 1:
Azure Functions provides the platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without
having to explicitly provision or manage infrastructure.
Box 2:
Azure Databricks is a big analysis service for machine learning.
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of
several components including ‫ג‬€˜MLib‫ג‬€™. Mlib is a Machine Learning library consisting of
common learning algorithms and utilities, including classification, regression, clustering,
collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.
Box 3:
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance
Management (APM) service for developers and DevOps professionals.
Use it to monitor your live applications. It will automatically detect performance anomalies, and
includes powerful analytics tools to help you diagnose issues and to understand what users
actually do with your app.
Box 4:
Azure App Service hosts web apps.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and
mobile back ends. You can develop in your favorite language, be it
.NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on
both Windows and Linux-based environments.
References:
https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-
spark-based-analytics-platform
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://docs.microsoft.com/en-us/azure/app-service/overview
Question #90Topic 1
A team of developers at your company plans to deploy, and then remove, 50 customized virtual
machines each week. Thirty of the virtual machines run Windows
Server 2016 and 20 of the virtual machines run Ubuntu Linux.
You need to recommend which Azure service will minimize the administrative effort required to
deploy and remove the virtual machines.
 A. Azure Reserved Virtual Machines (VM) Instances

 B. Azure virtual machine scale sets
 C. Azure DevTest Labs
 D. Microsoft Managed Desktop

Correct Answer: C
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager
templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the
following tasks:
✑ Quickly provision Windows and Linux environments by using reusable templates and
artifacts.
✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand
environments.
✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned
environments for training and demos.
Reference:
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
Question #91Topic 1
A support engineer plans to perform several Azure management tasks by using the Azure CLI.
You install the CLI on a computer.
You need to tell the support engineer which tools to use to run the CLI.
Which two tools should you instruct the support engineer to use? Each correct answer presents
a complete solution.
 A. Command Prompt
 B. Azure Resource Explorer
 C. Windows PowerShell
 D. Windows Defender Firewall
 E. Network and Sharing Center

Correct Answer: AC
For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through
the Windows Command Prompt (CMD) or PowerShell.
References:
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
Question #92Topic 1
solution.
You have an Azure environment. You need to create a new Azure virtual machine from a tablet
that runs the Android operating system.
Solution: You use PowerShell in Azure Cloud Shell.
 A. Yes
 B. No

Correct Answer: A
Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.
Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure
resources without the overhead of installing, versioning, and maintaining a machine yourself.
Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the
Android operating system.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/features
Question #93Topic 1
solution.
Solution: You use the PowerApps portal.
 A. Yes
 B. No

Correct Answer: B
PowerApps lets you quickly build business applications with little or no code. It is not used to
create Azure virtual machines. Therefore, this solution does not meet the goal.
PowerApps Portals allow organizations to create websites which can be shared with users
external to their organization either anonymously or through the login provider of their choice
like LinkedIn, Microsoft Account, other commercial login providers.
References:
https://powerapps.microsoft.com/en-us/blog/introducing-powerapps-portals-powerful-low-
code-websites-for-external-users/
Question #94Topic 1
solution.
Solution: You use the Azure portal.
 A. Yes
 B. No

Correct Answer: A
The Azure portal is a web-based, unified console that provides an alternative to command-line
tools. With the Azure portal, you can manage your Azure subscription using a graphical user
interface. You can build, manage, and monitor everything from simple web apps to complex
cloud deployments. Create custom dashboards for an organized view of resources. Configure
accessibility options for an optimal experience.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android
operating system.
References:
https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
Question #95Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of

several components including ‫ג‬€˜MLib‫ג‬€™. Mlib is a Machine Learning library consisting of
common learning algorithms and utilities, including classification, regression, clustering,
collaborative filtering, dimensionality reduction, as well as underlying optimization primitives.
Reference:
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-
spark-based-analytics-platform
Question #96Topic 1
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: Yes -
Azure Monitor maximizes the availability and performance of your applications and services by
delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your
cloud and on-premises environments.
Box 2: Yes -
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to
take corrective action.
Box 3: Yes -
Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A
target can be any Azure resource. Example targets: a virtual machine, a storage account, a
virtual machine scale set, a Log Analytics workspace, or an Application Insights resource.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-overview
Question #97Topic 1
Which Azure service provides a set of version control tools to manage code?
 A. Azure Repos
 B. Azure DevTest Labs
 C. Azure Storage
 D. Azure Cosmos DB

Correct Answer: A
Azure Repos is a set of version control tools that you can use to manage your code.
Incorrect Answers:
B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource
Manager templates. These have all the necessary tools and software that you can use to create
environments.
D: Azure Cosmos DB is Microsoft's globally distributed, multi-model database service.
References:
https://docs.microsoft.com/en-us/azure/devops/repos/get-started/what-is-repos?view=azure-
devops
Question #98Topic 1
HOTSPOT -
You need to manage Azure by using Azure Cloud Shell.
Which Azure portal icon should you select? To answer, select the appropriate icon in the
answer area.
Hot Area:
Correct
Answer:
You can access Azure Cloud Shell in the Azure portal by clicking the icon.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure
resources. It provides the flexibility of choosing the shell experience that best suits the way you
work, either Bash or PowerShell.
Cloud Shell enables access to a browser-based command-line experience built with Azure
management tasks in mind.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/overview?view=azure-cli-latest
Question #99Topic 1
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US
Azure region.
Which Azure service should you use from the Azure portal to view service failure notifications
that can affect the availability of VM1?
 A. Azure Service Fabric

 B. Azure Monitor
 C. Azure virtual machines
 D. Azure Advisor

Correct Answer: C
In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status.
This column will display service issues that could affect your virtual machine. A service failure
is rare but host server maintenance that could affect your virtual machines is more common.
Azure periodically updates its platform to improve the reliability, performance, and security of
the host infrastructure for virtual machines. The purpose of these updates ranges from
patching software components in the hosting environment to upgrading networking
components or decommissioning hardware.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates
Question #100Topic 1
solution.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.
 A. Yes
 B. No

Correct Answer: B
A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script
needs to be run in PowerShell.
PowerShell can now be installed on Linux. However, the question states that the computer has
Azure CLI tools, not PowerShell installed. Therefore, this solution does not meet the goal.
References:
https://docs.microsoft.com/en-us/powershell/scripting/components/ise/how-to-write-and-run-
scripts-in-the-windows-powershell-ise?view=powershell-6
solution.
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
 A. Yes
 B. No

Correct Answer: A
With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You
log in to the Azure Portal and select the Azure Cloud Shell option.
This will open a PowerShell session in the Web browser. The Azure Cloud Shell has the
necessary Azure PowerShell module installed.
Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory
where the PowerShell script is stored.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart-powershell
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: Yes -
Azure Service Health consists of three components: Azure Status, Azure Service Heath and
Azure Resource Health.
Azure service health provides a personalized view of the health of the Azure services and
regions you're using. This is the best place to look for service impacting communications about
outages, planned maintenance activities, and other health advisories because the
authenticated Azure Service Health experience knows which services and resources you
currently use.
To view the health of all other services available in Azure, you would use the Azure Status
component of Azure Service Health. Azure status informs you of service outages in Azure on
the Azure Status page. The page is a global view of the health of all Azure services across all
Azure regions.
Box 2: Yes -
The best way to use Service Health is to set up Service Health alerts to notify you via your
preferred communication channels when service issues, planned maintenance, or other
changes may affect the Azure services and regions you use.
Box 3: No -
You can use Resource Health to view the health of a virtual machine. However, you cannot use
Resource Health to prevent a service failure affecting the virtual machine.
Azure resource health provides information about the health of your individual cloud resources
such as a specific virtual machine instance.
References:
https://docs.microsoft.com/en-us/azure/service-health/overview
solution.
Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0
installed.
 A. Yes
 B. No

Correct Answer: A
In this question, the computer has PowerShell Core 6.0 installed. Therefore, this solution does
meet the goal.
Note: To create Azure resources using PowerShell, you would need to import the Azure
PowerShell module which includes the PowerShell cmdlets required to create the resources.
References:
HOTSPOT -
You need to view a list of planned maintenance events that can affect the availability of an
Azure subscription.
Which blade should you use from the Azure portal? To answer, select the appropriate blade in
the answer area.
Hot Area:
Correct Answer:
On the Help and Support blade, there is a Service Health option. If you click Service Health, a
new blade opens. The Service Health blade contains the Planned
Maintenance link which opens a blade where you can view a list of planned maintenance events
that can affect the availability of an Azure subscription.
DRAG DROP -
Match the Azure service to the correct definition.
Select and Place:

Correct
Answer:
Box 1: Azure DevOps.

Azure DevOps is Microsoft‫ג‬€™s primary software development and deployment platform.
DevOps influences the application lifecycle throughout its plan, develop, deliver and operate
phases.
Box 2: Azure Advisor.
Advisor is a personalized cloud consultant that helps you follow best practices to optimize your
Azure deployments. It analyzes your resource configuration and usage telemetry and then
recommends solutions that can help you improve the cost effectiveness, performance, high
availability, and security of your Azure resources.
Box 3: Azure Cognitive Services.
Azure Cognitive Services are APIs, SDKs, and services available to help developers build
intelligent applications without having direct AI or data science skills or knowledge. Azure
Cognitive Services enable developers to easily add cognitive features into their applications.
The goal of Azure Cognitive Services is to help developers create applications that can see,
hear, speak, understand, and even begin to reason. The catalog of services within Azure
Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web
Search, and Decision.
Box 4. Azure Application Insights.
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance
Management (APM) service for developers and DevOps professionals.
Use it to monitor your live applications. It will automatically detect performance anomalies, and
includes powerful analytics tools to help you diagnose issues and to understand what users
actually do with your app.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://azure.microsoft.com/en-gb/overview/what-is-devops/ https://docs.microsoft.com/en-
us/azure/advisor/advisor-overview https://docs.microsoft.com/en-us/azure/cognitive-
services/welcome
DRAG DROP -
Match the Azure service to the correct description.
Select and Place:

Correct
Answer:
Box 1: Azure SQL Database -

SQL Server is a relational database service. Azure SQL Database is a managed SQL Server
Database in Azure. The SQL Server is managed by Microsoft; you just have access to the
database.
Box 2: Azure SQL Synapse Analytics
Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-
a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively
parallel processing) relational database technology in the same class of competitors as
Amazon Redshift or Snowflake. Azure SQL
Synapse Analytics is an important component of the Modern Data Warehouse multi-platform
architecture. Because Azure SQL Synapse Analytics is an MPP system with a shared-nothing
architecture across distributions, it is meant for large-scale analytical workloads which can
take advantage of parallelism.
Box 3: Azure Data Lake Analytics
You can process big data jobs in seconds with Azure Data Lake Analytics. You can process
petabytes of data for diverse workload categories such as querying,
ETL, analytics, machine learning, machine translation, image processing and sentiment
analysis by leveraging existing libraries written in .NET languages, R or
Python.
Box 4: Azure HDInsight.
Apache Hadoop was the original open-source framework for distributed processing and
analysis of big data sets on clusters. The Hadoop ecosystem includes related software and
utilities, including Apache Hive, Apache HBase, Spark, Kafka, and many others.
Azure HDInsight is a fully managed, full-spectrum, open-source analytics service in the cloud
for enterprises. The Apache Hadoop cluster type in Azure HDInsight allows you to use HDFS,
YARN resource management, and a simple MapReduce programming model to process and
analyze batch data in parallel.
Reference:
https://azure.microsoft.com/en-us/services/sql-database/
https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-
what-is https://docs.microsoft.com/bs-latn-ba/azure/hdinsight/hadoop/apache-hadoop-
introduction https://www.blue-granite.com/blog/is-azure-sql-data-warehouse-a-good-fit-
updated https://azure.microsoft.com/en-gb/services/data-lake-analytics/
HOTSPOT -
You need to identify which blades in the Azure portal must be used to perform the following
tasks:
✑ View security recommendations.
✑ Monitor the health of Azure services.
✑ Browse available virtual machine images.
Which blade should you identify for each task? To answer, select the appropriate options in the
answer area.
Hot Area:

Correct
Answer:
Box 1:
Azure Monitor is used to monitor the health of Azure services.
Azure Monitor maximizes the availability and performance of your applications and services by
delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your
cloud and on-premises environments. It helps you understand how your applications are
performing and proactively identifies issues affecting them and the resources they depend on.
Box 2:
You can browse available virtual machine images in the Azure Marketplace.
Azure Marketplace provides access and information on solutions and services available from
Microsoft and their partners. Customers can discover, try, or buy cloud software solutions built
on or for Azure. The catalog of 8,000+ listings provides Azure building blocks, such as Virtual
Machines (VMs), APIs, Azure apps,
Solution Templates and managed applications, SaaS apps, containers, and consulting services.
Box 3.
Azure Advisor displays security recommendations.
Azure Advisor provides you with a consistent, consolidated view of recommendations for all
your Azure resources. It integrates with Azure Security Center to bring you security
recommendations. You can get security recommendations from the Security tab on the Advisor
dashboard.
Security Center helps you prevent, detect, and respond to threats with increased visibility into
and control over the security of your Azure resources. It periodically analyzes the security state
of your Azure resources. When Security Center identifies potential security vulnerabilities, it
creates recommendations. The recommendations guide you through the process of configuring
the controls you need.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
https://docs.microsoft.com/en-us/azure/marketplace/marketplace-faq-publisher-guide
https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations
solution.
Solution: You use Bash in Azure Cloud Shell.
 A. Yes
 B. No

Correct Answer: A
With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure
resources. It provides the flexibility of choosing the shell experience that best suits the way you
work, either Bash or PowerShell.
Reference:
https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart
https://docs.microsoft.com/en-us/azure/cloud-shell/overview
You have an on-premises application that sends email notifications automatically based on a
rule.
You plan to migrate the application to Azure.
You need to recommend a serverless computing solution for the application.
 A. a web app

 B. a server image in Azure Marketplace
 C. a logic app
 D. an API app

Correct Answer: C
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks,
business processes, and workflows when you need to integrate apps, data, systems, and
services across enterprises or organizations. Logic Apps simplifies how you design and build
scalable solutions for app integration, data integration, system integration, enterprise
application integration (EAI), and business-to-business (B2B) communication, whether in the
cloud, on premises, or both.
For example, here are just a few workloads you can automate with logic apps:
✑ Process and route orders across on-premises systems and cloud services.
✑ Send email notifications with Office 365 when events happen in various systems, apps, and
services.
✑ Move uploaded files from an SFTP or FTP server to Azure Storage.
✑ Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for
items that need review.
References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
You plan to deploy a website to Azure. The website will be accessed by users worldwide and
will host large video files.
You need to recommend which Azure feature must be used to provide the best video playback
experience.
 A. an application gateway

 B. an Azure ExpressRoute circuit
 C. a content delivery network (CDN)
 D. an Azure Traffic Manager profile

Correct Answer: C
The question states that users are located worldwide and will be downloading large video files.
The video playback experience would be improved if they can download the video from servers
in the same region as the users. We can achieve this by using a content deliver network.
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver
web content to users. CDNs store cached content on edge servers in point-of-presence (POP)
locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering
high-bandwidth content to users by caching their content at strategically placed physical nodes
across the world. Azure CDN can also accelerate dynamic content, which cannot be cached, by
leveraging various network optimizations using CDN POPs. For example, route optimization to
bypass Border Gateway Protocol (BGP).
The benefits of using Azure CDN to deliver web site assets include:
✑ Better performance and improved user experience for end users, especially when using
applications in which multiple round-trips are required to load content.
✑ Large scaling to better handle instantaneous high loads, such as the start of a product
launch event.
✑ Distribution of user requests and serving of content directly from edge servers so that less
traffic is sent to the origin server.
References:
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Your company plans to deploy several million sensors that will upload data to Azure.
You need to identify which Azure resources must be created to support the planned solution.
Which two Azure resources should you identify? Each correct answer presents part of the
solution.
 A. Azure Data Lake

 B. Azure Queue storage
 C. Azure File Storage
 D. Azure IoT Hub
 E. Azure Notification Hubs

Correct Answer: AD
IoT Hub (Internet of things Hub) provides data from millions of sensors.
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-
directional communication between your IoT application and the devices it manages. You can
use Azure IoT Hub to build IoT solutions with reliable and secure communications between
millions of IoT devices and a cloud- hosted solution backend. You can connect virtually any
device to IoT Hub.
There are two storage services IoT Hub can route messages to -- Azure Blob Storage and Azure
Data Lake Storage Gen2 (ADLS Gen2) accounts. Azure Data
Lake Storage accounts are hierarchical namespace-enabled storage accounts built on top of
blob storage. Both of these use blobs for their storage.
References:
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c
You have an Azure web app.
You need to manage the settings of the web app from an iPhone.
What are two Azure management tools that you can use? Each correct answer presents a
complete solution.
 A. Azure CLI
 B. the Azure portal
 C. Azure Cloud Shell
 D. Windows PowerShell
 E. Azure Storage Explorer

Correct Answer: BC
The Azure portal is the web-based portal for managing Azure. Being web-based, you can use
the Azure portal on an iPhone.
Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure
Cloud Shell from the Azure portal. Being web-based, you can use the
Azure Cloud Shell on an iPhone.
Incorrect Answers:
A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.
D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.
E: Azure Storage Explorer is not used to manage Azure web apps.
References:
http://www.deployazure.com/management/managing-azure-from-ipad/
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.
What should the company use to build, test, and deploy predictive analytics solutions?
 A. Azure Logic Apps

 B. Azure Machine Learning Designer
 C. Azure Batch
 D. Azure Cosmos DB

Correct Answer: B
Azure Machine Learning designer lets you visually connect datasets and modules on an
interactive canvas to create machine learning models.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/concept-designer
HOTSPOT -
Hot Area:

Correct
Answer:
Box 1: No -
Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup.
Azure Advisor does however, generate a list of virtual that ARE
NOT protected by Azure Backup. You can view a list of virtual machines that are protected by
Azure Backup by viewing the Protected Items in the Azure Recovery
Services Vault.
Box 2: No -
If you implement the security recommendations, you company‫ג‬€™s score will increase, not
decrease.
Box 3: No -
There is no requirement to implement the security recommendations provided by Azure
Advisor. The recommendations are just that, ‫ג‬€˜recommendations‫ג‬€™. They are not ‫ג‬
€˜requirements‫ג‬€™.
References:
https://azure.microsoft.com/en-gb/blog/advisor-backup-recommendations/
https://docs.microsoft.com/en-us/azure/advisor/advisor-overview
https://microsoft.github.io/AzureTipsAndTricks/blog/tip173.html
What can you use to automatically send an alert if an administrator stops an Azure virtual
machine?
 A. Azure Advisor
 B. Azure Service Health
 C. Azure Monitor
 D. Azure Network Watcher

Correct Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-alerts
DRAG DROP -
Match the Azure services to the correct descriptions.
NOTE: Each correct match is worth one point
Select and Place:

Correct
Answer:
Box 1: Azure SQL Synapse Analytics

Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-
a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively
parallel processing) relational database technology in the same class of competitors as
Amazon Redshift or Snowflake. Azure SQL
Synapse Analytics is an important component of the Modern Data Warehouse multi-platform
architecture. Because Azure SQL Synapse Analytics is an MPP system with a shared-nothing
architecture across distributions, it is meant for large-scale analytical workloads which can
take advantage of parallelism.
Box 2:
Azure Machine Learning uses past trainings to provide predictions that have high probability.
Machine learning is a data science technique that allows computers to use existing data to
forecast future behaviors, outcomes, and trends. By using machine learning, computers learn
without being explicitly programmed.
Forecasts or predictions from machine learning can make apps and devices smarter. For
example, when you shop online, machine learning helps recommend other products you might
want based on what you've bought.
Box 3:
Azure Functions provides serverless computing functionalities.
Box 4:
device to IoT Hub.
Reference:
https://azure.microsoft.com/en-gb/services/synapse-analytics/
https://docs.microsoft.com/en-us/azure/machine-learning/overview-what-is-azure-ml
https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub https://docs.microsoft.com/en-
us/azure/azure-functions/functions-overview
You have an Azure environment.
You need to create a new Azure virtual machine from a tablet that runs the Android operating
system.
What are three possible solutions? Each correct answer presents a complete solution.
 A. Use Bash in Azure Cloud Shell.

 B. Use PowerShell in Azure Cloud Shell.
 C. Use the PowerApps portal.
 D. Use the Security & Compliance admin center.
 E. Use the Azure portal.

Correct Answer: ABE
The Android tablet device will have a web browser (Chrome). That‫ג‬€™s enough to connect to
the Azure portal.
The Azure portal offers three ways to create a VM:
✑ Using the graphical portal.
✑ Using the Azure Cloud Shell using Bash.
✑ Using the Azure Cloud Shell using PowerShell.
A team of developers at your company plans to deploy, and then remove, 50 virtual machines
each week. All the virtual machines are configured by using Azure
Resource Manager templates.
You need to recommend which Azure service will minimize the administrative effort required to
deploy and remove the virtual machines.
 A. Azure Reserved Virtual Machine (VM) Instances

 B. Azure DevTest Labs
 C. Azure virtual machine scale sets
 D. Microsoft Managed Desktop

Correct Answer: B
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager
templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the
following tasks:
✑ Quickly provision Windows and Linux environments by using reusable templates and
artifacts.
✑ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand
environments.
✑ Scale up your load testing by provisioning multiple test agents and create pre-provisioned
environments for training and demos.
Reference:
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
HOTSPOT -
Hot Area:
Correct
Answer:
Box 1: No -
Azure Advisor provides you with a consistent, consolidated view of recommendations for all
your Azure resources. It integrates with Azure Security Center to bring you security
recommendations. You can get security recommendations from the Security tab on the Advisor
dashboard. Examples of recommendations include restricting access to virtual machines by
configuring Network Security Groups, enabling storage encryption, installing vulnerability
assessment solutions.
However, Azure Advisor does not provide recommendations on how to improve the security of
an Azure AD environment.
Box 2: Yes -
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and
underutilized resources. You can get cost recommendations from the Cost tab on the Advisor
dashboard.
Box 3: No.
Azure Advisor does not provide recommendations on how to configure network settings on
Azure virtual machines.
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations
https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
solution.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and
create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine
named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-
keys
You need to create VM1 in Subscription1 by using the command.
Solution: From the Azure portal, launch Azure Cloud Shell and select PowerShell. Run the
command in Cloud Shell.
 A. Yes
 B. No

Correct Answer: A
The command can be run in the Azure Cloud Shell. Although this question says you select
PowerShell rather than Bash, the Az commands will work in
PowerShell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and
configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can
also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli
solution.
named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS
--generate-ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From PowerShell, sign in to
Azure and then run the command.
 A. Yes
 B. No

Correct Answer: A
The command can be run from PowerShell or the command prompt if you have the Azure CLI
installed.
Reference:
solution.
named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS
--generate-ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt,
sign in to Azure and then run the command.
 A. Yes
 B. No

Correct Answer: A
The command can be run from PowerShell or the command prompt if you have the Azure CLI
installed.
Reference:
HOTSPOT -
Several support engineers plan to manage Azure by using the computers shown in the following
table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer? To answer, select the appropriate options in the
answer area.
Hot Area:

Correct
Answer:
Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions
and resources from the command-line on Linux and macOS. Now with the open source and
cross-platform release of PowerShell, you‫ג‬€™ll be able to manage all your Azure resources from
Windows, Linux and macOS using your tool of choice, either the Azure CLI or Azure PowerShell
cmdlets.
The Azure portal runs in a web browser so can be used in either operating system.
Reference:
https://buildazure.com/2016/08/18/powershell-now-open-source-and-cross-platform-linux-
macos-windows/
HOTSPOT -
Hot Area:
Correct
Answer:
HOTSPOT -
Hot Area:

Correct
Answer:
Azure Resource Manager templates provides a common platform for deploying objects to a
cloud infrastructure and for implementing consistency across the
Azure environment.
Azure policies are used to define rules for what can be deployed and how it should be deployed.
Whilst this can help in ensuring consistency, Azure policies do not provide the common
platform for deploying objects to a cloud infrastructure.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
DRAG DROP -
Match the Azure service to the correct description.
Select and Place:

Correct
Answer:
Box 1:
Azure Bot Services provides a digital online assistant that provides speech support.
Bots provide an experience that feels less like using a computer and more like dealing with a
person - or at least an intelligent robot. They can be used to shift simple, repetitive tasks, such
as taking a dinner reservation or gathering profile information, on to automated systems that
may no longer require direct human intervention. Users converse with a bot using text,
interactive cards, and speech. A bot interaction can be a quick question and answer, or it can
be a sophisticated conversation that intelligently provides access to services.
Box 2:
Azure Machine Learning uses past trainings to provide predictions that have high probability.
Machine learning is a data science technique that allows computers to use existing data to
forecast future behaviors, outcomes, and trends. By using machine learning, computers learn
without being explicitly programmed.
Forecasts or predictions from machine learning can make apps and devices smarter. For
example, when you shop online, machine learning helps recommend other products you might
want based on what you've bought.
Box 3:
Azure Functions provides serverless computing functionalities.
Box 4:
device to IoT Hub.
References:
https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?
view=azure-bot-service-4.0
https://docs.microsoft.com/en-us/azure/machine-learning/overview-what-is-azure-ml
solution.
Solution: Run the script from a computer that runs Windows 10 and has the Azure PowerShell
module installed.
 A. Yes
 B. No

Correct Answer: A
In this question, the computer has the Azure PowerShell module installed. Therefore, this
solution does meet the goal.
References:
DRAG DROP -
Match the Azure services to the correct description.
Select and Place:

Correct
Answer:
Box 1:
Azure virtual machines provide operation system virtualization.
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing
resources that Azure offers. Typically, you choose a VM when you need more control over the
computing environment than the other choices offer.
Box 2:
Azure Container Instances provide portable environments for virtualized applications.
Containers are becoming the preferred way to package, deploy, and manage cloud applications.
Azure Container Instances offers the fastest and simplest way to run a container in Azure,
without having to manage any virtual machines and without having to adopt a higher-level
service.
Containers offer significant startup benefits over virtual machines (VMs). Azure Container
Instances can start containers in Azure in seconds, without the need to provision and manage
VMs.
Box 3:
Azure App Service is used to build, deploy and scale web apps.
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and
mobile apps for any platform or device and connect to data anywhere, in the cloud or on-
premises. App Service includes the web and mobile capabilities that were previously delivered
separately as Azure Websites and Azure Mobile
Services.
Box 4:
Azure Functions provide a platform for serverless code.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-
services https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview
Which service provides serverless computing in Azure?
 A. Azure Virtual Machines

 B. Azure Functions
 C. Azure storage account
 D. Azure dedicated hosts

Correct Answer: B
Azure Functions provide a platform for serverless code.
Reference:
Which three computers can run the script? Each correct answer presents a complete solution.
 A. a computer that runs macOS and has PowerShell Core 6.0 installed.
 B. a computer that runs Windows 10 and has the Azure PowerShell module installed.
 C. a computer that runs Linux and has the Azure PowerShell module installed.
 D. a computer that runs Linux and has the Azure CLI tools installed.
 E. a computer that runs Chrome OS and uses Azure Cloud Shell.

Correct Answer: ABE
Reference:
https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart-powershell
solution.
named VM1. az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-
keys
Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in
Cloud Shell.
 A. Yes
 B. No

Correct Answer: A
The command can be run in the Azure Cloud Shell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and
configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can
also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli
Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business
units require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
 A. Azure Resource Manager templates

 B. virtual machine scale sets
 C. the Azure API Management service
 D. management groups

Correct Answer: A
You can use Azure Resource Manager templates to automate the creation of the Azure
resources. Deploying resource through templates is known as
‫ג‬€˜Infrastructure as code‫ג‬€™.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager
templates. The template is a JavaScript Object Notation (JSON) file that defines the
infrastructure and configuration for your project. The template uses declarative syntax, which
lets you state what you intend to deploy without having to write the sequence of programming
commands to create it. In the template, you specify the resources to deploy and the properties
for those resources.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
You need to configure an Azure solution that meets the following requirements:
✑ Secures websites from attacks
✑ Generates reports that contain details of attempted attacks
What should you include in the solution?
 A. Azure Firewall
 B. a network security group (NSG)
 C. Azure Information Protection
 D. DDoS protection

Correct Answer: D
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the
application‫ג‬€™s availability and its ability to handle legitimate requests.
DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS
Protection Basic and DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic
service, including logging, alerting, and telemetry. DDoS Standard can generate reports that
contain details of attempted attacks as required in this question.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices
HOTSPOT -
You plan to implement several security services for an Azure environment. You need to identify
which Azure services must be used to meet the following security requirements:
✑ Monitor threats by using sensors
✑ Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? To answer, select the
appropriate options in the answer area.
Hot Area:

Correct
Answer:
Box 1:
To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP).
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your
on-premises Active Directory signals to identify, detect, and investigate advanced threats,
compromised identities, and malicious insider actions directed at your organization.
Sensors are software packages you install on your servers to upload information to Azure ATP.
Box 2:
To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection.
Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication
(MFA) registration by configuring a Conditional Access policy to require MFA registration no
matter what modern authentication app you are signing in to.
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-
protection-configure-mfa-policy
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over
HTTP.
What are two possible solutions? Each correct answer presents a complete solution.
 A. Modify an Azure Traffic Manager profile

 B. Modify a network security group (NSG)
 C. Modify a DDoS protection plan
 D. Modify an Azure firewall

Correct Answer: B
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual
machine. You can use multiple network security groups within a virtual network to restrict
traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to
the virtual machine on port 80 (HTTP).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
HOTSPOT -
Hot Area:

Correct
Answer:
The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you
to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks
while providing easy access when you need to connect to a VM.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-
config-asc%2Cjit-request-asc
HOTSPOT -
Hot Area:

Correct
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
 A. one application security group (ASG)

 B. 10 virtual network gateways
 C. 10 Azure ExpressRoute circuits
 D. one Azure firewall

Correct Answer: D
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure
Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability
and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across
subscriptions and virtual networks. Azure Firewall uses a static public IP address for your
virtual network resources allowing outside firewalls to identify traffic originating from your
virtual network.
References:
https://docs.microsoft.com/en-us/azure/firewall/overview
Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts.
correct.

 B. Azure Active Directory (Azure AD) administrative accounts
 C. Personally Identifiable Information (PII)
 D. server applications

Correct Answer: D
Key Vault is designed to store configuration secrets for server apps. It's not intended for
storing data belonging to your app's users, and it shouldn't be used in the client-side part of an
app.
Reference:
https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/2-what-
is-key-vault https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview
https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/
Your company plans to automate the deployment of servers to Azure.
Your manager is concerned that you may expose administrative credentials during the
deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during
the deployment.
 A. Azure Key Vault

 B. Azure Information Protection
 C. Azure Security Center
 D. Azure Multi-Factor Authentication (MFA)

Correct Answer: A
Azure Key Vault is a secure store for storage various types of sensitive information. In this
question, we would store the administrative credentials in the Key Vault.
With this solution, there is no need to store the administrative credentials as plain text in the
deployment scripts.
All information stored in the Key Vault is encrypted.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords,
certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths,
and hardware security modules (HSMs). The HSMs used are
Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or
application) can get access. Authentication establishes the identity of the caller, while
authorization determines the operations that they are allowed to perform.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview

AZ900

Uploaded by

Copyright:

Available Formats

AZ900

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ900

Uploaded by

Copyright:

Available Formats

AZ900

Hide Solution Discussion 97

Hide Solution Discussion 62

Hide Solution Discussion 17

Hide Solution Discussion 29

Hide Solution Discussion 17

Hide Solution Discussion 49

Hide Solution Discussion 20

Hide Solution Discussion 13

Hide Solution Discussion 20

Hide Solution Discussion 42

Hide Solution Discussion 41

 A. Software as a Service (SaaS)

Hide Solution Discussion 55

Hide Solution Discussion 76

 A. a complete migration to the public cloud

Hide Solution Discussion 403

Hide Solution Discussion 59

 A. The public cloud is owned by the public, NOT a private corporation

Hide Solution Discussion 22

Hide Solution Discussion 16

Hide Solution Discussion 21

Hide Solution Discussion 15

Hide Solution Discussion 39

Hide Solution Discussion 56

 A. Replacing failed server hardware

Hide Solution Discussion 71

Hide Solution Discussion 33

 A. an Azure web app

Hide Solution Discussion 21

 A. private cloud and hybrid cloud only

Hide Solution Discussion 23

Hide Solution Discussion 13

Box 1: Public Cloud -

Box 2: Private Cloud -

Hide Solution Discussion 45

Hide Solution Discussion 11

Hide Solution Discussion 27

Hide Solution Discussion 20

 A. Software as a Service (SaaS)

Hide Solution Discussion 53

Hide Solution Discussion 21

Hide Solution Discussion 12

Hide Solution Discussion 18

Hide Solution Discussion 13

Hide Solution Discussion 63

Hide Solution Discussion 12

Hide Solution Discussion 7

Hide Solution Discussion 7

Hide Solution Discussion 12

Hide Solution Discussion 4

Hide Solution Discussion 29

 A. No change is needed

Hide Solution Discussion 61

Hide Solution Discussion 39

 A. Azure Data Lake

Hide Solution Discussion 24

Hide Solution Discussion 22

 A. a physical server failure

Hide Solution Discussion 25