 Show
Navigation
Question 2Match words from the boxes with the numbers in the picture below. ❌ ✔ ⚪ 🔵 ⬜ 🟦
❌ ✔ ⚪ 🔵 ⬜ 🟦
❌ ✔ ⚪ 🔵 ⬜ 🟦
❌ ✔ ⚪ 🔵 ⬜ 🟦
❌ ✔ ⚪ 🔵 ⬜ 🟦
✔ That's correct ❌ That's not correct 👨🦱 💬 Increasing the size of the resource is called scaling up, hence decreasing the size is scaling down. Because we move along the vertical line, changing the size is called vertical scaling. Increasing the amount of instances of our resource is called scaling out, hence decreasing the amount is scaling in. Because we move along the horizontal line, changing the size is called horizontal scaling. Next Episode ▶Adam MarczakProgrammer, architect, trainer, blogger, evangelist are just a few of my titles. What I really am, is a passionate technology enthusiast. I take great pleasure in learning new technologies and finding ways in which this can aid people every day. My latest passion is running an Azure 4 Everyone YouTube channel, where I show that Azure really is for everyone! Did you enjoy the article?Share it!More tagged postsThe latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification. Question 491Exam QuestionYour company has noticed that storage costs have decreased significantly over the past few years due to cloud providers’ ability to purchase larger amounts of storage at significant discounts. These savings have allowed your company to purchase additional cloud resources. Which cloud feature is represented in this scenario? A. Agility Correct AnswerG. Economy of scale ExplanationYou would choose economy of scale. The concept of economy of scale is the ability to do business cheaper and more efficiently when operating on a larger scale, in comparison to operating on a smaller scale. You would not choose agility. Agility is the ability to react quickly. Cloud services can allocate and deallocate resources quickly. These are on-demand services that are provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services. You would not choose elasticity. This feature increases or decreases resources as needed, but unlike scalability, elasticity is done automatically. Elastic resources are based on the current needs and resources are added or removed dynamically to meet those needs, from the most advantageous geographic location. A distinction between scalability and elasticity is that elasticity is done automatically. You would not choose high availability. This feature allows services to run for extended periods, with very little downtime, depending on the service. You would not choose scalability. This feature can increase (scale-up) or decrease (scale-down) resources that are assigned to a workload. As demand increases, you can add additional resources or capabilities to manage the increase in demand (known as scaling up). Scalability does not have to be done automatically. You would not choose fault tolerance. Fault tolerance is the ability to remain up and running in the event of a component or service that is no longer functioning. Typically, redundancy is built into cloud services architecture so that if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults. You would not choose disaster recovery. This feature allows you to recover from a cloud service outage caused by an event. Cloud services disaster recovery can happen very quickly with automation, with resources being readily available for use. Objective: Describe cloud concepts Sub-Objective: Describe the benefits of using cloud services ReferenceWiki > Economy of Scale Techopedia > Cloud Elasticity Sysfore Blog > Agility on Cloud – A Vital Part of Cloud Computing TutorialsPoint > Microsoft Azure – Scalability Wiki > High Availability IBM Knowledge Center > High availability versus fault tolerance Question 492Exam QuestionWhich cloud service model is a collaborative effort in which infrastructure is shared between several organizations with common concerns? A. Community cloud Correct AnswerA. Community cloud ExplanationA community cloud is a cloud model that is a collaborative effort between multiple organizations that is managed and secured commonly by the organizations participating in that community. Typically, a community cloud is used with organizations that are working on joint projects or applications that require a cloud to manage and execute the projects or applications regardless of the solution rented. All other choices are incorrect. A public cloud is owned, managed, and supported by the vendor alone. Examples of a public cloud are Amazon Web Services, Microsoft 365, and Microsoft Azure. A public cloud provides the following advantages:
A private cloud has computing resources exclusively owned, managed, and used by a single organization. A private cloud has the following advantages:
A hybrid cloud combines the best of a public cloud and a private cloud so you can take advantage of both. A hybrid cloud has the following advantages:
Objective: Describe cloud concepts Sub-Objective: Describe cloud computing ReferenceWhat is a Community Cloud? – Definition from Techopedia Question 493Exam QuestionA company is using containers for deploying all of its web applications. During a security audit, you notice that Microsoft Defender for Cloud is not being used properly to provide misconfigurations related to containers. For which resource can you NOT use Microsoft Defender for Cloud to secure the containers? A. Azure Kubernetes Service (AKS) Correct AnswerD. Azure Container Instance (ACI) ExplanationAzure Container Instance (ACI) does not use Microsoft Defender for Cloud. ACI is a service that allows you to run containers in the cloud without using VMs. Defender for Cloud can protect Kubernetes clusters, container hosts that are VMs running Docker, and Azure Container Registries (ACRs) The following shows the resources protected by Microsoft Defender. You should not choose Azure Kubernetes Service (AKS). Microsoft Defender for Cloud can be used for assessments, finding misconfigurations, and for guidelines to improve security with AKS. Microsoft Defender for Cloud can show misconfigurations in your Docker environment as well as providing guidelines for mitigating threats indicated by Azure Defender. This is provided by Microsoft Defender for servers, which compares the configurations with the Center for Internet Security Docker Benchmark. Microsoft Defender for Cloud provides vulnerability assessments along with management tools for Azure Container Registry (ACR) registry entries. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure identity, access, and security ReferenceMicrosoft Docs > Azure > Security > Microsoft Defender for Cloud > Overview of Microsoft Defender for Containers Question 494Exam QuestionThe Nutex Corporation wants to make several configuration updates to apps and services. You are part of the Azure Network Management team who must make these updates. You prefer making updates from the command line. Which of the following statements about the Azure CLI are TRUE? (Choose four.) A. JSON is the default output format of the Azure CLI. Correct AnswerA. JSON is the default output format of the Azure CLI. ExplanationThe following statements are true:
Older Azure CLI versions (1.x and lower) are now referred to as Azure Classic CLI. Microsoft recommends moving any classic deployments with the Azure Resource Manager model and migrating these deployments to the latest available version of the Azure CLI. The INI file format is defined by section headers and uses the following to save data:
The Azure CLI uses JSON as its default output format but offers other formats. Use the –output (–out or –o) parameter to format CLI output. The argument values and types of output are json, jsonc, yaml, table, and tsv. Service principals are accounts that are not tied to a specific user. These accounts use permissions assigned from pre-defined roles. Authenticating with a service principal is the best way to write secure scripts or programs. With Service principals, none of the sign-in information is stored by the CLI. Instead, an authentication refresh token is generated by Azure and stored. It is not true that the Azure CLI can be set to scope the commands to a specific command group, in both interactive and non-interactive mode. Scoping is only available in interactive mode. For example, when you use az>> %%vm instead of az>> vm to set the scope of the commands to the vm, %% sets the scope. When Azure CLI is scoped, all commands are interpreted in that scope. It is very efficient when a lot of commands are executed in a specific command group. Objective: Describe Azure management and governance Sub-Objective: Describe features and tools for managing and deploying Azure resources ReferenceMicrosoft Azure > Azure CLI > Differences between Azure CLI products Microsoft Azure > Azure CLI > Azure CLI configuration Microsoft Azure > Azure CLI > Output formats for Azure CLI commands Microsoft Azure > Azure CLI > Sign in with Azure CLI Microsoft Azure > Azure CLI > Azure CLI interactive mode Question 495Exam QuestionYou need to coordinate services with your cloud provider. You need to create a proposal for a budget for cloud services. You must indicate which responsibilities belong to the cloud provider and which belong to your organization. Which of the following responsibilities are shared by the customer, not the cloud provider? Move the appropriate responsibility to appropriate category. Customer Responsibility:
Correct AnswerSaaS:
PaaS:
IaaS:
On-premise:
ExplanationYou should choose the following: The accountability and classification of data is the responsibility of IaaS, PaaS, SaaS, and on-premises. The service provider is responsible for the data and when it is available. A service provider has a service level agreement (SLA) that guarantees when the data is available. A service provider is not responsible for determining which data of yours is important. A customer’s company may classify its own data and is responsible for determining which data is important. End-point protection is the responsibility of IaaS, PaaS, SaaS, and on-premises organizations. All connections from clients to on-premises servers or cloud-based servers must be secured. Application-level controls for the customer are solely responsible for on-premises and IaaS and partially shared between the PaaS shared provider. Application-level controls are not the responsibility of the customer for SaaS. Application-level controls are the sole responsibility of the service provider since the vendor provides the software in a SaaS cloud and thus provides the controls. Host infrastructure is the responsibility of both the customer and service provider in an IaaS. The IaaS service provider provides the VMs, routers, gateways, and other infrastructure, but the customer decides which resources to allocate. Host infrastructure is the sole responsibility of the provider with a PaaS and SaaS. The customer does not have control over the infrastructure with a PaaS or SaaS. Objective: Describe cloud concepts Sub-Objective: Describe cloud service types ReferenceMicrosoft Docs > Azure > Security > Fundamentals > Shared responsibility in the cloud Shared Responsibility for Cloud Computing-2019-10-25.pdf (microsoft.com) Question 496Exam QuestionYou are considering moving several of your network services to the cloud. You are evaluating a private, public, and hybrid cloud. Match the advantage to the proper cloud implementation. Advantages:
Correct AnswerPublic Cloud:
Private Cloud:
Hybrid Cloud:
ExplanationYou should choose the following: A public cloud, such as Amazon Web Services or Microsoft Azure, provides the following advantages:
A private cloud has computing resources exclusively used by a single organization. A private cloud has the following advantages:
A hybrid cloud combines the best of a public cloud and a private cloud so you can take advantage of both. A hybrid cloud has the following advantages:
Objective: Describe cloud concepts Sub-Objective: Describe cloud computing ReferenceMicrosoft Azure > What are public, private, and hybrid clouds? Question 497Exam QuestionThe Nutex Corporation plans to comply with all the privacy, compliance, and data protection standards. You are asked to investigate the security, compliance, and privacy offerings and commitments from Microsoft. Which of the following statements about the Azure Service Trust Portal are TRUE? (Choose three.) A. The Azure Service Trust Portal provides Security and Compliance Blueprints to assist customers with building applications that comply with compliance regulations and standards. Correct AnswerA. The Azure Service Trust Portal provides Security and Compliance Blueprints to assist customers with building applications that comply with compliance regulations and standards. ExplanationMicrosoft’s privacy principle states that Microsoft will not use your email, chat, files, or other personal content to target ads to you. Microsoft’s privacy principle also states that:
If an Azure tenant is deactivated, Microsoft permanently deletes all data for that tenant in the Service Trust Portal (e.g., user information and data uploaded to Compliance Manager) within 24 hours of tenant deactivation. The Azure Service Trust Portal provides Security and Compliance Blueprints to assist customers with building applications that comply with compliance regulations and standards. Azure Security and Compliance Blueprints include industry-specific overviews and guidance, customer responsibilities matrix, reference architectures with threat models, control implementation matrices, and automation to deploy reference architectures. If a customer’s cloud subscription expires, Microsoft will not delete the data in the subscription in 90 days without notice. If you terminate a cloud subscription or it expires (except for free trials), Microsoft will store your customer data in a limited-function account for 90 days (the “retention period”) to give you time to extract the data or renew your subscription. During this period, Microsoft provides multiple notices so you will be amply forewarned of the upcoming deletion of data. Objective: Describe Azure management and governance Sub-Objective: Describe features and tools in Azure for governance and compliance ReferenceMicrosoft > Trust Center > Privacy at Microsoft Microsoft > Trust Center > Data management at Microsoft Microsoft > Service Trust Portal > Frequently Asked Questions Question 498Exam QuestionThe web team of the Nutex Corporation is developing a new enterprise solution. They are using the newest technologies, and the functionality is divided into many independent parts that can be maintained, scaled, or updated independently. They need to create a serverless solution that will save on costs and allow you to write less code. What should you recommend? A. Azure Functions Correct AnswerA. Azure Functions ExplanationYou should choose Azure Functions because they are used for serverless processing. This serverless solution saves on costs and allows you to write less code as well as maintaining less infrastructure. You should not choose Azure Container Instances (ACI). ACI offers a fast and simple way to create and develop apps in a container without worrying about have VMs provisioned. It takes less than 30 seconds to start a container with ACI in the best scenarios, faster than deploying an app with App Services. Although ACI allows you to use containers which eliminate the need to provision and manage VMs, ACI will not allow you to write less code. Azure Kubernetes Service (AKS) is not a serverless solution that allows you to write less code. It is an orchestration service that requires a YAML file for configuration. It is more complex and for more enterprise solutions. Also, Azure Kubernetes Service (AKS) for burstable scaling uses scaling on ACI because it is faster to scale compared with AKS nodes. Using an Azure VM would not be a serverless solution. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure compute and networking services ReferenceAzure > Product Documentation > Functions > Overview > About Azure Functions > Introduction to Azure Functions Azure > Overview > Serverless computing Azure > Services > Azure Functions Question 499Exam QuestionYour company plans on using Azure Virtual Desktop to create a multi-session Windows 10 deployment. You have remote clients that need to have virtualized Microsoft 365 Apps running. You need to have existing Remote Desktop Services (RDS) and Windows Server desktops and apps to the client computers. Which of the following is true regarding Azure Virtual Desktop? (Choose two.) A. Remote clients cannot run the Remote Desktop Connection (MSTSC) client. Correct AnswerA. Remote clients cannot run the Remote Desktop Connection (MSTSC) client. ExplanationClients that use Azure Virtual Desktop can support the following client operating systems:
However, Azure Virtual Desktop does not support clients that run the Remote Desktop Connection (MSTSC) client. or the RemoteApp and Desktop Connections (RADC) client. You can stop a screen from being captured by software running at a client endpoint using the screen capture protection in Azure Virtual Desktop. Screen capture protection protects client VMs from spyware or other malware from taking screenshots and sending them to the malware owner. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure compute and networking services ReferenceMicrosoft Docs > Azure > What is Azure Virtual Desktop? Microsoft Docs > Azure > What’s new in Azure Virtual Desktop? Announcing general availability of Screen Capture Protection for Azure Virtual Desktop – Microsoft Tech Community Question 500Exam QuestionThe Nutex Corporation has a partnership with the Verigon Corporation. Both Nutex and Verigon have multi-factor authentication (MFA) capabilities. Wendy, a user at Verigon, needs access to an application in Nutex named the AT application. Which of the following should you configure to ensure that Wendy can access the AT application? (Choose three.) A. Configure MFA access for the AT application in Verigon. Correct AnswerC. Ensure that Nutex has sufficient Premium Azure AD licenses that support MFA. ExplanationYou would do the following:
To configure MFA on an application, you must find the application in Azure in the tenant that contains it. In this scenario, Nutex owns the AT application. You would choose Conditional Access under the application and click Add to create a policy. Once the policy is created, you can create assignments to grant users and groups access to the application. You can select the All Guest Users to allow access to external users or find a specific user. You can choose to specify conditions on device platforms, client apps, or locations. If you choose locations, you can allow users from any location or only allow users from trusted IPs. The Controls section of the policy allows you to block or allow access. If you choose to allow access, you can require multi-factor authentication. Even though Nutex and Verigon have MFA capabilities, MFA policies are enforced at the resource organization, which is Nutex because it owns the AT application. When Wendy from Verigon attempts to access the AT application in the Nutex tenant, she will be asked to complete an MFA challenge. Wendy can set up her MFA with Nutex and choose their MFA option. As Nutex owns the application, they must have sufficient Premium Azure AD licenses that support MFA, not Verigon. Wendy, the user from Verigon, consumes one of these licenses from Nutex. Objective: Describe Azure architecture and services Sub-Objective: Describe Azure identity, access, and security ReferenceMicrosoft Docs > Azure > Active Directory > Conditional access for B2B collaboration users Microsoft Docs > Azure > Active Directory > Privileged Identity Management > Multi-factor authentication and Privileged Identity Management Which of the following refers to spending money upfront and then deducting that expense over time?CapEx is the spending of money on physical infrastructure upfront and then deducting that expense from your tax bill over time. CapEx is an upfront cost, which has a value that reduces over time and usually has no recurring cost.
Which of the following can be used to manage governance across multiple Azure subscriptions?Resource groups provide organizations with the ability to manage the compliance of Azure resources across multiple subscriptions.
Which term is used to describe the overall amount paid for a solution over time in Azure?CapEx is an upfront cost, which has a value that reduces over time. OpEx is spending money on services or products now and being billed for them now. You can deduct this expense from your tax bill in the same year. There is no upfront cost, you pay for a service or product as you use it.
Which of the following defines performance targets like uptime for an Azure product or service?An SLA defines performance targets for an Azure product or service.
|
