A total of 230 exam questions to test your understanding and help you ace the Microsoft Azure Fundamentals exam! Last updated: October 3, 2022 An Azure administrator plans to run a PowerShell script that creates Azure resources. Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 2Azure Resource Manager templates provides a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment. Azure policies are used to define rules for what can be deployed and how it should be deployed. Whilst this can help in ensuring consistency, Azure policies do not provide the common platform for deploying objects to a cloud infrastructure. https://docs.microsoft.com/en-us/azure/governance/policy/overview Page 3Box 1: Azure Bot Services provides a digital online assistant that provides speech support. Bots provide an experience that feels less like using a computer and more like dealing with a person - or at least an intelligent robot. They can be used to shift simple, repetitive tasks, such as taking a dinner reservation or gathering profile information, on to automated systems that may no longer require direct human intervention. Users converse with a bot using text, interactive cards, and speech. A bot interaction can be a quick question and answer, or it can be a sophisticated conversation that intelligently provides access to services. Box 2: Azure Machine Learning uses past trainings to provide predictions that have high probability. Machine learning is a data science technique that allows computers to use existing data to forecast future behaviors, outcomes, and trends. By using machine learning, computers learn without being explicitly programmed. Forecasts or predictions from machine learning can make apps and devices smarter. For example, when you shop online, machine learning helps recommend other products you might want based on what you've bought. Box 3: Azure Functions provides serverless computing functionalities. Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure. Box 4: IoT Hub (Internet of things Hub) provides data from millions of sensors. IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud- hosted solution backend. You can connect virtually any device to IoT Hub. https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-4.0 https://docs.microsoft.com/en-us/azure/machine-learning/overview-what-is-azure-ml https://docs.microsoft.com/en-us/azure/azure-functions/ https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub Page 4Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. An Azure administrator plans to run a PowerShell script that creates Azure resources. You need to recommend which computer configuration to use to run the script. Solution: Run the script from a computer that runs Windows 10 and has the Azure PowerShell module installed. Does this meet the goal? Page 5Box 1: Azure virtual machines provide operation system virtualization. Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers. Typically, you choose a VM when you need more control over the computing environment than the other choices offer. Box 2: Azure Container Instances provide portable environments for virtualized applications. Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual machines and without having to adopt a higher-level service. Containers offer significant startup benefits over virtual machines (VMs). Azure Container Instances can start containers in Azure in seconds, without the need to provision and manage VMs. Box 3: Azure App Service is used to build, deploy and scale web apps. Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile Services. Box 4: Azure Functions provide a platform for serverless code. Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure. https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services https://docs.microsoft.com/en-us/azure/azure-functions/ https://docs.microsoft.com/en-us/azure/container-instances/container-instances-overview Page 6Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 7Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 8Box 1: No - Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP address, source/destination ports and protocol. Box 2: No - A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to block or allow traffic based on source/ destination IP address, source/destination ports and protocol. Box 3: No - The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was configured to require or accept the encryption. However, the VM could not encrypt the traffic to an Internet host that is not configured to require the encryption. https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-transit Page 9Box 1: Yes - Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Box 2: No - Only two features: Continuous assessment and security recommendations, and Azure secure score, are free. Box 3: Yes - The advanced monitoring capabilities in Security Center also let you track and manage compliance and governance over time. The overall compliance provides you with a measure of how much your subscriptions are compliant with policies associated with your workload. https://docs.microsoft.com/en-us/azure/security-center/security-center-intro Page 10D DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application's availability and its ability to handle legitimate requests. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet. Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard. DDoS Basic protection is integrated into the Azure platform by default and at no extra cost. You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as required in this question. https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices Page 11Box 1: To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP). Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Sensors are software packages you install on your servers to upload information to Azure ATP. Box 2: To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection. Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you are signing in to. https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy Page 12B A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP). https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Page 13Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 14Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 15D You can restrict traffic to multiple virtual networks with a single Azure firewall. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. https://docs.microsoft.com/en-us/azure/firewall/overview Page 16D Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked. When using Key Vault, application developers no longer need to store security information in their application. Not having to store security information in applications eliminates the need to make this information part of the code. For example, an application may need to connect to a database. Instead of storing the connection string in the app's code, you can store it securely in Key Vault. https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/ Page 17A Azure Key Vault is a secure store for storage various types of sensitive information. In this question, we would store the administrative credentials in the Key Vault. With this solution, there is no need to store the administrative credentials as plain text in the deployment scripts. All information stored in the Key Vault is encrypted. Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets. Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are Federal Information Processing Standards (FIPS) 140-2 Level 2 validated. Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform. https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview Page 18A A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Page 19When you create a virtual machine, the default setting is to create a Network Security Group attached to the network interface assigned to a virtual machine. A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 8080. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Page 20Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 21A A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP). https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Page 22Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify a DDoS protection plan. Does this meet the goal? Page 23Exam-Answer.com doesn't offer Real Microsoft Exam Questions. Exam-Answer.com doesn't offer Real Amazon Exam Questions. Exam-Answer.com materials do not contain actual questions and answers from Cisco's Certification Exams. CFA Institute does not endorse, promote or warrant the accuracy or quality of Exam-Answer. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute. Copyright © Exam-Answer2022. Page 24Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure firewall. Does this meet the goal? Page 25Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your Azure environment contains multiple Azure virtual machines. You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP. Solution: You modify an Azure Traffic Manager profile. Does this meet the goal? Page 26A A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. https://docs.microsoft.com/en-us/azure/virtual-network/security-overview Does Azure Advisor provides recommendations on how do you improve security?Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Microsoft Defender for Cloud to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard.
How do I improve the security of an Azure Active Directory?Security defaults. Start by logging in to your Azure portal as a security administrator, Conditional Access administrator, or global administrator.. Browse to Azure Active Directory, and then Properties.. Select Manage security defaults.. Set the Enable security defaults, then toggle to Yes.. Select Save.. Which of the following recommendations is provided by Azure advisor?Advisor provides recommendations for Application Gateway, App Services, availability sets, Azure Cache, Azure Data Factory, Azure Database for MySQL, Azure Database for PostgreSQL, Azure Database for MariaDB, Azure ExpressRoute, Azure Cosmos DB, Azure public IP addresses, Azure Synapse Analytics, SQL servers, storage ...
Does Azure Advisor provides recommendations on how do you reduce the cost of running Azure virtual machines?Get the most out of Azure
Azure Advisor analyzes your configurations and usage telemetry and offers personalized, actionable recommendations to help you optimize your Azure resources for reliability, security, operational excellence, performance, and cost.
|
