AZ-900 ITExams

https://itexamcertified.
com
AZ-900 Microsoft Azure Fundamentals
Question #1
Note: The question is included in a number of questions that depicts the identical set-up. However, every question
has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an on-premises network with numerous servers, which they intend to migrate to Azure.
You have been tasked with devising a plan that allows for the availability of a few of the servers, in the event that
one of the Azure data centers becomes unavailable for a lengthy interval.
Solution: You should include elasticity in your plan.
Does the solution meet the goal?
 A. Yes
 B. No
https://itexamcertified.com
Answer: B
Question #2
Solution: You should include scalability in your plan.
 A. Yes
 B. No
Answer: B
Question #3
Solution: You should include fault tolerance in your plan.
 A. Yes
 B. No
Answer: A
Question #4
You are tasked with deploying Azure virtual machines for your company.
You need to make use of the appropriate cloud deployment solution.
Solution: You should make use of Software as a Service (SaaS).
 A. Yes
 B. No
Answer: B
Question #5
Solution: You should make use of Platform as a Service (PaaS).
 A. Yes
 B. No
Answer: B
Question #6
Solution: You should make use of Infrastructure as a Service (IaaS).
 A. Yes
 B. No
Answer: A
Question #7
Your company‫ג‬€™s on-premises network includes a large number of servers.
They would like to make extra resources available to their users, while keeping capital and operational overheads
to a minimum.
You are required to make recommendations that should be included in the overall solution.
Solution: You should indorse the use of an added data center as part of the solution.
 A. Yes
 B. No
Answer: B
Question #8
to a minimum.
Solution: You should indorse the use of a hybrid cloud as part of the solution.
 A. Yes
 B. No
Answer:A
Question #9
to a minimum.
Solution: You should indorse the use of a private cloud as part of the solution.
 A. Yes
 B. No
Answer: B
Question #10
Your company is planning to migrate all their virtual machines to an Azure pay-as-you-go subscription. The virtual
machines are currently hosted on the Hyper-V hosts in a data center.
You are required make sure that the intended Azure solution uses the correct expenditure model.
Solution: You should recommend the use of the elastic expenditure model.
 A. Yes
 B. No
Answer: B
Question #11
Solution: You should recommend the use of the scalable expenditure model.
 A. Yes
 B. No
Answer: B
Question #12
Solution: You should recommend the use of the operational expenditure model.
 A. Yes
 B. No
Answer: A
Topic 2, Understand Core Azure Services
Question #13
You are required to deploy an Artificial Intelligence (AI) solution in Azure.
You want to make sure that you are able to build, test, and deploy predictive analytics for the solution.
Solution: You should make use of Azure Cosmos DB.
 A. Yes
 B. No
Answer: B
Question #14

Solution: You should make use of Azure Logic Apps.
 A. Yes
 B. No
Answer: B
Question #15
Solution: You should make use of Azure Machine Learning Studio.
 A. Yes
 B. No
Answer: A
Question #16
Your company‫ג‬€™s infrastructure includes a number of business units that each need a large number of various
Azure resources for everyday operation.
The resources required by each business unit are identical.
You are required to sanction a strategy to create Azure resources automatically.
Solution: You recommend that the Azure API Management service be included in the strategy.
 A. Yes
 B. No
Answer: B
Question #17

Solution: You recommend that management groups be included in the strategy.
 A. Yes
 B. No
Answer: B
Question #18
Solution: You recommend that the Azure Resource Manager templates be included in the strategy.
 A. Yes
 B. No
Answer: A
Question #19
You are tasked with deploying a critical LOB application, which will be installed on a virtual machine, to Azure.
You are informed that the application deployment strategy should allow for a guaranteed availability of 99.99
percent. You need to make sure that the strategy requires as little virtual machines and availability zones as
possible.
Solution: You include two virtual machines and one availability zone in your strategy.
 A. Yes
 B. No
Answer: B
References:
https://docs.microsoft.com/en-us/azure/availability-zones/az-overview
Question #20
possible.
Solution: You include one virtual machine and two availability zones in your strategy.
 A. Yes
 B. No
Answer: B
References:
Question #21
possible.
Solution: You include two virtual machines and two availability zones in your strategy.
 A. Yes
 B. No
Answer: A
References:
Question #22
Your company‫ג‬€™s developers intend to deploy a large number of custom virtual machines on a weekly basis. They
will also be removing these virtual machines during the same week it was deployed. Sixty percent of the virtual
machines have Windows Server 2016 installed, while the other forty percent has Ubuntu Linux installed.
You are required to make sure that the administrative effort, needed for this process, is reduced by employing a
suitable Azure service.
Solution: you recommend the use of Microsoft Managed Desktop.
 A. Yes
 B. No
Answer: B
Question #23
Solution: you recommend the use of Azure Reserved Virtual Machines (VM) Instances.
 A. Yes
 B. No
Answer: B
Question #24
Solution: you recommend the use of Azure DevTest Labs.
 A. Yes
 B. No
Answer: A
Topic 3, Understand Security, Privacy, Compliance and Trust
Question #25
Your company has virtual machines (VMs) hosted in Microsoft Azure. The VMs are located in a single Azure virtual
network named VNet1.
The company has users that work remotely. The remote workers require access to the VMs on VNet1.
You need to provide access for the remote workers.
What should you do?
 A. Configure a Site-to-Site (S2S) VPN.

 B. Configure a VNet-toVNet VPN.
 C. Configure a Point-to-Site (P2S) VPN.
 D. Configure DirectAccess on a Windows Server 2012 server VM.

 E. Configure a Multi-Site VPN
Answer: C
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an
individual client computer.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
Set 2
Question #1
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an
environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to
the virtual machine, the operating system or
IIS.
Box 2: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is
known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling
means adding more load balanced virtual machines to host the web apps.
Box 3: Yes -
PaaS provides a framework that developers can build upon to develop or customize cloud-based applications. PaaS
development tools can cut the time it takes to code new apps with pre-coded application components built into
the platform, such as workflow, directory services, security features, search and so on.
References:
https://azure.microsoft.com/en-gb/overview/what-is-paas/
Question #2
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
Traditionally, IT expenses have been considered a Capital Expenditure (CapEx). Today, with the move to the cloud
and the pay-as-you-go model, organizations have the ability to stretch their budgets and are shifting their IT CapEx
costs to Operating Expenditures (OpEx) instead. This flexibility, in accounting terms, is now an option due to the
‫ג‬€as a Service‫ג‬€ model of purchasing software, cloud storage and other IT related resources.
Box 2: No -
Two virtual machines using the same size could have different disk configurations. Therefore, the monthly costs
could be different.
Box 3: Yes -
When an Azure virtual machine is stopped, you don‫ג‬€™t pay for the virtual machine. However, you do still pay for
the storage costs associated to the virtual machine.
The most common storage costs are for the disks attached to the virtual machines. There are also other storage
costs associated with a virtual machine such as storage for diagnostic data and virtual machine backups.
References:
https://meritsolutions.com/capex-vs-opex-cloud-computing-blog/
Question #3
HOTSPOT -
To complete the sentence, select the appropriate option in the answer area.
Hot Area:
Answer:
When you are implementing a Software as a Service (SaaS) solution, you are responsible for configuring the SaaS
solution. Everything else is managed by the cloud provider.
SaaS requires the least amount of management. The cloud provider is responsible for managing everything, and
the end user just uses the software.
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common
examples are email, calendaring and office tools
(such as Microsoft Office 365).
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service
provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually
with a web browser. All of the underlying infrastructure, middleware, app software and app data are located in the
service provider‫ג‬€™s data center. The service provider manages the hardware and software and with the
appropriate service agreement, will ensure the availability and the security of the app and your data as well.
Reference:
https://azure.microsoft.com/en-in/overview/what-is-saas/
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/5-types-of-cloud-services
Question #4
You have an on-premises network that contains several servers.

You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers are available if a single Azure data center
goes offline for an extended period.
What should you include in the recommendation?
 A. fault tolerance
 B. elasticity
 C. scalability
 D. low latency
Answer: A
Fault tolerance is the ability of a system to continue to function in the event of a failure of some of its components.
In this question, you could have servers that are replicated across datacenters.
Availability zones expand the level of control you have to maintain the availability of the applications and data on
your VMs. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or
more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a
minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a
region protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your solutions to use
replicated VMs in zones, you can protect your applications and data from the loss of a datacenter. If one zone is
compromised, then replicated apps and data are instantly available in another zone.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Question #5
HOTSPOT -
Hot Area:
Answer:
A private cloud is hosted in your datacenter. Therefore, you cannot close your datacenter if you are using a private
cloud.
A public cloud is hosted externally, for example, in Microsoft Azure. An organization that hosts its infrastructure in
a public cloud can close its data center.
Public cloud is the most common deployment model. In this case, you have no local hardware to manage or keep
up-to-date ‫ג‬€" everything runs on your cloud provider's hardware.
Microsoft Azure is an example of a public cloud provider.
In a private cloud, you create a cloud environment in your own datacenter and provide self-service access to
compute resources to users in your organization.
This offers a simulation of a public cloud to your users, but you remain completely responsible for the purchase
and maintenance of the hardware and software services you provide.
Reference:
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/4-cloud-deployment-models
Question #6
What are two characteristics of the public cloud? Each Answer presents a complete solution.
 A. dedicated hardware
 B. unsecured connections
 C. limited storage
 D. metered pricing
 E. self-service management
Answer: DE
With the public cloud, you get pay-as-you-go pricing ‫ג‬€" you pay only for what you use, no CapEx costs.
With the public cloud, you have self-service management. You are responsible for the deployment and
configuration of the cloud resources such as virtual machines or web sites. The underlying hardware that hosts the
cloud resources is managed by the cloud provider.
InAnswers:
A: You don‫ג‬€™t have dedicated hardware. The underlying hardware is shared so you could have multiple
customers using cloud resources hosted on the same physical hardware.
B: Connections to the public cloud are secure.
C: Storage is not limited. You can have as much storage as you like.
References:
Question #7
HOTSPOT -
Hot Area:
Answer:
When planning to migrate a public website to Azure, you must plan to pay monthly usage costs. This is because
Azure uses the pay-as-you-go model.
Question #8
Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution that might meet the stated goals. Some question sets might have more than one correct
solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company‫ג‬€™s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create an Azure App Service and Azure SQL databases.
Does this meet the goal?
 A. Yes
 B. No
Answer: A
Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does
meet the goal.
Question #9

Solution: You create an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.
 A. Yes
 B. No
Answer: A
Azure App Service is a PaaS (Platform as a Service) service. Azure virtual machines are an IaaS (Infrastructure as a
Service) service, and a Paas service.
Therefore, this solution does meet the goal.
Note: Like IaaS, PaaS includes infrastructure‫ג‬€"servers, storage, and networking‫ג‬€"but also middleware,
development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed
to support the complete web application lifecycle: building, testing, deploying, managing, and updating.
Reference:
https://azure.microsoft.com/en-us/overview/what-is-paas/
Question #10
Solution: You create an Azure App Service and Azure Storage accounts.
 A. Yes
 B. No
Answer: A
Question #11
Your company hosts an accounting application named App1 that is used by all the customers of the company.
App1 has low usage during the first three weeks of each month and very high usage during the last week of each
month.
Which benefit of Azure Cloud Services supports cost management for this type of usage pattern?
 A. high availability
 B. high latency
 C. elasticity
 D. load balancing
Answer: C
Elasticity in this case is the ability to provide additional compute resource when needed and reduce the compute
resource when not needed to reduce costs.
Autoscaling is an example of elasticity.
Elastic computing is the ability to quickly expand or decrease computer processing, memory and storage resources
to meet changing demands without worrying about capacity planning and engineering for peak usage. Typically
controlled by system monitoring tools, elastic computing matches the amount of resources allocated to the
amount of resources actually needed without disrupting operations. With cloud elasticity, a company avoids
paying for unused capacity or idle resources and doesn‫ג‬€™t have to worry about investing in the purchase or
maintenance of additional resources and equipment.
References:
https://azure.microsoft.com/en-gb/overview/what-is-elastic-computing/
Question #12
You plan to migrate a web application to Azure. The web application is accessed by external users.
You need to recommend a cloud deployment solution to minimize the amount of administrative effort used to
manage the web application.
 A. Software as a Service (SaaS)

 B. Platform as a Service (PaaS)
 C. Infrastructure as a Service (IaaS)
 D. Database as a Service (DaaS)
Answer: B
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any
platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and
mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile
Services.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/paas-applications-using-app-services
Question #13
HOTSPOT -
Which cloud deployment solution is used for Azure virtual machines and Azure SQL databases? To answer, select
the appropriate options in the answer area.
Hot Area:
Answer:
Box 1:
Azure virtual machines are Infrastructure as a Service (IaaS).
Infrastructure as a Service is the most flexible category of cloud services. It aims to give you complete control over
the hardware that runs your application (IT infrastructure servers and virtual machines (VMs), storage, networks,
and operating systems). Instead of buying hardware, with IaaS, you rent it.
Box 2:
Azure SQL databases are Platform as a Service (Paas).
Azure SQL Database is a fully managed Platform as a Service (PaaS) Database Engine that handles most of the
database management functions such as upgrading, patching, backups, and monitoring without user involvement.
Azure SQL Database is always running on the latest stable version of SQL Server
Database Engine and patched OS with 99.99% availability. PaaS capabilities that are built-in into Azure SQL
database enable you to focus on the domain specific database administration and optimization activities that are
critical for your business.
Reference:
https://docs.microsoft.com/en-gb/learn/modules/principles-cloud-computing/5-types-of-cloud-services
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-paas-index
Question #14
You have an on-premises network that contains 100 servers.

You need to recommend a solution that provides additional resources to your users. The solution must minimize
capital and operational expenditure costs.
 A. a complete migration to the public cloud
 B. an additional data center

 C. a private cloud
 D. a hybrid cloud
Answer: D
A hybrid cloud is a combination of a private cloud and a public cloud.
Capital expenditure is the spending of money up-front for infrastructure such as new servers.
With a hybrid cloud, you can continue to use the on-premises servers while adding new servers in the public cloud
(Azure for example). Adding new servers in
Azure minimizes the capital expenditure costs as you are not paying for new servers as you would if you deployed
new server on-premises.
InAnswers:
A: A complete migration of 100 servers to the public cloud would involve a lot of operational expenditure (the cost
of migrating all the servers).
B: An additional data center would involve a lot of capital expenditure (the cost of the new infrastructure).
C: A private cloud is hosted on on-premises servers to this would involve a lot of capital expenditure (the cost of
the new infrastructure to host the private cloud).
Reference:
Question #15
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
It is not true that a company must always migrate from a private cloud model to implement a hybrid cloud. You
could start with a public cloud and then combine that with an on-premise infrastructure to implement a hybrid
cloud.
Box 2: Yes -
A company can extend the capacity of its internal network by using the public cloud. This is very common. When
you need more capacity, rather than pay out for new on-premises infrastructure, you can configure a cloud
environment and connect your on-premises network to the cloud environment by using a VPN.
Box 3: No -
It is not true that only guest users can access cloud resources. You can give anyone with an account in Azure Active
Directory access to the cloud resources.
There are many authentication scenarios but a common one is to replicate your on-premises Active Directory
accounts to Azure Active Directory and provide access to the Azure Active Directory accounts. Another commonly
used authentication method is ‫ג‬€˜Federa on‫ג‬€™ where authentication for access to cloud resources is passed to
another authentication provider such as an on-premises Active Directory. https://azure.microsoft.com/en-
gb/overview/what-is-hybrid-cloud-computing/
Question #16
You plan to migrate several servers from an on-premises network to Azure.

What is an advantage of using a public cloud service for the servers over an on-premises network?
 A. The public cloud is owned by the public, NOT a private corporation

 B. The public cloud is a crowd-sourcing solution that provides corporations with the ability to enhance the
cloud
 C. All public cloud resources can be freely accessed by every member of the public
 D. The public cloud is a shared entity whereby multiple corporations each use a portion of the resources
in the cloud
Answer: D
The public cloud is a shared entity whereby multiple corporations each use a portion of the resources in the cloud.
The hardware resources (servers, infrastructure etc.) are managed by the cloud provider. Multiple companies
create resources such as virtual machines and virtual networks on the hardware resources.
InAnswers:
A: The public cloud is not owned by the public. In the case of Microsoft Azure, the cloud is owned by Microsoft.
B: The public cloud is a not crowd-sourcing solution. In the case of Microsoft Azure, the cloud is owned by
Microsoft.
C: It is not true that public cloud resources can be freely accessed by every member of the public. You pay for a
cloud subscription and create accounts for your users to access your cloud resources. No one can access your cloud
resources until you create user accounts and provide the appropriate access permissions.
Question #17
HOTSPOT -
Hot Area:
Answer:
DISASTER Recovery
Question #18
In which type of cloud model are all the hardware resources owned by a third-party and shared between multiple
tenants?
 A. private
 B. hybrid
 C. public
Answer: C
Microsoft Azure, Amazon Web Services and Google Cloud are three examples of public cloud services.
Microsoft, Amazon and Google own the hardware. The tenants are the customers who use the public cloud
services.
Question #19
HOTSPOT -
Hot Area:
Answer:
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-hybrid-cloud-computing/
Question #20
You have 1,000 virtual machines hosted on the Hyper-V hosts in a data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go subscription.
You need to identify which expenditure model to use for the planned Azure solution.
Which expenditure model should you identify?
 A. operational
 B. elastic
 C. capital
 D. scalable
Answer: A
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the
switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it). This
switch also requires more careful management of your costs. The benefit of the cloud is that you can
fundamentally and positively affect the cost of a service you use by merely shutting down or resizing it when it's
not needed.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Question #21
DRAG DROP -
Match the Azure Cloud Services benefit to the correct description.
Instructions: To answer, drag the appropriate benefit from the column on the left to its description on the right.
Each benefit may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point.
Select and Place:
Answer:
Box 1:
Fault tolerance is the ability of a service to remain available after a failure of one of the components of the service.
For example, a service running on multiple servers can withstand the failure of one of the servers.
Box 2:
Disaster recovery is the recovery of a service after a failure. For example, restoring a virtual machine from backup
after a virtual machine failure.
Box 3:
Dynamic scalability is the ability for compute resources to be added to a service when the service is under heavy
load. For example, in a virtual machine scale set, additional instances of the virtual machine are added when the
existing virtual machines are under heavy load.
Box 4:
Latency is the time a service to respond to requests. For example, the time it takes for a web page to be returned
from a web server. Low latency means low response time which means a quicker response.
References:
https://msdn.microsoft.com/en-us/magazine/mt422582.aspx
https://searchdisasterrecovery.techtarget.com/definition/cloud-disaster-recovery-cloud-DR
http://www.siasmsp.com/the-benefit-of-scalability-in-cloud-computing-2/ https://azure.microsoft.com/en-
in/overview/what-is-cloud-computing/
Question #22
HOTSPOT -
Hot Area:
Answer:
YES
NO
YES
Question #23
HOTSPOT -
Hot Area:
Answer:NO
YES
YES
Question #24
Your company has an on-premises network that contains multiple servers.

The company plans to reduce the following administrative responsibilities of network administrators:
➠ Backing up application data

➠ Replacing failed server hardware
Managing physical server security
➠ Updating server operating systems
➠ Managing p ➠ermissions to shared documents
The company plans to migrate several servers to Azure virtual machines.
You need to identify which administrative responsibilities will be eliminated after the planned migration.
Which two responsibilities should you identify? Each Answer presents a complete solution.
 A. Replacing failed server hardware

 B. Backing up application data
 C. Managing physical server security
 D. Updating server operating systems
 E. Managing permissions to shared documents
Answer: AC
Azure virtual machines run on Hyper-V physical servers. The physical servers are owned and managed by
Microsoft. As an Azure customer, you have no access to the physical servers. Microsoft manage the replacement of
failed server hardware and the security of the physical servers so you don‫ג‬€™t need to.
InAnswers:
B: Microsoft have no control over the applications you run on the virtual machines. Therefore, it is your
responsibility to ensure that application data is backed up.
D: Microsoft do not manage the operating systems you run on the virtual machines. Therefore, it is your
responsibility to ensure that the operating systems are updated.
E: Microsoft have no control over the shared folders you host on the virtual machines. Therefore, it is your
responsibility to ensure that folder permissions are configured appropriately.
Question #25
HOTSPOT -
Hot Area:
Answer:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the
switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it).
Box 1: No -
With the pay-as-go model, you pay for services as you use them. This is Opex (Operational Expenditure), not CapEx
(Captial Expenditure). CapEx is where you pay for something upfront. For example, buying a new physical server.
Box 2: No -
Paying for electricity for your own datacenter will be classed as CapEx, not OpEx.
Box 3: Yes -
Deploying your own datacenter is an example of CapEx. This is because you need to purchase all the infrastructure
upfront before you can use it.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Question #26
You plan to provision Infrastructure as a Service (IaaS) resources in Azure.

Which resource is an example of IaaS?
 A. an Azure web app

 B. an Azure virtual machine
 C. an Azure logic app
 D. an Azure SQL database
Answer: B
An Azure virtual machine is an example of Infrastructure as a Service (IaaS).
Azure web app, Azure logic app and Azure SQL database are all examples of Platform as a Service (Paas).
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-iaas/
Question #27
To which cloud models can you deploy physical servers?
 A. private cloud and hybrid cloud only

 B. private cloud only
 C. private cloud, hybrid cloud and public cloud

 D. hybrid cloud only
Answer: A
A private cloud is on-premises so you can deploy physical servers.
A hybrid cloud is a mix of on-premise and public cloud resources. You can deploy physical servers on-premises.
Reference:
Question #28
DRAG DROP -
Match the cloud model to the correct advantage.
Instructions: To answer, drag the appropriate cloud model from the column on the left to its advantage on the
right. Each cloud model may be used once, more than once, or not at all.
NOTE: Each correct match is worth one point
Select and Place:
Answer:
Box 1: Public Cloud -

With a public cloud, there is no capital expenditure on server hardware etc. You only pay for cloud resources that
you use as you use them.
Box 2: Private Cloud -

A private cloud exists on premises, so you have complete control over security.
Box 3: Hybrid Cloud -

A hybrid cloud is a mix of public cloud resources and on-premises resources. Therefore, you have a choice to use
either.
Question #29
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can
extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.
Box 2: Yes -
A hybrid cloud is a combination of a private cloud and public cloud. Therefore, to create a hybrid cloud, you must
deploy resources to a public cloud.
Box 3: No.
It is not true that a private cloud must be disconnected from the Internet. Private clouds can be and most
commonly are connected to the Internet. ‫ג‬€Private cloud‫ג‬€ means that the physical servers are managed by you. It
does not mean that it is disconnected from the Internet.
Reference:
https://azure.microsoft.com/en-gb/overview/what-are-private-public-hybrid-clouds/
Question #30
You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The on-premises virtual
machines and the Azure virtual machines connect to each other.
Which type of cloud model is this?
 A. hybrid
 B. private
 C. public
Answer: A
References:
Question #31
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
A PaaS solution does not provide access to the operating system. The Azure Web Apps service provides an
environment for you to host your web applications.
Behind the scenes, the web apps are hosted on virtual machines running IIS. However, you have no direct access to
the virtual machine, the operating system or
IIS.
Box 2: Yes -
Box 3: Yes -
A PaaS solution that hosts web apps in Azure does provide the ability to scale the platform automatically. This is
known as autoscaling. Behind the scenes, the web apps are hosted on virtual machines running IIS. Autoscaling
means adding more load balanced virtual machines to host the web apps.
References:
Question #32

Solution: You create Azure virtual machines, Azure SQL databases, and Azure Storage accounts.
 A. Yes
 B. No
Answer: B
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes
infrastructure ‫ג‬€" servers, storage, and networking ‫ג‬€" but also middleware, development tools, business
intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web
application lifecycle: building, testing, deploying, managing, and updating.
However, virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant computing
infrastructure, provisioned and managed over the internet.
References:
https://azure.microsoft.com/en-us/overview/what-is-iaas/
Question #33
Your company plans to deploy several custom applications to Azure. The applications will provide invoicing services
to the customers of the company. Each application will have several prerequisite applications and services
installed.
You need to recommend a cloud deployment solution for all the applications.
What should you recommend?
 A. Software as a Service (SaaS)

 B. Platform as a Service (PaaS)
 C. Infrastructure as a Service (laaS)
Answer: C
Infrastructure as a service (IaaS) is an instant computing infrastructure, provisioned and managed over the
internet. The IaaS service provider manages the infrastructure, while you purchase, install, configure, and manage
your own software
InAnswers:
A: Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common
examples are email, calendaring, and office tools. In this scenario, you need to run your own apps, and therefore
require an infrastructure.
B:
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes
infrastructure‫ג‬€"servers, storage, and networking‫ג‬€"but also middleware, development tools, business intelligence
(BI) services, database management systems, and more. PaaS is designed to support the complete web application
lifecycle: building, testing, deploying, managing, and updating.
References:
https://azure.microsoft.com/en-us/overview/what-is-saas/
Question #34
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Building a data center infrastructure is capital expenditure, not operation expenditure.
Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as staff salaries.
Box 2: Yes -
OpEx is ongoing costs (costs of operations) such as leasing software. If you purchased software as a one-off
purchase, that would be CapEx, but leasing software is ongoing so it‫ג‬€™s OpEx.
Question #35
HOTSPOT -
Hot Area:
Answer:
Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.

Reference:
https://docs.microsoft.com/en-us/azure/cosmos-db/database-security
Question #36
HOTSPOT -
Hot Area:
Answer:
Reference:
https://azure.microsoft.com/en-us/overview/what-is-saas/
Question #37
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Box 2: No -
Each resource can exist in only one resource group.
Box 3: Yes -
Resources from multiple different regions can be placed in a resource group. The resource group only contains
metadata about the resources it contains.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
https://www.codeisahighway.com/effective-ways-to-delete-resources-in-a-resource-group-on-azure/
Question #38
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview
https://docs.microsoft.com/en-us/azure/cosmos-db/account-databases-containers-items https://www.red-
gate.com/simple-talk/cloud/azure/overview-of-azure-cosmos-db
Question #39
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/azure-sql/azure-sql-iaas-vs-paas-what-is-overview
Question #40
You need to deploy an Azure environment that meets the company‫ג‬€™s migration plan.
What should you create?
 A. Azure virtual machines, Azure SQL databases, and Azure Storage accounts.
 B. an Azure App Service and Azure virtual machines that have Microsoft SQL Server installed.
 C. an Azure App Service and Azure SQL databases.
 D. Azure storage account and web server in Azure virtual machines.
Answer: C
Azure App Service and Azure SQL databases are examples of Azure PaaS solutions. Therefore, this solution does
meet the goal.
Question #41
What does a customer provide in a software as a service (SaaS) model?
 A. application data
 B. data storage
 C. compute resources
 D. application software
Answer: A
SaaS provides a complete software solution which you purchase on a pay-as-you-go basis from a cloud service
provider. You rent the use of an app for your organization and your users connect to it over the Internet, usually
with a web browser. All of the underlying infrastructure, middleware, app software and app data are located in the
service provider‫ג‬€™s data center. The service provider manages the hardware and software and with the
appropriate service agreement, will ensure the availability and the security of the app and your data as well.
Reference:
https://azure.microsoft.com/en-in/overview/what-is-saas/
Question #42
HOTSPOT -
Hot Area:
Answer:
Reference:
https://azure.microsoft.com/en-gb/overview/what-is-iaas/
https://azure.microsoft.com/en-gb/overview/what-is-saas/
Question #43
HOTSPOT -
Hot Area:
Answer:
Question #44
HOTSPOT -
Hot Area:
Answer:
A resource group is a logical container for Azure resources. Resource groups make the management of Azure
resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such as virtual
machines, websites, and subnets. The permissions you apply to the resource group apply to all resources
contained in the resource group.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
Question #45
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single data center fails.
Solution: You deploy the virtual machines to two or more availability zones.
 A. Yes
 B. No
Answer: A
your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability
Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use
replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/availability
Question #46
This question requires that you evaluate the underlined text to determine if it is correct.
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the platform.
Instructions: Review the underlined text. If it makes the statement correct, select ‫ג‬€No change is needed‫ג‬€. If the
statement is incorrect, select the answer choice that makes the statement correct.
 A. No change is needed
 B. automatic scaling
 C. data compression
 D. versioning
Answer: A
Azure Data Warehouse (now known as Azure Synapse Analytics) is a PaaS offering from Microsoft. As with all PaaS
services from Microsoft, SQL Data
Warehouse offers an availability SLA of 99.9%. Microsoft can offer 99.9% availability because it has high availability
features built into the platform.
References:
https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-faq
Question #47

Solution: You deploy the virtual machines to two or more regions.
 A. Yes
 B. No
Answer: A
By deploying the virtual machines to two or more regions, you are deploying the virtual machines to multiple
datacenters. This will ensure that the services running on the virtual machines are available if a single data center
fails.
Azure operates in multiple datacenters around the world. These datacenters are grouped in to geographic regions,
giving you flexibility in choosing where to build your applications.
You create Azure resources in defined geographic regions like 'West US', 'North Europe', or 'Southeast Asia'. You
can review the list of regions and their locations.
Within each region, multiple datacenters exist to provide for redundancy and availability.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/regions
Question #48
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
A resource can interact with resources in other resource groups.
Box 2: Yes -
Deleting the resource group will remove the resource group as well as all the resources in that resource group. This
can be useful for the management of resources. For example, a virtual machine has several components (the VM
itself, virtual disks, network adapter etc.). By placing the VM in its own resource group, you can delete the VM
along with all its associated components by deleting the resource group.
Another example is when creating a test environment. You could place the entire test environment (Network
components, virtual machines etc.) in one resource group. You can then delete the entire test environment by
deleting the resource group.
Box 3: Yes -
Resources from multiple different regions can be placed in a resource group. The resource group only contains
metadata about the resources it contains.
References:
https://www.codeisahighway.com/effective-ways-to-delete-resources-in-a-resource-group-on-azure/
Question #49
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft
Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each Answer presents a complete solution.
 A. Azure Data Lake

 B. Azure Cosmos DB
 C. Azure SQL Data Warehouse
 D. Azure SQL Database
 E. Azure Database for PostgreSQL
Answer: AC
You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL Data Warehouse.
Azure Data Lake includes all of the capabilities required to make it easy for developers, data scientists and analysts
to store data of any size and shape and at any speed, and do all types of processing and analytics across platforms
and languages. It removes the complexities of ingesting and storing all your data while making it faster to get up
and running with batch, streaming and interactive analytics. It also integrates seamlessly with operational stores
and data warehouses so that you can extend current data applications.
References:
https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-power-bi
https://azure.microsoft.com/en-gb/solutions/data-lake/ https://docs.microsoft.com/en-us/azure/data-lake-
store/data-lake-store-power-bi
Question #50
HOTSPOT -
You have an Azure environment that contains 10 web apps. To which URL should you connect to manage all the
Azure resources? To answer, select the appropriate options in the answer area.
Hot Area:
Answer:
The Azure portal is a web-based management interface where you can view and manage all your Azure resources
in one unified hub, including web apps, databases, virtual machines, virtual networks, storage and Visual Studio
team projects.
The URL of the Azure portal is https://portal.azure.com.
References:
https://azure.microsoft.com/en-gb/features/azure-portal/
Question #51
You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure
services.
What should you identify?
 A. a physical server failure

 B. an Azure region failure
 C. a storage failure
 D. an Azure data center failure
Answer: D
your VMs. An Availability Zone is a physically separate zone, within an Azure region. There are three Availability
Zones per supported Azure region.

Each Availability Zone has a distinct power source, network, and cooling. By architecting your solutions to use
replicated VMs in zones, you can protect your apps and data from the loss of a datacenter. If one zone is
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/availability
Question #52
HOTSPOT -
You plan to extend your company‫ג‬€™s network to Azure. The network contains a VPN appliance that uses an IP
address of 131.107.200.1.
You need to create an Azure resource that defines the VPN appliance in Azure.
Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
Hot Area:
Answer:
A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network
Gateway is the VPN object at the Azure end of the
VPN. A ‫ג‬€˜connec on‫ג‬€™ is what connects the Local Network Gateway and the Virtual Network Gateway to bring
up the VPN.
The local network gateway typically refers to your on-premises location. You give the site a name by which Azure
can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection.
You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The
address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network
changes or you need to change the public IP address for the VPN device, you can easily update the values later.
Reference:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
Question #53
Solution: You deploy the virtual machines to two or more resource groups.
 A. Yes
 B. No
Answer: B
A resource group is a logical container for Azure resources. When you create a resource group, you specify which
location to create the resource group in.

However, when you create a virtual machine and place it in the resource group, the virtual machine can still be in a
different location (different datacenter).
Therefore, creating multiple resource groups, even if they are in separate datacenters does not ensure that the
services running on the virtual machines are available if a single data center fails.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups
Question #54
Solution: You deploy the virtual machines to a scale set.
 A. Yes
 B. No
Answer: B
This answer does not specify that the scale set will be configured across multiple data centers so this solution does
not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM
instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide
high availability to your applications, and allow you to centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize
availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.
Reference:
Question #55
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one
Azure AD tenant.
Box 2: Yes -
Box 3: No -
If your subscription expires, you lose access to all the other resources associated with the subscription. However,
the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure
subscription.
References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-
associated-directory
Question #56
Resource groups provide organizations with the ability to manage the compliance of Azure resources across
multiple subscriptions.
 B. Management groups
 C. Azure policies
 D. Azure App Service plans
Answer: C
Azure policies can be used to define requirements for resource properties during deployment and for already
existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce
different rules and effects over your resources, so those resources stay compliant with your corporate standards
and service level agreements. Azure Policy meets this need by evaluating your resources for non- compliance with
assigned policies. All data stored by Azure Policy is encrypted at rest.
For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once
this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy,
existing resources can be brought into compliance.
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Question #57
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by
each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? Each Answer presents a complete
solution.
 A. multiple subscriptions
 B. multiple Azure Active Directory (Azure AD) directories
 C. multiple regions
 D. multiple resource groups
Answer: AD
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for
billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory)
can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include
all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need
to create a separate subscription per department. You can then assign each department administrator as an
administrator for the subscription to enable them to manage all resources in that subscription.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/create-subscription
https://docs.microsoft.com/en-us/azure/cost-management-billing/manage/add-change-subscription-
administrator
Question #58
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
You can use the same account to manage multiple subscriptions. You can create an additional subscription for your
account in the Azure portal. You may want an additional subscription to avoid hitting subscription limits, to create
separate environments for security, or to isolate data for compliance reasons.
Box 2: No -
You cannot merge two subscriptions into a single subscription. However, you can move some Azure resources
from one subscription to another. You can also transfer ownership of a subscription and change the billing type for
a subscription.
Box 3: Yes -
A company can have multiple subscriptions and store resources in the different subscriptions. However, a resource
instance can exist in only one subscription.
Reference:
Question #59
HOTSPOT -
Hot Area:
Answer:
You can move a VM and its associated resources to a different subscription by using the Azure portal.
Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now
want to move it to your company's subscription to continue your work. You do not need to start the VM in order to
move it and it should continue to run during the move.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/move-vm
Question #60
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate
to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each Answer presents part of the solution.
 A. a virtual network gateway

 B. a load balancer
 C. an application gateway
 D. a virtual network
 E. a gateway subnet
Answer: AD
To implement a solution that enables the client computers on your on-premises network to communicate to the
Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in
a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be
named ‫ג‬€˜GatewaySubnet‫ג‬€™.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a
Azure, we can assume that the virtual network is already in place.
References:
https://docs.microsoft.com/en-us/office365/enterprise/connect-an-on-premises-network-to-a-microsoft-azure-
virtual-network Question #61
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a
message that you must increase your Azure subscription limits.
What should you do to increase the limits?
 A. Create a service health alert

 B. Upgrade your support plan
 C. Modify an Azure policy
 D. Create a new support request
Answer: D
Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs.
However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request, select ‫ג‬€˜Service and
subscription limits (quotas)‫ג‬€™ for the Issue type, select your subscription and the service you want to increase the
quota for. For this question, you would select ‫ג‬€˜SQL Database Managed Instance‫ג‬€™ as the quote type.
Reference:
https://docs.microsoft.com/en-us/azure/sql-database/sql-database-managed-instance-resource-limits#obtaining-
a-larger-quota-for-sql-managed-instance
Question #62
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
You can assign service administrators and co-administrators in the Azure Portal but there can only be one account
administrator.
Box 2: No -
You need an Azure Active Directory account to manage a subscription, not a Microsoft account.
An account is created in the Azure Active Directory when you create the subscription. Further accounts can be
created in the Azure Active Directory to manage the subscription.
Box 3: No -
Resource groups are logical containers for Azure resources. However, resource groups do not contain
subscriptions. Subscriptions contain resource groups.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-
microsoft-cloud-offerings
Question #63
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Availability zones can be used with many Azure services, not just VMs.
Box 3: No -
Availability Zones are unique physical locations within a single Azure region.
Reference:
https://docs.microsoft.com/en-us/azure/availability-zones/az-region#azure-regions-with-availability-zones
Question #64
HOTSPOT -
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the unmanaged data disks of the virtual machine.
What should you identify? To answer, select the appropriate service in the answer area.
Hot Area:
Answer:
Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS and data disks are
implemented as virtual disks where data is durably persisted in the Azure Storage platform and then delivered to
the virtual machines for maximum performance. Azure Disks are persisted in Hyper-V VHD format and stored as a
page blob in Azure Storage.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-pageblob-overview
Question #65
Your company plans to move several servers to Azure.

The company‫ג‬€™s compliance policy states that a server named FinServer must be on a separate network
segment.
You are evaluating which Azure services can be used to meet the compliance policy requirements.
Which Azure solution should you recommend?
 A. a resource group for FinServer and another resource group for all the other servers
 B. a virtual network for FinServer and another virtual network for all the other servers
 C. a VPN for FinServer and a virtual network gateway for each other server
 D. one resource group for all the servers and a resource lock for FinServer
Answer: B
Networks in Azure are known as virtual networks. A virtual network can have multiple IP address spaces and
multiple subnets. Azure automatically routes traffic between different subnets within a virtual network.
The question states that FinServer must be on a separate network segment. The only way to separate FinServer
from the other servers in networking terms is to place the server in a different virtual network to the other servers.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm
Question #66
You plan to map a network drive from several computers that run Windows 10 to Azure Storage.
You need to create a storage solution in Azure for the planned mapped drive.
 A. an Azure SQL database

 B. a virtual machine data disk
 C. a File service in a storage account
 D. a Blob service in a storage account
Answer: C
Azure Files is Microsoft's easy-to-use cloud file system. Azure file shares can be seamlessly used in Windows and
Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a drive letter or
mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows Server, Linux Samba
server, or NAS device, Azure file shares do not currently support Kerberos authentication with your Active
Directory (AD) or Azure Active Directory (AAD) identity, although this is a feature we are working on.
Instead, you must access your Azure file share with the storage account key for the storage account containing
your Azure file share. A storage account key is an administrator key for a storage account, including administrator
permissions to all files and folders within the file share you're accessing, and for all file shares and other storage
resources (blobs, queues, tables, etc) contained within your storage account.
References:
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
Question #67
HOTSPOT -
You plan to implement an Azure database solution.
You need to implement a database solution that meets the following requirements:
➠ Can add data concurrently from multiple regions
➠ Can store JSON documents
Which database service should you deploy? To answer, select the appropriate service in the answer area.
Hot Area:
Answer:
Azure Cosmos DB is Microsoft's globally distributed, multi-model database service. With a click of a button,
Cosmos DB enables you to elastically and independently scale throughput and storage across any number of Azure
regions worldwide.
Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure Functions, Cosmos DB
makes storing data quick and easy with much less code than required for storing data in a relational database.
References:
https://docs.microsoft.com/en-us/azure/cosmos-db/introduction https://docs.microsoft.com/en-us/azure/azure-
functions/functions-integrate-store-unstructured-data-cosmosdb?tabs=csharp
Question #68
Your company plans to migrate all its network resources to Azure.

You need to start the planning process by exploring Azure.
What should you create first?
 A. a subscription
 B. a resource group
 C. a virtual network
 D. a management group
Answer: A
The first thing you create in Azure is a subscription. You can think of an Azure subscription as an ‫ג‬€Ãzure
account‫ג‬€™. You get billed per subscription.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or services, for which
charges accrue based on either a per-user license fee or on cloud-based resource consumption.
➠ Microsoft's Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and Dynamics 365)
charge per-user license fees.
➠ Microsoft's Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings (Azure) charge
based on cloud resource consumption.
You can also use a trial subscription, but the subscription expires after a specific amount of time or consumption
charges. You can convert a trial subscription to a paid subscription.
Organizations can have multiple subscriptions for Microsoft's cloud offerings.
References:
https://docs.microsoft.com/en-us/office365/enterprise/subscriptions-licenses-accounts-and-tenants-for-
microsoft-cloud-offerings
Question #69
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure resources deployed to a single resource group can be located in different regions. The resource group only
contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may be wondering,
"Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the resource group location
matter at all?" The resource group stores metadata about the resources. When you specify a location for the
resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure
that your data is stored in a particular region.
Box 2: No -
Tags for Resources are not inherited by default from their Resource Group
Box 3: Yes -
A resource group can be used to scope access control for administrative actions. By default, permissions set at the
resource level are inherited by the resources in the resource group.
Reference:
Question #70
HOTSPOT -
Hot Area:
Answer:
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and
cool tiers. Data in the archive tier can take several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can't be read, overwritten, or modified. To read or
download a blob in archive, you must first rehydrate it to an online tier.
Example usage scenarios for the archive access tier include:
➠ Long-term backup, secondary backup, and archival datasets
➠ Original (raw) data that must be preserved, even after it has been processed into final usable form.
➠ Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.
Reference:
https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blob-storage-tiers?tabs=azure-portal#archive-
access-tier
Question #71
HOTSPOT -
You plan to deploy a critical line-of-business application to Azure.
The application will run on an Azure virtual machine.
You need to recommend a deployment solution for the application. The solution must provide a guaranteed
availability of 99.99 percent.
What is the minimum number of virtual machines and the minimum number of availability zones you should
recommend for the deployment? To answer, select the appropriate options in the answer area.
Hot Area:
Answer:
You need a minimum of two virtual machines with each one located in a different availability zone.
Availability Zones is a high-availability offering that protects your applications and data from datacenter failures.
Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more
datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there‫ג‬€™s a
region protects applications and data from datacenter failures. Zone-redundant services replicate your applications
and data across Availability Zones to protect from single-points-of-failure. With Availability
Zones, Azure offers industry best 99.99% VM uptime SLA.
References:
Question #72
Which Azure service should you use to collect events from multiple resources into a centralized repository?
 A. Azure Event Hubs

 B. Azure Analysis Services
 C. Azure Monitor
 D. Azure Stream Analytics
Answer: A C
Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive and process millions
of events per second. Data sent to an event hub can be transformed and stored by using any real-time analytics
provider or batching/storage adapters.
Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to get actionable
insights. Event Hubs uses a partitioned consumer model, enabling multiple applications to process the stream
concurrently and letting you control the speed of processing.
Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or Azure Data Lake
Storage‫ג‬€‰for long-term retention or micro-batch processing.
Reference:
https://docs.microsoft.com/en-us/azure/event-hubs/event-hubs-about
Question #73
HOTSPOT -
Hot Area:
Answer:
Availability Zones are unique physical locations within an Azure region.
Reference:
Question #74
HOTSPOT -
Hot Area:
Answer
YES
NO
YES
Question #75
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Not all Azure regions support availability zones.
Box 2: No -
Regions that support availability zones support Linux virtual machines.
Box 3: Yes -
Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more
datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there‫ג‬€™s a
region protects applications and data from datacenter failures. Zone-redundant services replicate your applications
and data across Availability Zones to protect from single-points-of-failure. With Availability
Zones, Azure offers industry best 99.99% VM uptime SLA.
References:
https://docs.microsoft.com/en-gb/azure/availability-zones/az-overview
Question #76
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
North America has several Azure regions, including West US, Central US, South Central US, East Us, and Canada
East.
Box 2: Yes -
A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated
regional low-latency network.
Box 3: No -
Outbound data transfer is charged at the normal rate and inbound data transfer is free.
References:
https://azure.microsoft.com/en-us/global-infrastructure/regions/ https://azure.microsoft.com/en-
us/pricing/details/bandwidth/
Question #77
Solution: You deploy the virtual machines to two or more scale sets.
A. Yes
B. No
Answer: B
This answer does not specify that the scale set will be configured across multiple data centers so this solution does
not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The number of VM
instances can automatically increase or decrease in response to demand or a defined schedule. Scale sets provide
high availability to your applications, and allow you to centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault domains to maximize
availability and resilience to outages due to data center outages, and planned or unplanned maintenance events.
Reference:
Question #78
You need to be notified when Microsoft plans to perform maintenance that can affect the resources deployed to
an Azure subscription.
What should you use?
A. Azure Monitor
B. Azure Service Health
C. Azure Advisor
D. Microsoft Trust Center
Answer: B
Azure Service Health provides a personalized view of the health of the Azure services and regions you're using. This
is the best place to look for service impacting communications about outages, planned maintenance activities, and
other health advisories because the authenticated Service Health experience knows which services and resources
you currently use.
Reference:
https://docs.microsoft.com/en-us/azure/service-health/overview
Question #79
DRAG DROP -
Match the Azure Services service to the correct description.
Instructions: To answer, drag the appropriate service from the column on the left to its description on the right.
Each service may be used once, more than once, or not at all.
Select and Place:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure-sphere/product-overview/what-is-azure-sphere
https://docs.microsoft.com/en-us/azure/iot-central/core/overview-iot-central https://docs.microsoft.com/en-
us/azure/iot-hub/about-iot-hub
Question #80
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-desktop/overview
Question #81
HOTSPOT -
Hot Area:
Answer:
Reference:
https://blog.abouttmc.com/azure-cloud-total-cost-of-ownership
Question #82
HOTSPOT -
Hot Area:
Answer:
your VMs. Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or
more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there are a
region protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting your solutions to use
replicated VMs in zones, you can protect your applications and data from the loss of a datacenter. If one zone is
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/manage-availability
Question #83
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
A subscription can have multiple administrators, but there can only be one account administrator.
Box 2: Yes -
An Azure subscription is linked to a single account, the one that was used to create the subscription and is used for
billing purposes. You can have more than one subscription.
Box 3: No -
A subscription can contain multiple resource groups but a resource group can only belong to one subscription.
Resource groups can contain multiple resources.
Reference:
https://k21academy.com/microsoft-azure/az-900/az-900-azure-subscriptions/ https://azure.microsoft.com/en-
us/blog/organizing-subscriptions-and-resource-groups-within-the-enterprise/
Question #84
An Azure region contains one or more data centers that are connected by using a low-latency network.
 B. Is found in each country where Microsoft has a subsidiary office
 C. Can be found in every country in Europe and the Americas only
 D. Contains one or more data centers that are connected by using a high-latency network
Answer: A
A region is a set of data centres deployed within a latency-defined perimeter and connected through a dedicated
regional low-latency network.
Microsoft Azure currently has 55 regions worldwide.
Regions are divided into Availability Zones. Availability Zones are physically separate locations within an Azure
region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling,
and networking.
References:
https://azure.microsoft.com/en-gb/global-infrastructure/regions/
Question #85
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
https://petri.com/understanding-hybrid-azure-active-directory-join
Question #86

You need to ensure that the services running on the virtual machines remain available if a single data center fails.
What are two possible solutions? Each Answer presents a complete solution.
 A. Deploy the virtual machines to two or more availability zones.

 B. Deploy the virtual machines to two or more resource groups.
 C. Deploy the virtual machines to a scale set.
 D. Deploy the virtual machines to two or more regions.
Answer: AD
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machine-scale-sets/overview https://docs.microsoft.com/en-
us/azure/virtual-machines/windows/regions
Question #87
HOTSPOT -
Hot Area:
Answer:
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual machines in a virtual
network can connect to the other virtual machines in the same virtual network. Even if the virtual machines are on
separate subnets within the virtual network, they can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be
deployed to a separate virtual network.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
Question #88
DRAG DROP -
Match the Azure service to the appropriate description.
To answer, drag the appropriate service from the column on the left to its description on the right. Each service
may be used once, more than once, or not at all.
Select and Place:
Answer:
Question #89
DRAG DROP -
Match the Azure service to the correct definition.
Instructions: To answer, drag the appropriate Azure service from the column on the left to its description on the
right. Each service may be used once, more than once, or not at all.
Select and Place:
Answer:
Box 1:
Azure Functions provides the platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without having to explicitly
provision or manage infrastructure.
Box 2:
Azure Databricks is a big analysis service for machine learning.
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components
including ‫ג‬€˜MLib‫ג‬€™. Mlib is a Machine Learning library consisting of common learning algorithms and utilities,
including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as

underlying optimization primitives.
Box 3:
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM)
service for developers and DevOps professionals.
Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful
analytics tools to help you diagnose issues and to understand what users actually do with your app.
Box 4:
Azure App Service hosts web apps.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can
develop in your favorite language, be it
.NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and
Linux-based environments.
References:
https://docs.microsoft.com/en-us/azure/azure-functions/
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-spark-based-analytics-
platform https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://docs.microsoft.com/en-us/azure/app-service/overview
Question #90
A team of developers at your company plans to deploy, and then remove, 50 customized virtual machines each
week. Thirty of the virtual machines run Windows
Server 2016 and 20 of the virtual machines run Ubuntu Linux.
You need to recommend which Azure service will minimize the administrative effort required to deploy and
remove the virtual machines.
 A. Azure Reserved Virtual Machines (VM) Instances

 B. Azure virtual machine scale sets
 C. Azure DevTest Labs
 D. Microsoft Managed Desktop
Answer: C
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:
➠ Quickly provision Windows and Linux environments by using reusable templates and artifacts.
➠ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
➠ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for
training and demos.
Reference:
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
Question #91
A support engineer plans to perform several Azure management tasks by using the Azure CLI.
You install the CLI on a computer.
You need to tell the support engineer which tools to use to run the CLI.
Which two tools should you instruct the support engineer to use? Each Answer presents a complete solution.
 A. Command Prompt
 B. Azure Resource Explorer
 C. Windows PowerShell
 D. Windows Defender Firewall
 E. Network and Sharing Center
Answer: AC
For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through the Windows
Command Prompt (CMD) or PowerShell.
References:
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
Question #92
You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the
Android operating system.
Solution: You use PowerShell in Azure Cloud Shell.
 A. Yes
 B. No
Answer: A
Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.
Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources without the
overhead of installing, versioning, and maintaining a machine yourself.
Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the Android operating
system.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/features
Question #93
Solution: You use the PowerApps portal.
 A. Yes
 B. No
Answer: B
PowerApps lets you quickly build business applications with little or no code. It is not used to create Azure virtual
machines. Therefore, this solution does not meet the goal.
PowerApps Portals allow organizations to create websites which can be shared with users external to their
organization either anonymously or through the login provider of their choice like LinkedIn, Microsoft Account,
other commercial login providers.
References:
https://powerapps.microsoft.com/en-us/blog/introducing-powerapps-portals-powerful-low-code-websites-for-
external-users/
Question #94
Solution: You use the Azure portal.
 A. Yes
 B. No
Answer: A
The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the
Azure portal, you can manage your Azure subscription using a graphical user interface. You can build, manage, and
monitor everything from simple web apps to complex cloud deployments. Create custom dashboards for an
organized view of resources. Configure accessibility options for an optimal experience.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android operating system.
References:
https://docs.microsoft.com/en-us/azure/azure-portal/azure-portal-overview
Question #95
HOTSPOT -
Hot Area:
Answer:
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components
including ‫ג‬€˜MLib‫ג‬€™. Mlib is a Machine Learning library consisting of common learning algorithms and utilities,
including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as
underlying optimization primitives.
Reference:
https://docs.microsoft.com/en-us/azure/azure-databricks/what-is-azure-databricks#apache-spark-based-analytics-
platform
Question #96
HOTSPOT -
Hot Area:
Answer:NO
YES
NO
Question #97
Which Azure service provides a set of version control tools to manage code?
 A. Azure Repos
 B. Azure DevTest Labs
 C. Azure Storage
 D. Azure Cosmos DB
Answer: A
Azure Repos is a set of version control tools that you can use to manage your code.
InAnswers:
B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
These have all the necessary tools and software that you can use to create environments.
D: Azure Cosmos DB is Microsoft's globally distributed, multi-model database service.
References:
https://docs.microsoft.com/en-us/azure/devops/repos/get-started/what-is-repos?view=azure-devops
Question #98
HOTSPOT -
You need to manage Azure by using Azure Cloud Shell.
Which Azure portal icon should you select? To answer, select the appropriate icon in the answer area.
Hot Area:
Answer:
You can access Azure Cloud Shell in the Azure portal by clicking the icon.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It
provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or
PowerShell.
Cloud Shell enables access to a browser-based command-line experience built with Azure management tasks in
mind.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/overview?view=azure-cli-latest
Question #99
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.
Which Azure service should you use from the Azure portal to view service failure notifications that can affect the
availability of VM1?
 A. Azure Service Fabric

 B. Azure Monitor
 C. Azure virtual machines
 D. Azure Advisor
Answer: C
In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status. This column will
display service issues that could affect your virtual machine. A service failure is rare but host server maintenance
that could affect your virtual machines is more common.
Azure periodically updates its platform to improve the reliability, performance, and security of the host
infrastructure for virtual machines. The purpose of these updates ranges from patching software components in
the hosting environment to upgrading networking components or decommissioning hardware.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/maintenance-and-updates
Question #100
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.
 A. Yes
 B. No
Answer: B
A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in
PowerShell.
PowerShell can now be installed on Linux. However, the question states that the computer has Azure CLI tools, not
PowerShell installed. Therefore, this solution does not meet the goal.
References:
https://docs.microsoft.com/en-us/powershell/scripting/components/ise/how-to-write-and-run-scripts-in-the-
windows-powershell-ise?view=powershell-6
Question #101
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
 A. Yes
 B. No
Answer: A
PowerShell.
With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You log in to the Azure
Portal and select the Azure Cloud Shell option.
This will open a PowerShell session in the Web browser. The Azure Cloud Shell has the necessary Azure PowerShell
module installed.
Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory where the
PowerShell script is stored.
References:
https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart-powershell
Question #102
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
Azure Service Health consists of three components: Azure Status, Azure Service Heath and Azure Resource Health.
Azure service health provides a personalized view of the health of the Azure services and regions you're using. This
is the best place to look for service impacting communications about outages, planned maintenance activities, and
other health advisories because the authenticated Azure Service Health experience knows which services and
resources you currently use.
To view the health of all other services available in Azure, you would use the Azure Status component of Azure
Service Health. Azure status informs you of service outages in Azure on the Azure Status page. The page is a global
view of the health of all Azure services across all Azure regions.
Box 2: Yes -
The best way to use Service Health is to set up Service Health alerts to notify you via your preferred
communication channels when service issues, planned maintenance, or other changes may affect the Azure
services and regions you use.
Box 3: No -
You can use Resource Health to view the health of a virtual machine. However, you cannot use Resource Health to
prevent a service failure affecting the virtual machine.
Azure resource health provides information about the health of your individual cloud resources such as a specific
virtual machine instance.
References:
https://docs.microsoft.com/en-us/azure/service-health/overview
Question #103
Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0 installed.
 A. Yes
 B. No
Answer: A
PowerShell.
In this question, the computer has PowerShell Core 6.0 installed. Therefore, this solution does meet the goal.
Note: To create Azure resources using PowerShell, you would need to import the Azure PowerShell module which
includes the PowerShell cmdlets required to create the resources.
References:
Question #104
HOTSPOT -
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.
Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.
Hot Area:
Answer:
On the Help and Support blade, there is a Service Health option. If you click Service Health, a new blade opens. The
Service Health blade contains the Planned
Maintenance link which opens a blade where you can view a list of planned maintenance events that can affect the
availability of an Azure subscription.
Question #105
DRAG DROP -
Match the Azure service to the correct definition.
Select and Place:
Answer:
Box 1: Azure DevOps.

Azure DevOps is Microsoft‫ג‬€™s primary software development and deployment platform.
DevOps influences the application lifecycle throughout its plan, develop, deliver and operate phases.
Box 2: Azure Advisor.
Advisor is a personalized cloud consultant that helps you follow best practices to optimize your Azure
deployments. It analyzes your resource configuration and usage telemetry and then recommends solutions that
can help you improve the cost effectiveness, performance, high availability, and security of your Azure resources.
Box 3: Azure Cognitive Services.
Azure Cognitive Services are APIs, SDKs, and services available to help developers build intelligent applications
without having direct AI or data science skills or knowledge. Azure Cognitive Services enable developers to easily
add cognitive features into their applications. The goal of Azure Cognitive Services is to help developers create
applications that can see, hear, speak, understand, and even begin to reason. The catalog of services within Azure
Cognitive Services can be categorized into five main pillars - Vision, Speech, Language, Web Search, and Decision.
Box 4. Azure Application Insights.
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance Management (APM)
service for developers and DevOps professionals.
Use it to monitor your live applications. It will automatically detect performance anomalies, and includes powerful
analytics tools to help you diagnose issues and to understand what users actually do with your app.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/app-insights-overview
https://azure.microsoft.com/en-gb/overview/what-is-devops/ https://docs.microsoft.com/en-
us/azure/advisor/advisor-overview https://docs.microsoft.com/en-us/azure/cognitive-services/welcome
Question #106
DRAG DROP -
Match the Azure service to the correct description.
Select and Place:
Answer:
Box 1: Azure SQL Database -

SQL Server is a relational database service. Azure SQL Database is a managed SQL Server Database in Azure. The
SQL Server is managed by Microsoft; you just have access to the database.
Box 2: Azure SQL Synapse Analytics
Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-a-Service (PaaS)
offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel processing) relational database
technology in the same class of competitors as Amazon Redshift or Snowflake. Azure SQL
Synapse Analytics is an important component of the Modern Data Warehouse multi-platform architecture.
Because Azure SQL Synapse Analytics is an MPP system with a shared-nothing architecture across distributions, it
is meant for large-scale analytical workloads which can take advantage of parallelism.
Box 3: Azure Data Lake Analytics
You can process big data jobs in seconds with Azure Data Lake Analytics. You can process petabytes of data for
diverse workload categories such as querying,
ETL, analytics, machine learning, machine translation, image processing and sentiment analysis by leveraging
existing libraries written in .NET languages, R or
Python.
Box 4: Azure HDInsight.
Apache Hadoop was the original open-source framework for distributed processing and analysis of big data sets on
clusters. The Hadoop ecosystem includes related software and utilities, including Apache Hive, Apache HBase,
Spark, Kafka, and many others.
Azure HDInsight is a fully managed, full-spectrum, open-source analytics service in the cloud for enterprises. The
Apache Hadoop cluster type in Azure HDInsight allows you to use HDFS, YARN resource management, and a simple
MapReduce programming model to process and analyze batch data in parallel.
Reference:
https://azure.microsoft.com/en-us/services/sql-database/
https://docs.microsoft.com/en-us/azure/sql-data-warehouse/sql-data-warehouse-overview-what-is
https://docs.microsoft.com/bs-latn-ba/azure/hdinsight/hadoop/apache-hadoop-introduction https://www.blue-
granite.com/blog/is-azure-sql-data-warehouse-a-good-fit-updated https://azure.microsoft.com/en-
gb/services/data-lake-analytics/
Question #107
HOTSPOT -
You need to identify which blades in the Azure portal must be used to perform the following tasks:
➠ View security recommendations.
➠ Monitor the health of Azure services.
➠ Browse available virtual machine images.
Which blade should you identify for each task? To answer, select the appropriate options in the answer area.
Hot Area:
Answer:
Box 1:
Azure Monitor is used to monitor the health of Azure services.
Azure Monitor maximizes the availability and performance of your applications and services by delivering a
comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises
environments. It helps you understand how your applications are performing and proactively identifies issues
affecting them and the resources they depend on.
Box 2:
You can browse available virtual machine images in the Azure Marketplace.
Azure Marketplace provides access and information on solutions and services available from Microsoft and their
partners. Customers can discover, try, or buy cloud software solutions built on or for Azure. The catalog of 8,000+
listings provides Azure building blocks, such as Virtual Machines (VMs), APIs, Azure apps,
Solution Templates and managed applications, SaaS apps, containers, and consulting services.
Box 3.
Azure Advisor displays security recommendations.
Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources.
It integrates with Azure Security Center to bring you security recommendations. You can get security
recommendations from the Security tab on the Advisor dashboard.
Security Center helps you prevent, detect, and respond to threats with increased visibility into and control over the
security of your Azure resources. It periodically analyzes the security state of your Azure resources. When Security
Center identifies potential security vulnerabilities, it creates recommendations. The recommendations guide you
through the process of configuring the controls you need.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/overview https://docs.microsoft.com/en-
us/azure/marketplace/marketplace-faq-publisher-guide https://docs.microsoft.com/en-us/azure/advisor/advisor-
security-recommendations
Question #108
Solution: You use Bash in Azure Cloud Shell.
 A. Yes
 B. No
Answer: A
With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. It
provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or
PowerShell.
Reference:
https://docs.microsoft.com/en-us/azure/cloud-shell/quickstart https://docs.microsoft.com/en-us/azure/cloud-
shell/overview
Question #109
You have an on-premises application that sends email notifications automatically based on a rule.
You plan to migrate the application to Azure.
You need to recommend a serverless computing solution for the application.
 A. a web app
 B. a server image in Azure Marketplace
 C. a logic app
 D. an API app
Answer: C
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks, business processes,
and workflows when you need to integrate apps, data, systems, and services across enterprises or organizations.
Logic Apps simplifies how you design and build scalable solutions for app integration, data integration, system
integration, enterprise application integration (EAI), and business-to-business (B2B) communication, whether in
the cloud, on premises, or both.
For example, here are just a few workloads you can automate with logic apps:
➠ Process and route orders across on-premises systems and cloud services.
➠ Send email notifications with Office 365 when events happen in various systems, apps, and services.
➠ Move uploaded files from an SFTP or FTP server to Azure Storage.
➠ Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for items that need
review.
References:
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-overview
Question #110
You plan to deploy a website to Azure. The website will be accessed by users worldwide and will host large video
files.
You need to recommend which Azure feature must be used to provide the best video playback experience.
 A. an application gateway
 B. an Azure ExpressRoute circuit
 C. a content delivery network (CDN)
 D. an Azure Traffic Manager profile
Answer: C
The question states that users are located worldwide and will be downloading large video files. The video playback
experience would be improved if they can download the video from servers in the same region as the users. We
can achieve this by using a content deliver network.
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver web content to
users. CDNs store cached content on edge servers in point-of-presence (POP) locations that are close to end users,
to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly delivering high-bandwidth
content to users by caching their content at strategically placed physical nodes across the world. Azure CDN can
also accelerate dynamic content, which cannot be cached, by leveraging various network optimizations using CDN
POPs. For example, route optimization to bypass Border Gateway Protocol (BGP).
The benefits of using Azure CDN to deliver web site assets include:
➠ Better performance and improved user experience for end users, especially when using applications in which
multiple round-trips are required to load content.
➠ Large scaling to better handle instantaneous high loads, such as the start of a product launch event.
➠ Distribution of user requests and serving of content directly from edge servers so that less traffic is sent to the
origin server.
References:
https://docs.microsoft.com/en-us/azure/cdn/cdn-overview
Question #111
Your company plans to deploy several million sensors that will upload data to Azure.
You need to identify which Azure resources must be created to support the planned solution.
Which two Azure resources should you identify? Each Answer presents part of the solution.
 A. Azure Data Lake

 B. Azure Queue storage
 C. Azure File Storage
 D. Azure IoT Hub
 E. Azure Notification Hubs
Answer: AD
IoT Hub (Internet of things Hub) provides data from millions of sensors.
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional
communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT
solutions with reliable and secure communications between millions of IoT devices and a cloud- hosted solution
backend. You can connect virtually any device to IoT Hub.
There are two storage services IoT Hub can route messages to -- Azure Blob Storage and Azure Data Lake Storage
Gen2 (ADLS Gen2) accounts. Azure Data
Lake Storage accounts are hierarchical namespace-enabled storage accounts built on top of blob storage. Both of
these use blobs for their storage.
References:
https://docs.microsoft.com/en-us/azure/iot-hub/about-iot-hub
https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c
Question #112
You have an Azure web app.

You need to manage the settings of the web app from an iPhone.
What are two Azure management tools that you can use? Each Answer presents a complete solution.
 A. Azure CLI
 B. the Azure portal
 C. Azure Cloud Shell
 D. Windows PowerShell
 E. Azure Storage Explorer
Answer: BC
The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the Azure portal on an
iPhone.
Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure Cloud Shell from the
Azure portal. Being web-based, you can use the
Azure Cloud Shell on an iPhone.
InAnswers:
A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.
D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.
E: Azure Storage Explorer is not used to manage Azure web apps.
References:
http://www.deployazure.com/management/managing-azure-from-ipad/
Question #113
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.

What should the company use to build, test, and deploy predictive analytics solutions?
 A. Azure Logic Apps

 B. Azure Machine Learning Designer
 C. Azure Batch
 D. Azure Cosmos DB
Answer: B
Azure Machine Learning designer lets you visually connect datasets and modules on an interactive canvas to create
machine learning models.
Reference:
https://docs.microsoft.com/en-us/azure/machine-learning/concept-designer
Question #114
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup. Azure Advisor does
however, generate a list of virtual that ARE
NOT protected by Azure Backup. You can view a list of virtual machines that are protected by Azure Backup by
viewing the Protected Items in the Azure Recovery
Services Vault.
Box 2: No -
If you implement the security recommendations, you company‫ג‬€™s score will increase, not decrease.
Box 3: No -
There is no requirement to implement the security recommendations provided by Azure Advisor. The
recommendations are just that, ‫ג‬€˜recommenda ons‫ג‬€™. They are not ‫ג‬€˜requirements‫ג‬€™.
References:
https://azure.microsoft.com/en-gb/blog/advisor-backup-recommendations/ https://docs.microsoft.com/en-
us/azure/advisor/advisor-overview https://microsoft.github.io/AzureTipsAndTricks/blog/tip173.html
Question #115
What can you use to automatically send an alert if an administrator stops an Azure virtual machine?
 A. Azure Advisor
 B. Azure Service Health
 C. Azure Monitor
 D. Azure Network Watcher
Answer: C
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/insights/vminsights-alerts
Question #116
DRAG DROP -
Match the Azure services to the correct descriptions.
NOTE: Each correct match is worth one point
Select and Place:
Answer:
.
ANSWER:
Synapse
Machine learning
Azure fn
IoT hub
Question #117
You have an Azure environment.

You need to create a new Azure virtual machine from a tablet that runs the Android operating system.
What are three possible solutions? Each Answer presents a complete solution.
 A. Use Bash in Azure Cloud Shell.

 B. Use PowerShell in Azure Cloud Shell.
 C. Use the PowerApps portal.
 D. Use the Security & Compliance admin center.
 E. Use the Azure portal.
Answer: ABE
The Android tablet device will have a web browser (Chrome). That‫ג‬€™s enough to connect to the Azure portal.
The Azure portal offers three ways to create a VM:
➠ Using the graphical portal.
➠ Using the Azure Cloud Shell using Bash.

➠ Using the Azure Cloud Shell using PowerShell.
Question #118
A team of developers at your company plans to deploy, and then remove, 50 virtual machines each week. All the
virtual machines are configured by using Azure
Resource Manager templates.
You need to recommend which Azure service will minimize the administrative effort required to deploy and
remove the virtual machines.
 A. Azure Reserved Virtual Machine (VM) Instances

 B. Azure DevTest Labs
 C. Azure virtual machine scale sets
 D. Microsoft Managed Desktop
Answer: B
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:
➠ Quickly provision Windows and Linux environments by using reusable templates and artifacts.
➠ Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
➠ Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for
training and demos.
Reference:
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
Question #119
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources.
It integrates with Azure Security Center to bring you security recommendations. You can get security
recommendations from the Security tab on the Advisor dashboard. Examples of recommendations include
restricting access to virtual machines by configuring Network Security Groups, enabling storage encryption,
installing vulnerability assessment solutions.
However, Azure Advisor does not provide recommendations on how to improve the security of an Azure AD
environment.
Box 2: Yes -
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources.
You can get cost recommendations from the Cost tab on the Advisor dashboard.
Box 3: No.
Azure Advisor does not provide recommendations on how to configure network settings on Azure virtual
machines.
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations
https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
Question #120
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group
named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1. az vm
create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From the Azure portal, launch Azure Cloud Shell and select PowerShell. Run the command in Cloud Shell.
 A. Yes
 B. No
Answer: A
The command can be run in the Azure Cloud Shell. Although this question says you select PowerShell rather than
Bash, the Az commands will work in
PowerShell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with
your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud
Shell in a separate browser tab by going to https://shell.azure.com/bash.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli
Question #121
named RG1.
create --resource-group RG1 --name VM1 --image UbuntuLTS
--generate-ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From PowerShell, sign in to Azure and then run
the command.
 A. Yes
 B. No
Answer: A
The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.
Reference:
Question #122
named RG1.
create --resource-group RG1 --name VM1 --image UbuntuLTS
--generate-ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt, sign in to Azure and
then run the command.
 A. Yes
 B. No
Answer: A
The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.
Reference:
Question #123
HOTSPOT -
Several support engineers plan to manage Azure by using the computers shown in the following table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer? To answer, select the appropriate options in the answer area.
Hot Area:
Answer:
Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions and resources from
the command-line on Linux and macOS. Now with the open source and cross-platform release of PowerShell,
you‫ג‬€™ll be able to manage all your Azure resources from Windows, Linux and macOS using your tool of choice,
either the Azure CLI or Azure PowerShell cmdlets.

The Azure portal runs in a web browser so can be used in either operating system.
Reference:
https://buildazure.com/2016/08/18/powershell-now-open-source-and-cross-platform-linux-macos-windows/
Question #124
HOTSPOT -
Hot Area:
Answer:
Question #125
HOTSPOT -
Hot Area:
Answer:
Azure Resource Manager templates provides a common platform for deploying objects to a cloud infrastructure
and for implementing consistency across the
Azure environment.
Azure policies are used to define rules for what can be deployed and how it should be deployed. Whilst this can
help in ensuring consistency, Azure policies do not provide the common platform for deploying objects to a cloud
infrastructure.
Reference:
Question #126
DRAG DROP -
Match the Azure service to the correct description.
Select and Place:
Answer:
Box 1:
Azure Bot Services provides a digital online assistant that provides speech support.
Bots provide an experience that feels less like using a computer and more like dealing with a person - or at least an
intelligent robot. They can be used to shift simple, repetitive tasks, such as taking a dinner reservation or gathering
profile information, on to automated systems that may no longer require direct human intervention. Users
converse with a bot using text, interactive cards, and speech. A bot interaction can be a quick question and
answer, or it can be a sophisticated conversation that intelligently provides access to services.
Box 2:
Azure Machine Learning uses past trainings to provide predictions that have high probability.
Machine learning is a data science technique that allows computers to use existing data to forecast future
behaviors, outcomes, and trends. By using machine learning, computers learn without being explicitly
programmed.
Forecasts or predictions from machine learning can make apps and devices smarter. For example, when you shop
online, machine learning helps recommend other products you might want based on what you've bought.
Box 3:
Azure Functions provides serverless computing functionalities.
Box 4:
IoT Hub (Internet of things Hub) provides data from millions of sensors.
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional
communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT
solutions with reliable and secure communications between millions of IoT devices and a cloud- hosted solution
backend. You can connect virtually any device to IoT Hub.
References:
https://docs.microsoft.com/en-us/azure/bot-service/bot-service-overview-introduction?view=azure-bot-service-
4.0 https://docs.microsoft.com/en-us/azure/machine-learning/overview-what-is-azure-ml
https://docs.microsoft.com/en-us/azure/azure-functions/ https://docs.microsoft.com/en-us/azure/iot-hub/about-
iot-hub
Question #127
Solution: Run the script from a computer that runs Windows 10 and has the Azure PowerShell module installed.
 A. Yes
 B. No
Answer: A
PowerShell.
In this question, the computer has the Azure PowerShell module installed. Therefore, this solution does meet the
goal.
References:
Question #128
DRAG DROP -
Match the Azure services to the correct description.
Select and Place:
Answer:
Box 1:
Azure virtual machines provide operation system virtualization.
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing resources that Azure offers.
Typically, you choose a VM when you need more control over the computing environment than the other choices
offer.
Box 2:
Azure Container Instances provide portable environments for virtualized applications.
Containers are becoming the preferred way to package, deploy, and manage cloud applications. Azure Container
Instances offers the fastest and simplest way to run a container in Azure, without having to manage any virtual
machines and without having to adopt a higher-level service.
Containers offer significant startup benefits over virtual machines (VMs). Azure Container Instances can start
containers in Azure in seconds, without the need to provision and manage VMs.
Box 3:
Azure App Service is used to build, deploy and scale web apps.
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile apps for any
platform or device and connect to data anywhere, in the cloud or on-premises. App Service includes the web and
mobile capabilities that were previously delivered separately as Azure Websites and Azure Mobile
Services.
Box 4:
Azure Functions provide a platform for serverless code.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/overview https://docs.microsoft.com/en-
us/azure/security/fundamentals/paas-applications-using-app-services https://docs.microsoft.com/en-
us/azure/azure-functions/ https://docs.microsoft.com/en-us/azure/container-instances/container-instances-
overview
Question #129
Which service provides serverless computing in Azure?
 A. Azure Virtual Machines

 B. Azure Functions
 C. Azure storage account
 D. Azure dedicated hosts
Answer: B
Azure Functions provide a platform for serverless code.
Reference:
https://docs.microsoft.com/en-us/azure/azure-functions/
Question #130
Which three computers can run the script? Each Answer presents a complete solution.
 A. a computer that runs macOS and has PowerShell Core 6.0 installed.
 B. a computer that runs Windows 10 and has the Azure PowerShell module installed.
 C. a computer that runs Linux and has the Azure PowerShell module installed.
 D. a computer that runs Linux and has the Azure CLI tools installed.
 E. a computer that runs Chrome OS and uses Azure Cloud Shell.
Answer: BCE
Question #131
named RG1.
Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in Cloud Shell.
 A. Yes
 B. No
Answer: A
The command can be run in the Azure Cloud Shell.
your account.
References:
Question #132
Your company has several business units.

Each business unit requires 20 different Azure resources for daily operation. All the business units require the
same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
 A. Azure Resource Manager templates

 B. virtual machine scale sets
 C. the Azure API Management service
 D. management groups
Answer: A
You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying
resource through templates is known as
‫ג‬€˜Infrastructure as code‫ג‬€™.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The
template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your
project. The template uses declarative syntax, which lets you state what you intend to deploy without having to
write the sequence of programming commands to create it. In the template, you specify the resources to deploy
and the properties for those resources.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
Question #133
You need to configure an Azure solution that meets the following requirements:
➠ Secures websites from attacks
➠ Generates reports that contain details of attempted attacks
What should you include in the solution?
 A. Azure Firewall
 B. a network security group (NSG)
 C. Azure Information Protection
 D. DDoS protection
Answer: D
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application‫ג‬€™s
availability and its ability to handle legitimate requests.
DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and
DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic service, including
logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as
required in this question.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices
Question #134
HOTSPOT -
You plan to implement several security services for an Azure environment. You need to identify which Azure
services must be used to meet the following security requirements:
➠ Monitor threats by using sensors
➠ Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? To answer, select the appropriate options in the
answer area.
Hot Area:
Answer:
Box 1:
To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP).
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active
Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious
insider actions directed at your organization.
Sensors are software packages you install on your servers to upload information to Azure ATP.
Box 2:
To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection.
Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA)
registration by configuring a Conditional Access policy to require MFA registration no matter what modern
authentication app you are signing in to.
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp https://docs.microsoft.com/en-
us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
Question #135
Your Azure environment contains multiple Azure virtual machines.

You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
 A. Modify an Azure Traffic Manager profile

 B. Modify a network security group (NSG)
 C. Modify a DDoS protection plan
 D. Modify an Azure firewall
Answer: B
A network security group works like a firewall. You can attach a network security group to a virtual network and/or
individual subnets within the virtual network.
You can also attach a network security group to a network interface assigned to a virtual machine. You can use
multiple network security groups within a virtual network to restrict traffic between resources such as virtual
machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security
group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound
network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to the virtual
machine on port 80 (HTTP).
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/security-overview
Question #131
named RG1.
Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in Cloud Shell.
 A. Yes
 B. No
Answer: A
The command can be run in the Azure Cloud Shell.
your account.
References:
Question #132
Your company has several business units.

Each business unit requires 20 different Azure resources for daily operation. All the business units require the
same type of Azure resources.

You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
 A. Azure Resource Manager templates

 B. virtual machine scale sets
 C. the Azure API Management service
 D. management groups
Answer: A
You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying
resource through templates is known as
‫ג‬€˜Infrastructure as code‫ג‬€™.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The
template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your
project. The template uses declarative syntax, which lets you state what you intend to deploy without having to
write the sequence of programming commands to create it. In the template, you specify the resources to deploy
and the properties for those resources.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
Question #133
You need to configure an Azure solution that meets the following requirements:
➠ Secures websites from attacks
➠ Generates reports that contain details of attempted attacks
What should you include in the solution?
 B. a network security group (NSG)
 D. DDoS protection
Answer: D
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application‫ג‬€™s
availability and its ability to handle legitimate requests.
DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and
DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic service, including
logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as
required in this question.
References:
https://docs.microsoft.com/en-us/azure/security/fundamentals/ddos-best-practices
Question #134
HOTSPOT -
You plan to implement several security services for an Azure environment. You need to identify which Azure
services must be used to meet the following security requirements:

➠ Monitor threats by using sensors
➠ Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement? To answer, select the appropriate options in the
answer area.
Hot Area:
Answer:
Box 1:
To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP).
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your on-premises Active
Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious
insider actions directed at your organization.
Sensors are software packages you install on your servers to upload information to Azure ATP.
Box 2:
To enforce MFA based on a condition, you would use Azure Active Directory Identity Protection.
Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor Authentication (MFA)
registration by configuring a Conditional Access policy to require MFA registration no matter what modern
authentication app you are signing in to.
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/what-is-atp https://docs.microsoft.com/en-
us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
Question #135

 A. Modify an Azure Traffic Manager profile

 B. Modify a network security group (NSG)
 C. Modify a DDoS protection plan
 D. Modify an Azure firewall
Answer: B
Reference:
Question #136
HOTSPOT -
Hot Area:
Answer:
The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you to lock down inbound
traffic to your Azure Virtual Machines. This reduces exposure to attacks while providing easy access when you
need to connect to a VM.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/security-center-just-in-time?tabs=jit-config-asc%2Cjit-
request-asc
Question #137
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-group-how-it-works
Question #138
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
 A. one application security group (ASG)

 B. 10 virtual network gateways
 C. 10 Azure ExpressRoute circuits
 D. one Azure firewall
Answer: D
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network
resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and
virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside
firewalls to identify traffic originating from your virtual network.
References:
https://docs.microsoft.com/en-us/azure/firewall/overview
Question #139
Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts.
 B. Azure Active Directory (Azure AD) administrative accounts
 C. Personally Identifiable Information (PII)
 D. server applications
Answer: D
Key Vault is designed to store configuration secrets for server apps. It's not intended for storing data belonging to
your app's users, and it shouldn't be used in the client-side part of an app.
Reference:
https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/2-what-is-key-vault
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview https://docs.microsoft.com/en-
us/learn/modules/manage-secrets-with-azure-key-vault/
Question #140
Your company plans to automate the deployment of servers to Azure.

Your manager is concerned that you may expose administrative credentials during the deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during the deployment.
 A. Azure Key Vault
 B. Azure Information Protection

 C. Azure Security Center
 D. Azure Multi-Factor Authentication (MFA)
Answer: A
Azure Key Vault is a secure store for storage various types of sensitive information. In this question, we would
store the administrative credentials in the Key Vault.
With this solution, there is no need to store the administrative credentials as plain text in the deployment scripts.
All information stored in the Key Vault is encrypted.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API
keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security
modules (HSMs). The HSMs used are
Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get
access. Authentication establishes the identity of the caller, while authorization determines the operations that
they are allowed to perform.
References:
https://docs.microsoft.com/en-us/azure/key-vault/key-vault-overview
Question #141

You need to control the ports that devices on the Internet can use to access the virtual machines.
 A. a network security group (NSG)

 B. an Azure Active Directory (Azure AD) role
 C. an Azure Active Directory group
 D. an Azure key vault
Answer: A
References:
Question #142
HOTSPOT -
Hot Area:
Answer:
When you create a virtual machine, the default setting is to create a Network Security Group attached to the
network interface assigned to a virtual machine.
machine on port 8080.
Reference:
Question #143
HOTSPOT -
Hot Area:
Answer:
YES
YES
YES
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#owner
Question #144
Solution: You modify a network security group (NSG).
 A. Yes
 B. No
Answer: A
References:
Question #145
Solution: You modify a DDoS protection plan.
 A. Yes
 B. No
Answer: B
DDoS is a form of attack on a network resource. A DDoS protection plan is used to protect against DDoS attacks; it
does not provide connectivity to a virtual machine.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a
network security group or Azure Firewall.
References:
https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview
Question #146
You need to collect and automatically analyze security events from Azure Active Directory (Azure AD).
A. Azure Sentinel
B. Azure Synapse Analytics
C. Azure AD Connect
D. Azure Key Vault
Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/overview
Question #147
Solution: You modify an Azure firewall.
A. Yes
B. No
Answer: A
In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual machine on port 80
(HTTP).
References:
Question #148
Solution: You modify an Azure Traffic Manager profile.
A. Yes
B. No
Answer: B
Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a virtual machine
named VM1 is accessible from the Internet over
HTTP.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a
network security group or Azure Firewall.
In this question, we need to add a rule to a network security group or Azure Firewall to allow the connection to the
virtual machine on port 80 (HTTP).
References:
https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-overview
Question #149
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database
servers.
A. network security groups (NSGs)
B. Azure Service Bus
C. a local network gateway
D. a route filter
Answer: A
References:
Question #150
HOTSPOT -
Hot Area:
Answer:
You would use the Azure Activity Log, not Access Control to view which user turned off a specific virtual machine
during the last 14 days.
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn't more than
90 days in the past.
In this question, we would create a filter to display shutdown operations on the virtual machine in the last 14 days.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit
Question #151
Which service provides network traffic filtering across multiple Azure subscriptions and virtual networks?
 B. an application security group
 C. Azure DDoS protection
 D. a network security group (NSG)
Answer: A
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and
virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside
firewalls to identify traffic originating from your virtual network.
References:
Question #152
Which Azure service should you use to store certificates?
 A. Azure Security Center

 B. an Azure Storage account
 C. Azure Key Vault
 D. Azure Information Protection
Answer: C
Azure Key Vault is a secure store for storage various types of sensitive information including passwords and
certificates.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API
keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security
modules (HSMs). The HSMs used are
Federal Information Processing Standards (FIPS) 140-2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get
access. Authentication establishes the identity of the caller, while authorization determines the operations that
they are allowed to perform.
References:
Question #153
Which Azure service can you use as a security information and event management (SIEM) solution?
 A. Azure Analysis Services

 B. Azure Sentinel
 D. Azure Cognitive Services
Answer: B
Reference:
https://azure.microsoft.com/en-in/services/azure-sentinel/
Question #154
HOTSPOT -
Hot Area:
Answer:
Reference:
Question #155
DRAG DROP -
Match the Azure Services service to the correct descriptions.
Instructions: To answer, drag the appropriate service from the column on the left to its description on the right.
Each service may be used once, more than once, or not at all.
Select and Place:
Answer: In Answer:
Box 1: Azure Sentinel -
Box 2: Azure Security Center -
Box 3: Azure Key Vault -

➠ Azure Active Directory (Azure AD)
Azure AD is an identity and access management service, which helps your employees sign in and access resources
➠ Azure Lighthouse
Azure Lighthouse is used for cross- and multi-tenant management.
Reference:
https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls
https://practical365.com/securing-sensitive-information-in-azure-functions-with-the-azure-key-vault/
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis
https://docs.microsoft.com/en-us/azure/lighthouse/overview
Question #156
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on source/destination IP
address, source/destination ports and protocol.
Box 2: No -
A network security group does not encrypt network traffic. It works in a similar way to a firewall in that it is used to
block or allow traffic based on source/ destination IP address, source/destination ports and protocol.
Box 3: No -
The question is rather vague as it would depend on the configuration of the host on the Internet. Windows Server
does come with a VPN client and it also supports other encryption methods such IPSec encryption or SSL/TLS so it
could encrypt the traffic if the Internet host was configured to require or accept the encryption.
However, the VM could not encrypt the traffic to an Internet host that is not configured to require the encryption.
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-security-data-encryption-best-practices#protect-data-in-
transit
Question #157
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
Azure Security Center is a unified infrastructure security management system that strengthens the security posture
of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether
they're in Azure or not - as well as on premises.
Box 2: No -
Only two features: Continuous assessment and security recommendations, and Azure secure score, are free.
Box 3: Yes -
The advanced monitoring capabilities in Security Center also let you track and manage compliance and governance
over time. The overall compliance provides you with a measure of how much your subscriptions are compliant
with policies associated with your workload.
References:
https://docs.microsoft.com/en-us/azure/security-center/security-center-intro
Question #158
HOTSPOT -
Hot Area:
Answer:
Azure Information Protection is used to automatically add a watermark to Microsoft Word documents that contain
credit card information.
You use Azure Information Protection labels to apply classification to documents and emails. When you do this, the
classification is identifiable regardless of where the data is stored or with whom it‫ג‬€™s shared. The labels can
include visual markings such as a header, footer, or watermark.
Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a
combination where users are given recommendations. In this question, we would configure a label to be
automatically applied to Microsoft Word documents that contain credit card information. The label would then
add the watermark to the documents.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial
Question #159
HOTSPOT -
Hot Area:
Answer:
The VNet will be marked as ‫ג‬€Ñon-compliant‫ג‬€™ when the policy is assigned. However, it will not be deleted and
will continue to function normally.
and service level agreements.
If there are any existing resources that aren't compliant with a new policy assignment, they appear under Non-
compliant resources.
Reference:
https://docs.microsoft.com/en-us/azure/governance/policy/overview https://docs.microsoft.com/en-
us/azure/governance/policy/assign-policy-portal
Question #160
Your company has an Azure subscription that contains resources in several regions.
A company policy states that administrators must only be allowed to create additional Azure resources in a region
in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
 A. a read-only lock
 B. an Azure policy
 C. a management group
 D. a reservation
Answer: B
and service level agreements. Azure Policy meets this need by evaluating your resources for non- compliance with
assigned policies. All data stored by Azure Policy is encrypted at rest.
Azure Policy offers several built-in policies that are available by default. In this question, we would use the
‫ג‬€Ãllowed Loca ons‫ג‬€™ policy to define the locations where resources can be deployed.
References:
Question #161
From Azure Cloud Shell, you can track your company‫ג‬€™s regulatory standards and regulations, such as ISO 27001.
Instructions: Review the underlined text. If it makes the statement correct, select ‫ג‬€No change is needed.‫ג‬€ If the
 A. No change is needed.
 B. the Microsoft Cloud Partner Portal
 C. Compliance Manager
 D. the Trust Center
Answer: C
Microsoft Compliance Manager (Preview) is a free workflow-based risk assessment tool that lets you track, assign,
and verify regulatory compliance activities related to Microsoft cloud services. Azure Cloud Shell, on the other
hand, is an interactive, authenticated, browser-accessible shell for managing Azure resources.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-overview
https://docs.microsoft.com/en-us/azure/cloud-shell/overview
Question #162
HOTSPOT -
Hot Area:
Answer:
NO
YES
NO
Azure AD join only applies to Windows 10 devices.

Reference:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy
https://docs.microsoft.com/en-us/azure/active-directory/devices/azureadjoin-plan
Question #163
HOTSPOT -
Hot Area:
Answer:
The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes the
data, and the purpose of processing the data
Reference:
https://privacy.microsoft.com/en-us/privacystatement
Question #164
HOTSPOT -
Hot Area:
Answer:
Authentication, not authorization is the process of verifying a user‫ג‬€™s credentials.

The difference between authentication and authorization is:
➠ Authentication is proving your identity, proving that you are who you say you are. The most common example
of this is logging in to a system by providing credentials such as a username and password.
➠ Authorization is what you‫ג‬€™re allowed to do once you‫ג‬€™ve been authenticated. For example, what
resources you‫ג‬€™re allowed to access and what you can do with those resources.
Question #165
HOTSPOT -
Hot Area:
Answer:
Reference:
Question #166
HOTSPOT -
Hot Area:
Answer:
Reference:
Question #167
HOTSPOT -
Hot Area:
Answer:
Reference:
https://azure.microsoft.com/en-gb/blog/new-capabilities-to-enable-robust-gdpr-compliance/
Question #168
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
Question #169
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/china/overview-operations https://docs.microsoft.com/en-
us/azure/azure-government/documentation-government-welcome
Question #170
HOTSPOT -
Hot Area:
Answer:
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
Question #171
Your company plans to migrate all on-premises data to Azure.

You need to identify whether Azure complies with the company‫ג‬€™s regional requirements.
 A. the Knowledge Center

 B. Azure Marketplace
 C. the MyApps portal
 D. the Trust Center
Answer: D
Azure has more than 90 compliance certifications, including over 50 specific to global regions and countries, such
as the US, the European Union, Germany,
Japan, the United Kingdom, India and China.
You can view a list of compliance certifications in the Trust Center to determine whether Azure meets your
regional requirements.
Reference:
https://azure.microsoft.com/en-gb/overview/trusted-cloud/compliance/ https://docs.microsoft.com/en-
us/microsoft-365/compliance/get-started-with-service-trust-portal
Question #172
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Authorization to access Azure resources can be provided by other identity providers by using federation. A
commonly used example of this is to federate your on- premises Active Directory environment with Azure AD and
use this federation for authentication and authorization.
Box 2: Yes -
As described above, third-party cloud services and on-premises Active Directory can be used to access Azure
resources. This is known as ‫ג‬€˜federa on‫ג‬€™.
Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes
authentication and almost always includes authorization. A typical federation might include a number of
organizations that have established trust for shared access to a set of resources.
Box 3: Yes -
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in
authentication and authorization service to provide secure access to Azure resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed https://docs.microsoft.com/en-
us/azure/active-directory/develop/authentication-scenarios
Question #173
HOTSPOT -
Hot Area:
Answer:
You can configure a lock on a resource group to prevent the accidental deletion of the resource group. The lock
applies to everyone, including global administrators. If you want to delete the resource group, the lock must be
removed first.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in
your organization from accidentally deleting or modifying critical resources. You can set the lock level to
CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
➠ CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying this
lock is similar to restricting all authorized
users to the permissions granted by the Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Question #174
Azure Germany can be used by legal residents of Germany only.
 A. no change is needed
 B. only enterprises that are registered in Germany
 C. only enterprises that purchase their azure licenses from a partner based in Germany
 D. any user or enterprise that requires its data to reside in Germany
Answer: D
Azure Germany is available to eligible customers and partners globally who intend to do business in the EU/EFTA,
including the United Kingdom.
Azure Germany offers a separate instance of Microsoft Azure services from within German datacenters. The
datacenters are in two locations, Frankfurt/Main and
Magdeburg. This placement ensures that customer data remains in Germany and that the datacenters connect to
each other through a private network. All customer data is exclusively stored in those datacenters. A designated
German company--the German data trustee--controls access to customer data and the systems and infrastructure
that hold customer data.
References:
https://docs.microsoft.com/en-us/azure/germany/germany-welcome?toc=%2fazure%2fgermany%2ftoc.json
https://docs.microsoft.com/en-us/azure/germany/germany-overview-data-trustee
Question #175
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect
synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the
operations that are related to synchronize identity data between your on-premises environment and
Azure AD.
Box 2: Yes -
As described above, third-party cloud services and on-premises Active Directory can be used to access Azure
resources. This is known as ‫ג‬€˜federa on‫ג‬€™.
Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes
authentication and almost always includes authorization. A typical federation might include a number of
organizations that have established trust for shared access to a set of resources.
Box 3: Yes -
authentication and authorization service to provide secure access to Azure resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed https://docs.microsoft.com/en-
us/azure/active-directory/develop/authentication-scenarios
Question #176
HOTSPOT -
Hot Area:
Answer:
The advanced monitoring capabilities in Security Center lets you track and manage compliance and governance
Reference:
Question #177
What should you use to evaluate whether your company‫ג‬€™s Azure environment meets regulatory requirements?
 A. Azure Service Health

 B. Azure Knowledge Center
 C. Azure Security Center
 D. Azure Advisor
Answer: C
The advanced monitoring capabilities in Security Center lets you track and manage compliance and governance
Reference:
Question #178
Your company has an Azure subscription that contains resources in several regions.
You need to ensure that administrators can only create resources in those regions.
 A. a read-only lock
 B. an Azure policy
 C. a management group
 D. a reservation
Answer: B
Reference:
Question #179
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure Active Directory (Azure AD) is a cloud-based service. It does not require domain controllers on virtual
machines.
Box 2: Yes -
authentication and authorization service to provide secure access to Azure resources and Microsoft 365.
Box 3: No -
User accounts in Azure Active Directory can be assigned multiple licenses for different Azure or Microsoft 365
services.
Question #180
Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each Answer
presents a complete solution.
 A. a Canadian government contractor

 B. a European government contractor
 C. a United States government entity
 D. a United States government contractor
 E. a European government entity
Answer: CD
Azure Government is a cloud environment specifically built to meet compliance and security requirements for US
government. This mission-critical cloud delivers breakthrough innovation to U.S. government customers and their
partners. Azure Government applies to government at any level ‫ג‬€" from state and local governments to federal
agencies including Department of Defense agencies.
The key difference between Microsoft Azure and Microsoft Azure Government is that Azure Government is a
sovereign cloud. It's a physically separated instance of Azure, dedicated to U.S. government workloads only. It's
built exclusively for government agencies and their solution providers.
References:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/2-what-is-azure-government
Question #181
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
It is not true that you must deploy a federation solution or sync on-premises identities to the cloud. You can have a
cloud-only environment and use MFA.
Box 2: No -
Picture identification and passport numbers are not valid MFA authentication methods. Valid methods include:
Password, Microsoft Authenticator App, SMS and
Voice call.
Box 3:
You can configure MFA to be required for administrator accounts only or you can configure MFA for any user
account.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods
Question #182
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by
using an anonymous IP address, the users are prompted automatically to change their password.
Which Azure service should you use?
 A. Azure AD Connect Health

 B. Azure AD Privileged Identity Management
 C. Azure Advanced Threat Protection (ATP)
 D. Azure AD Identity Protection
Answer: D
Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy. A sign-in risk
represents the probability that a given authentication request isn‫ג‬€™t authorized by the identity owner.
There are several types of risk detection. One of them is Anonymous IP Address. This risk detection type indicates
sign-ins from an anonymous IP address (for example, Tor browser or anonymous VPN). These IP addresses are
typically used by actors who want to hide their login telemetry (IP address, location, device, etc.) for potentially
malicious intent.
You can configure the sign-in risk policy to require that users change their password.
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks
Question #183
DRAG DROP -
Match the term to the correct definition.
Instructions: To answer, drag the appropriate term from the column on the left to its description on the right. Each
term may be used once, more than once, or not at all.
Select and Place:
Answer:
Box 1: ISO -
ISO is the International Organization for Standardization. Companies can be certified to ISO standards, for example
ISO 9001 or 27001 are commonly used in IT companies.
Box 2: NIST -
The National Institute of Standards and Technology (NIST) is a physical sciences laboratory, and a non-regulatory
agency of the United States Department of
Commerce.
Box 3: GDPR -
GDPR is the General Data Protection Regulations. This standard was adopted across Europe in May 2018 and
replaces the now deprecated Data Protection
Directive.
The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the
European Union (EU) and the European
Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims
primarily to give control to individuals over their personal data and to simplify the regulatory environment for
international business by unifying the regulation within the EU.
Box 4: Azure Government -

US government agencies or their partners interested in cloud services that meet government security and
compliance requirements, can be confident that
Microsoft Azure Government provides world-class security, protection, and compliance services. Azure
Government delivers a dedicated cloud enabling government agencies and their partners to transform mission-
critical workloads to the cloud. Azure Government services handle data that is subject to certain government
regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS. In order to
provide you with the highest level of security and compliance, Azure Government uses physically isolated
datacenters and networks (located in U.S. only).
References:
https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation https://docs.microsoft.com/en-
us/azure/azure-government/documentation-government-welcome
Question #184
To what should an application connect to retrieve security tokens?
 A. an Azure Storage account

 B. Azure Active Directory (Azure AD)
 C. a certificate store
 D. an Azure key vault
Answer: D
Key Vault is designed to store configuration secrets for server apps.
InAnswers:
A: An Azure Storage account is used to store data. It is not used to store secrets for applications.
B: Azure Active Directory (Azure AD) is a centralized identity provider in the cloud that authenticates users and
provides access tokens to them. It is not used for applications.
Reference:
https://docs.microsoft.com/en-us/learn/modules/manage-secrets-with-azure-key-vault/2-what-is-key-vault
Question #185
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
 A. Implement Azure Multi-Factor Authentication (MFA)

 B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
 C. Instruct all users to change their password
 D. Create a guest user account in Azure Active Directory (Azure AD) for each user
Answer: B
To migrate to Azure and decommission the on-premises data center, you would need to create the 5,000 user
accounts in Azure Active Directory. The easy way to do this is to sync all the Active Directory user accounts to
Azure Active Directory (Azure AD). You can even sync their passwords to further minimize the impact on users.
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory Connect
synchronization services (Azure AD Connect sync) is a main component of Azure AD Connect. It takes care of all the
operations that are related to synchronize identity data between your on-premises environment and
Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
Question #186
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
You can send Azure AD activity logs to Azure Monitor logs to enable rich visualizations, monitoring and alerting on
the connected data.
All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs (including Azure AD
activity logs). Activity logs record when resources are created or modified. Metrics tell you how the resource is
performing and the resources that it's consuming.
Box 2: Yes -
Azure Monitor can consolidate log entries from multiple Azure resources, subscriptions, and tenants into one
location for analysis together.
Box 3: Yes -
You can create alerts in Azure Monitor.
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to take corrective
action. Alert rules based on metrics provide near real time alerting based on numeric values, while rules based on
logs allow for complex logic across data from multiple sources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor
https://docs.microsoft.com/en-us/azure/azure-monitor/overview
Question #187
HOTSPOT -
You create a resource group named RG1 in Azure Resource Manager.
You need to prevent the accidental deletion of the resources in RG1.
Which setting should you use? To answer, select the appropriate setting in the answer area.
Hot Area:
Answer:
You can configure a lock on a resource group to prevent the accidental deletion.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in
your organization from accidentally deleting or modifying critical resources. You can set the lock level to
CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively.
CanNotDelete means authorized users can still read and modify a resource, but they can't delete the resource.
➠ ReadOnly means authorized users can read a resource, but they can't delete or update the resource. Applying
this lock is similar to restricting all authorized users to the permissions granted by the Reader role.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
Question #188
You have a resource group named RG1.

You need to prevent the creation of virtual machines only in RG1. The solution must ensure that other objects can
be created in RG1.
 A. a lock
 B. an Azure role
 C. a tag
 D. an Azure policy
Answer: D
and service level agreements.
In this question, we would create an Azure policy assigned to the resource group that denies the creation of virtual
machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the creation of any
resources in the resource group, not virtual machines only. Therefore, an Azure Policy is a better solution.
Reference:
Question #189
You have an Azure subscription and 100 Windows 10 devices.

You need to ensure that only users whose devices have the latest security patches installed can access Azure
Active Directory (Azure AD)-integrated applications.
What should you implement?
 A. a conditional access policy

 B. Azure Bastion
 C. Azure Firewall
 D. Azure Policy
Answer: A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policies
Question #190
What can Azure Information Protection encrypt?
 A. network traffic
 B. documents and email messages
 C. an Azure Storage account
 D. an Azure SQL database
Answer: B
Azure Information Protection can encrypt documents and emails.
Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect
its documents and emails by applying labels.
Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a
combination where users are given recommendations.
The protection technology uses Azure Rights Management (often abbreviated to Azure RMS). This technology is
integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory.
This protection technology uses encryption, identity, and authorization policies. Similarly to the labels that are
applied, protection that is applied by using Rights
Management stays with the documents and emails, independently of the location ‫ג‬€" inside or outside your
organization, networks, file servers, and applications.
References:
https://docs.microsoft.com/en-us/azure/information-protection/what-is-information-protection
https://docs.microsoft.com/en-us/azure/information-protection/quickstart-label-dnf-protectedemail
Question #191
What should you use to evaluate whether your company‫ג‬€™s Azure environment meets regulatory requirements?
 A. the Knowledge Center website

 B. the Advisor blade from the Azure portal
 C. Compliance Manager from the Service Trust Portal
 D. the Solutions blade from the Azure portal
Answer: C
Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track,
assign, and verify your organization's regulatory compliance activities related to Microsoft Cloud services, such as
Microsoft 365, Dynamics 365, and Azure.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365-
worldwide
Question #192
HOTSPOT -
Hot Area:
Answer:
Question #193
HOTSPOT -
Hot Area:
Answer:
If the SLA for an Azure service is not met, you receive credits for that service and that service only. The credits are
deducted from your monthly bill for that service.
If you stopped using the service where the SLA was not met, your account would remain in credit for that service.
The credits would not be applied to any other services that you may be using.
Service Credits apply only to fees paid for the particular Service, Service Resource, or Service tier for which a
Service Level has not been met. In cases where
Service Levels apply to individual Service Resources or to separate Service tiers, Service Credits apply only to fees
paid for the affected Service Resource or
Service tier, as applicable. The Service Credits awarded in any billing month for a particular Service or Service
Resource will not, under any circumstance, exceed your monthly service fees for that Service or Service Resource,
as applicable, in the billing month.
Reference:
https://azure.microsoft.com/en-gb/support/legal/sla/analysis-services/v1_0/
Question #194
Which task can you perform by using Azure Advisor?
 A. Integrate Active Directory and Azure Active Directory (Azure AD).

 B. Estimate the costs of an Azure solution.
 C. Confirm that Azure subscription security follows best practices.
 D. Evaluate which on-premises resources can be migrated to Azure.
Answer: C
Reference:
https://blog.pragmaticworks.com/what-is-azure-advi-
sor#:~:text=Microsoft%20defines%20Azure%20Advisor%20as,solutions%20based%20on%20that%20data
Question #195
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Azure Free Account gives you 12 months access to the most popular free services. It also gives you a credit (150
GBP or 200 USD) to use on any Azure service for up to 30 days.
Box 2: Yes -
All free accounts expire after 12 months.
Box 3: No -
You can only create one free Azure account per Microsoft account.
Reference:
https://azure.microsoft.com/en-gb/free/
Question #196
HOTSPOT -
Hot Area:
Answer:
Public Preview means that the service is in public beta and can be tried out by anyone with an Azure subscription.
Services in public preview are often offered at a discount price.
Box 1: No -
Services in private preview can be viewed in the regular Azure portal. However, you need to be signed up for the
feature in private preview before you can view it.
Access to private preview features is usually by invitation only.
Box 2: Yes -
You can use services in public preview in production environments. However, you should be aware that the service
may have faults, is not subject to an SLA and may be withdrawn without notice.
Box 3: No -
Public previews are excluded from SLAs and in some cases, no support is offered.
References:
https://www.neowin.net/news/several-more-azure-services-now-available-in-private-public-preview/
Question #197
Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will
contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
 A. tags
 B. templates
 C. locks
 D. policies
Answer: A
You can use resource tags to ‫ג‬€˜label‫ג‬€™ Azure resources. Tags are metadata elements attached to resources. Tags
consist of pairs of key/value strings. In this question, we would tag each resource with a tag to identify each office.
For example: Location = Office1. When all Azure resources are tagged, you can generate reports to list all resources
based on the value of the tag. For example: All resources used by Office1.
References:
https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/decision-guides/resource-tagging/
Question #198
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
An Azure free account comes with a ‫ג‬€˜basic‫ג‬€™ support plan, not a ‫ג‬€˜standard‫ג‬€™ support plan.
Box 2: Yes -
You can purchase the Professional Direct, Standard, and Developer support plans with the Microsoft Customer
Agreement. You can also purchase the
Professional and Standard support plans with the Enterprise Agreement.
Box 3: No -
Users with any type of Azure subscription (pay-as-you-go, Enterprise Agreement, Microsoft Customer Agreement
etc.) can get support from the MSDN forums.
References:
https://azure.microsoft.com/en-us/support/plans/
Question #199
If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will
provide notification at least 12 months before.
 B. 6 months
 C. 90 days
 D. 30 days
Answer: A
The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. For
products governed by the Modern Lifecycle Policy,
Microsoft will provide a minimum of 12 months' notification prior to ending support if no successor product or
service is offered‫ג‬€"excluding free services or preview releases.
Reference:
https://support.microsoft.com/en-us/help/30881
Question #200
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
You need to be an administrator of the billing account that has the subscription to be able to transfer the
subscription. This could be a Billing Administrator or
Global Administrator. A subscription owner can manage all resources and permissions within the subscription but
cannot transfer ownership of the subscription.
Box 2: Yes -
You can convert a free trial subscription to Pay-As-You-Go. This is common practice for people who wish to
continue using the Azure services when the free trial period expires.
Box 3: Yes -
You can remove the spending limit, but you can‫ג‬€™t increase or decrease it.
The spending limit in Azure prevents spending over your credit amount. All new customers who sign up for an
Azure free account or subscription types that include credits over multiple months have the spending limit turned
on by default. The spending limit is equal to the amount of credit and it can‫ג‬€™t be changed. For example, if you
signed up for Azure free account, your spending limit is $200 and you can't change it to $500. However, you can
remove the spending limit. So, you either have no limit, or you have a limit equal to the amount of credit.
Reference:
https://docs.microsoft.com/en-us/azure/billing/billing-add-change-azure-subscription-administrator
https://docs.microsoft.com/en-us/azure/billing/billing-upgrade-azure-subscription https://docs.microsoft.com/en-
us/azure/billing/billing-spending-limit
Question #201
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
A reservation is where you commit to pay for a resource (for example a virtual machine) for one or three years.
This gives you a discounted price on the resource for the reservation period.
Box 2: No -
There are other factors that influence the cost of a virtual machine such as the virtual hard disks attached to the
virtual machine. You could have multiple virtual machines with the same ‫ג‬€˜size‫ג‬€™ (B2S in this case) but with
different virtual hard disk configurations.
Box 3: Yes -
When a virtual machine is stopped (deallocated), the virtual machine is unloaded/dismounted from the physical
server in Azure. In this state, you are not charged for the virtual machine itself. However, you are still charged for
the storage costs of the virtual hard disks attached to the virtual machine.
If the virtual machine is stopped but not deallocated (this happens if you shut down the virtual machine from the
operating system of the virtual machine), the virtual machine is still mounted on the physical server in Azure and
you are charged for the virtual machine itself as well as the storage costs. To ensure that a virtual machine is
‫ג‬€˜stopped (deallocated)‫ג‬€™, you need to stop the virtual machine in the Azure portal.
Reference:
https://azure.microsoft.com/en-us/reservations/
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/b-series-burstable
https://blogs.technet.microsoft.com/uspartner_ts2team/2014/10/10/azure-virtual-machines-stopping-versus-
stopping-deallocating/
Question #202
Your company has an Azure subscription that contains the following unused resources:
➠ 20 user accounts in Azure Active Directory (Azure AD)
➠ Five groups in Azure AD
➠ 10 public IP addresses
➠ 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused network interfaces.
 A. Yes
 B. No
Answer: B
You are not charged for unused network interfaces. Therefore, deleting unused network interfaces will not reduce
the Azure costs for the company.
Reference:
https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations#reduce-costs-by-deleting-or-
reconfiguring-idle-virtual-network-gateways
Question #203
Five groups in Azure AD -
Solution: You remove the unused public IP addresses.
 A. Yes
 B. No
Answer: A
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.
Reference:
Question #204
Solution: You remove the unused user accounts.
 A. Yes
 B. No
Answer: B
You are not charged for user accounts. Therefore, deleting unused user accounts will not reduce the Azure costs
for the company.
Reference:
Question #205
HOTSPOT -
How should you calculate the monthly uptime percentage? To answer, select the appropriate options in the
answer area.
Hot Area:
Answer:
"Maximum Available Minutes" is the total accumulated minutes during a billing month .
"Downtime" is the total accumulated minutes that are part of Maximum Available Minutes where a system is
unavailable.
"Monthly Uptime Percentage" for a service is calculated as Maximum Available Minutes less Downtime divided by
Maximum Available Minutes x 100.
Monthly Uptime Percentage is represented by the following formula:
Monthly Uptime % = (Maximum Available Minutes-Downtime) / Maximum Available Minutes x 100.
Reference:
https://azure.microsoft.com/en-au/support/legal/sla/cloud-services/v1_0/
Question #206
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Resource groups are logical containers for Azure resources. You do not pay for resource groups.
Box 2: No -
Data ingress over a VPN is data ‫ג‬€˜coming in‫ג‬€™ to Azure over the VPN. You are not charged data transfer costs for data
ingress.
Box 3: Yes -
Data egress over a VPN is data ‫ג‬€˜going out‫ג‬€™ of Azure over the VPN. You are charged for data egress.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/manage-resource-groups-portal
https://azure.microsoft.com/en-us/pricing/details/bandwidth/ https://azure.microsoft.com/en-
Question #207
A support plan solution that gives you best practice information, health status and notifications, and 24/7 access to
billing information at the lowest possible cost is a Standard support plan.
 B. Developer
 C. Basic
 D. Premier
Answer: C
A basic support plan provides:
➠ 24x7 access to billing and subscription support, online self-help, documentation, whitepapers, and support forums
➠ Best practices: Access to full set of Azure Advisor recommendations
➠ Health Status and Notifications: Access to personalized Service Health Dashboard & Health API
Reference:
Question #208
In which Azure support plans can you open a new support request?
 A. Premier and Professional Direct only

 B. Premier, Professional Direct, and Standard only
 C. Premier, Professional Direct, Standard, and Developer only
 D. Premier, Professional Direct, Standard, Developer, and Basic
Answer: D
You can submit support request tickets in the following plans: Premier, Professional Direct, Standard, Developer, and
Basic.
Reference:
Question #209
You can create an Azure support request from support.microsoft.com.
Instructions: Review the underlined text. If it makes the statement correct, select ‫ג‬€No change is needed.‫ג‬€ If the
 B. the Azure portal
 C. the Knowledge Center
 D. the Security & Compliance admin center
Answer: B
You can create an Azure support request from the Help and Support blade in the Azure portal or from the context menu
of an Azure resource in the Support +
Troubleshooting section.
Reference:
https://docs.microsoft.com/en-us/azure/azure-supportability/how-to-create-azure-support-request
Question #210
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.

Solution: You remove the unused groups.
 A. Yes
 B. No
Answer: B
You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will not reduce your
Azure costs.
Reference:
Question #211
The Azure Standard support plan is the lowest cost option to receive 24x7 access to support engineers by phone.
 B. Developer
 C. Basic
 D. Professional Direct
Answer: A
The Basic support plan is free so is therefore the cheapest. The Developer support plan is the cheapest paid-for
support plan. The order of support plans in terms of cost ranging from the cheapest to most expensive is: Basic,
Developer, Standard, Professional Direct, Premier.
However, 24/7 access to technical support by email and phone is only available for Standard, Professional Direct,
Premier plans.
Reference:
https://azure.microsoft.com/en-gb/support/plans/
Question #212
HOTSPOT -
Hot Area:
Answer:
Preview features are made available to you on the condition that you accept additional terms which supplement
the regular Azure terms. The supplemental terms state:
PREVIEWS ARE PROVIDED "AS-IS," "WITH ALL FAULTS," AND "AS AVAILABLE," AND ARE EXCLUDED FROM THE
SERVICE LEVEL AGREEMENTS AND
LIMITED WARRANTY.
Reference:
https://azure.microsoft.com/en-gb/support/legal/preview-supplemental-terms/
Question #213
What is guaranteed in an Azure Service Level Agreement (SLA) for virtual machines?
 A. uptime
 B. feature availability
 C. bandwidth
 D. performance
Answer: A
The SLA for virtual machines guarantees ‫ג‬€˜up me‫ג‬€™. The amount of uptime guaranteed depends on factors
such as whether the VMs are in an availability set or availability zone if there is more than one VM, the distribution
of the VMs if there is more than one or the disk type if it is a single VM.
The SLA for Virtual Machines states:
➠ For all Virtual Machines that have two or more instances deployed across two or more Availability Zones in the
same Azure region, we guarantee you will have
Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
➠ For all Virtual Machines that have two or more instances deployed in the same Availability Set or in the same
Dedicated Host Group, we guarantee you will have Virtual Machine Connectivity to at least one instance at least
99.95% of the time.
➠ For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all Operating System Disks and
Data Disks, we guarantee you will have Virtual
Machine Connectivity of at least 99.9%.
Reference:
https://azure.microsoft.com/en-us/support/legal/sla/summary/
https://azure.microsoft.com/en-us/support/legal/sla/virtual-machines/v1_9/
Question #214
HOTSPOT -
Hot Area:
Answer:
InAnswers:
➠ Services in private preview are available only to selected people who has signed up to the private preview
program.
➠ Services in development are not available to the public.
➠ Services provided under an Enterprise Agreement (EA) subscription are available only to the subscription
owner.
Reference:
https://www.neowin.net/news/several-more-azure-services-now-available-in-private-public-preview/
Question #215
Your company plans to purchase an Azure subscription.
The company‫ג‬€™s support policy states that the Azure environment must provide an option to access support
engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Basic support plan.
 A. Yes
 B. No
Answer: B
The Basic support plan does not have any technical support for engineers.
Access to Support Engineers via email or phone is available in the following support plans: Premier, Professional
Direct and standard.
Reference:
Question #221
HOTSPOT -
Hot Area:
Answer:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a
host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are
unable to start a VM after a trial has expired.
InAnswers:
➠ You are not charged for Azure Active Directory user accounts so you can continue to create accounts.
➠ You can access data that is already stored in Azure.
➠ You can access the Azure Portal. You can also reactivate and upgrade the expired subscription in the portal.
Question #222
Solution: Recommend a Professional Direct support plan.
 A. Yes
 B. No
Answer: A
The Developer support plan has only technical support for engineers via email.
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and
phone.
Reference:
Question #223
Your company has a Software Assurance agreement that includes Microsoft SQL Server licenses.
You plan to deploy SQL Server on Azure virtual machines.
What should you do to minimize licensing costs for the deployment?
 A. Deallocate the virtual machines during off hours.

 B. Use Azure Hybrid Benefit.
 C. Configure Azure Cost Management budgets.
 D. Use Azure reservations.
Answer: B
Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of running your
workloads in the cloud. It works by letting you use your on-premises Software Assurance-enabled Windows Server
and SQL Server licenses on Azure.
Reference:
https://azure.microsoft.com/en-us/pricing/hybrid-benefit/
Question #224
Your company has 10 departments.

The company plans to implement an Azure environment.
You need to ensure that each department can use a different payment option for the Azure services it consumes.
What should you create for each department?
 A. a reservation
 B. a subscription
 C. a resource group
 D. a container instance
Answer: B
There are different payment options in Azure including pay-as-you-go (PAYG), Enterprise Agreement (EA), and
Microsoft Customer Agreement (MCA) accounts.
Your Azure costs are ‫ג‬€˜per subscrip on‫ג‬€™. You are charged monthly for all resources in a subscription.
Therefore, to use different payment options per department, you will need to create a separate subscription per
department. You can create multiple subscriptions in a single Azure Active Directory tenant.
InAnswers:
A: A reservation is where you commit to a resource (for example a virtual machine) for one or three years. This
gives you a discounted price on the resource for the reservation period. Reservations do not provide a way to use
different payment options per department.
C: A resource group is a logical container for Azure resources. You can view the total cost of all the resources in a
resource group. However, resource groups do not provide a way to use different payment options per department.
D: A container instance is an Azure resource used to run an application. Container instances do not provide a way
to use different payment options per department.
Reference:
Question #225
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
An Azure free account has a spending limit. This is currently 200 USD or 150 GBP.
Box 2: No -
Azure free account has a 5 GB blob storage limit and a 5 GB file storage limit.
Box 3: No -
Azure free account has a limit of 10 web, mobile or API apps
Reference:
https://azure.microsoft.com/en-us/free/
https://azure.microsoft.com/en-us/free/free-account-faq/
https://docs.microsoft.com/en-us/azure/billing/billing-avoid-charges-free-account
Question #226
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Most services go to private preview then public preview before being released to general availability. The private
preview is only available to certain Azure customers for evaluation purposes.
Box 2: Yes -
Box 3: No -
An Azure service in general availability is available to all Azure customers, not just a subset of the customers.
Reference:
https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
Question #227
HOTSPOT -
Hot Area:
Answer:
Question #228
HOTSPOT -
Hot Area:
Answer:
Question #229
HOTSPOT -
Hot Area:
Answer:
Composite SLAs involve multiple services supporting an application, each with differing levels of availability. For
example, consider an App Service web app that writes to Azure SQL Database. At the time of this writing, these
Azure services have the following SLAs:
App Service web apps = 99.95%
➠ SQL Database = 99.99%

What is the maximum downtime you would expect for this application? If either service fails, the whole application
fails. The probability of each service failing is independent, so the composite SLA for this application is 99.95% ֳ—
99.99% = 99.94%. That's lower than the individual SLAs, which isn't surprising because an application that relies on
multiple services has more potential failure points.
Reference:
https://docs.microsoft.com/en-us/azure/architecture/reliability/requirements#understand-service-level-
agreements
Question #230
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
SLA‫ג‬€™s vary based on the resource type and the location distribution of the resource. However, the minimum
uptime for all Azure services is 99.9 percent.
Box 2: Yes -
The SLA guaranteed uptime is increased (usually to 99.95 percent) when resources are deployed across multiple
regions.
Box 3: No -
The number of subscriptions is unrelated to uptime SLA‫ג‬€™s. You can deploy resources to multiple regions under a
single subscription or you can have multiple subscriptions with resources deployed to the same region.
Reference:
https://azure.microsoft.com/en-us/support/legal/sla/summary/
Question #231
Which statement accurately describes the Modern Lifecycle Policy for Azure services?
 A. Microsoft provides mainstream support for a service for five years.

 B. Microsoft provides a minimum of 12 months‫ג‬€™ notice before ending support for a service.
 C. After a service is made generally available, Microsoft provides support for the service for a minimum of
four years.
 D. When a service is retired, you can purchase extended support for the service for up to five years.
Answer: B
For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months' notification
prior to ending support if no successor product or service is offered ‫ג‬€" excluding free services or preview releases.
Reference:
https://support.microsoft.com/en-us/help/30881/modern-lifecycle-policy
Question #232
HOTSPOT -
You need to request that Microsoft increase a subscription quota limit for your company.
Which blade should you use from the Azure portal? To answer, select the appropriate blade in the answer area.
Hot Area:
Answer:
Request a standard quota increase from Help + support
Reference:
https://docs.microsoft.com/en-us/azure/azure-portal/supportability/per-vm-quota-requests
Question #233
HOTSPOT -
Hot Area:
Answer:
Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the amount defined in the
alert condition of the budget. Cost Management budgets are created using the Azure portal or the Azure
Consumption API.
Reference:
https://docs.microsoft.com/en-us/azure/cost-management-billing/costs/cost-mgt-alerts-monitor-usage-spending
Question #234
HOTSPOT -
Hot Area:
Answer:
Reference:
https://azure.microsoft.com/en-us/support/legal/preview-supplemental-terms/
Question #235
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
With Azure ExpressRoute, all inbound data transfer is free of charge.
Box 2: No -
Inbound data traffic is free but outbound data traffic is not.
Box 3: Yes -
Reference:
https://azure.microsoft.com/en-us/pricing/details/expressroute/ https://azure.microsoft.com/en-
Question #236
Which unused resources should you remove?
 A. the network interfaces

 B. the public IP addresses
 C. the groups
 D. the user accounts
Answer: B
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.
Reference:
Question #237
HOTSPOT -
Hot Area:
Answer:
When a virtual machine is stopped (deallocated), the virtual machine is unloaded/dismounted from the physical
server in Azure. In this state, you are not charged for the virtual machine itself. However, you are still charged for
the storage costs of the virtual hard disks attached to the virtual machine.
If the virtual machine is stopped but not deallocated (this happens if you shut down the virtual machine from the
operating system of the virtual machine), the virtual machine is still mounted on the physical server in Azure and
you are charged for the virtual machine itself as well as the storage costs. To ensure that a virtual machine is
‫ג‬€˜stopped (deallocated)‫ג‬€™, you need to stop the virtual machine in the Azure portal.
Reference:
https://blogs.technet.microsoft.com/uspartner_ts2team/2014/10/10/azure-virtual-machines-stopping-versus-
stopping-deallocating/
Question #238
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
The price of Azure storage varies by region. If you use the Azure storage pricing page, you can select different
regions and see how the price changes per region.
Box 2: No -
You are charged for read and write operations in general-purpose v2 storage accounts.
Box 3: No -
You would be charge for the read operations of the source storage account and write operations in the destination
storage account.
Reference:
https://docs.microsoft.com/en-us/azure/storage/common/storage-account-overview
https://azure.microsoft.com/en-gb/pricing/details/storage/blobs/
Question #239
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
Microsoft guarantee at least 99.9% availability of the Azure Active Directory Premium edition services. The services
are considered available in the following scenarios:
➠ Users are able to login to the service, login to the Access Panel, access applications on the Access Panel and
reset passwords.
➠ IT administrators are able to create, read, write and delete entries in the directory or provision or de-provision
users to applications in the directory.
Box 2: No -
No SLA is provided for the Free tier of Azure Active Directory.
Box 3: Yes -
You can claim credit if the availability falls below the SLA. The amount of credit depends on the availability. For
example: You can claim 25% credit if the availability is less than 99.9%, 50% credit for less than 99% and 100% for
less than 95% availability.

References:
https://azure.microsoft.com/en-gb/support/legal/sla/active-directory/v1_0/
Question #240
HOTSPOT -
Hot Area:
Answer:
Box 1: No -
Resource groups are logical containers for Azure resources. You do not pay for resource groups.
Box 2: No -
Data ingress over a VPN is data ‫ג‬€˜coming in‫ג‬€™ to Azure over the VPN. You are not charged data transfer costs for
data ingress.
Box 3: Yes -
Data egress over a VPN is data ‫ג‬€˜going out‫ג‬€™ of Azure over the VPN. You are charged for data egress.
Reference:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/manage-resource-groups-portal
https://azure.microsoft.com/en-us/pricing/details/bandwidth/
G 39
194
AG 40 53
Question #1
Which specification-based technique could be used to enhance coverage for this code fragment?
A. Boundary value analysis
B. Exploratory testing
C. State transition testing
D. Use case testing
Answer:A
Question #2
Your developers have created 10 web applications that must be host on Azure.
You need to determine which Azure web tier plan to host the web apps. The web tier plan must meet the following
requirements:
➠ The web apps will use custom domains.
➠ The web apps each require 10 GB of storage.
➠ The web apps must each run in dedicated compute instances.
➠ Load balancing between instances must be included.
➠ Costs must be minimized.
Which web tier plan should you use?
• A. Standard
• B. Basic
• C. Free
• D. Shared
Answer:B
Standard offers 50 GB of storage space, while Basic only gives 10 GB.
References:
http://azure.microsoft.com/en-us/pricing/details/websites/
Question #3
Your company‫ג‬€™s Active Directory forest includes thousands of user accounts.
You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data
center will be retired.
You are required to employ a strategy that reduces the effect on users, once the planned migration has been
completed.
Solution: You plan to sync all the Active Directory user accounts to Azure Active Directory (Azure AD).
A. Yes
B. No
Answer:Ad
Question #4
You have been informed by your superiors of the company‫ג‬€™s intentions to automate server deployment to
Azure. There is, however, some concern that administrative credentials could be uncovered during this process.
You are required to make sure that during the deployment, the administrative credentials are encrypted using a
suitable Azure solution.
Solution: You recommend the use of Azure Multi-Factor Authentication (MFA).
A. Yes
B. No
Answer:B
Question #5
You are planning a strategy to deploy numerous web servers and database servers to Azure.
This strategy should allow for connection types between the web servers and database servers to be controlled.
Solution: You include network security groups (NSGs) in your strategy.
A. Yes
B. No
Answer:A
Question #6
You are planning a strategy to deploy numerous web servers and database servers to Azure.
This strategy should allow for connection types between the web servers and database servers to be controlled.
Solution: You include a local network gateway in your strategy.
A. Yes
B. No
Answer:B
Question #7
Your company‫ג‬€™s Active Directory forest includes thousands of user accounts.
You have been informed that all network resources will be migrated to Azure. Thereafter, the on-premises data
center will be retired.
You are required to employ a strategy that reduces the effect on users, once the planned migration has been
completed.
Solution: You plan to require Azure Multi-Factor Authentication (MFA).
A. Yes
B. No
Answer:B
Question #8
You have an Azure virtual machine named VM1.
You plan to encrypt VM1 by using Azure Disk Encryption.
Which Azure resource must you create first?
A. an Azure Storage account
B. an Azure Key Vault
C. an Azure Information Protection policy
D. an Encryption key
Answer:B
Azure Disk Encryption requires an Azure Key Vault to control and manage disk encryption keys and secrets.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/disk-encryption-overview
Question #9
Solution: Recommend a Standard support plan.
A. Yes
B. No
Answer:A
phone.
Reference:
Question #10
Solution: Recommend a Premier support plan.
A. Yes
B. No
Answer:A
phone.
Reference:
Question #11
Who can use the Azure Total Cost of Ownership (TCO) calculator?
A. billing readers for an Azure subscription only
B. owners for an Azure subscription only
C. anyone
D. all users who have an account in Azure Active Directory (Azure AD) that is linked to an Azure subscription only
Answer:C
You don't need an Azure subscription to work with the TCO Calculator.
Reference:
https://docs.microsoft.com/en-us/learn/modules/plan-manage-azure-costs/2-compare-costs-tco-calculat
Question #12
Your company plans to request an architectural review of an Azure environment from Microsoft.
The company currently has a Basic support plan.
You need to recommend a new support plan for the company. The solution must minimize costs.
Which support plan should you recommend?
A. Premier
B. Developer
C. Professional Direct
D. Standard
Answer:A
The Premier support plan provides customer specific architectural support such as design reviews, performance
tuning, configuration and implementation assistance delivered by Microsoft Azure technical specialists.
Reference:
Question #13
HOTSPOT -
Hot Area:
Answer:
Box 1: Yes -
Most services go to private preview then public preview before being released to general availability.
The private preview is only available to certain Azure customers for evaluation purposes. The public preview is
available to all Azure customers.
Box 2: No -
Azure services in public preview can be managed using the regular management tools: Azure Portal, Azure CLI and
PowerShell.
Box 3: No -
Services in private or public preview are usually offered at reduced costs. However, the costs increase, not
decrease when the services are released to general availability.
Question #14
What is required to use Azure Cost Management?
A. a Dev/Test subscription
B. Software Assurance
C. an Enterprise Agreement (EA)
D. a pay-as-you-go subscription
Answer:C
Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement (MCA), or Microsoft
Partner Agreement (MPA) can use Azure Cost
Management.
Cost management is the process of effectively planning and controlling costs involved in your business. Cost
management tasks are normally performed by finance, management, and app teams. Azure Cost Management +
Billing helps organizations plan with cost in mind. It also helps to analyze costs effectively and take action to
optimize cloud spending.
Reference:
https://docs.microsoft.com/en-gb/azure/cost-management/overview-cost-mgt
Question #15
HOTSPOT -
Hot Area:
Answer:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a
host server before the VM starts. As soon as the VM is mounted, it becomes chargeable. For this reason, you are
unable to start a VM after a trial has expired.
Incorrect Answers:
➠ You are not charged for Azure Active Directory user accounts so you can continue to create accounts.
➠ You can access data that is already stored in Azure.
➠ You can access the Azure Portal. You can also reactivate and upgrade the expired subscription in the portal.
Question #16
Solution: Recommend a Professional Direct support plan.
A. Yes
B. No
Answer:A
The Developer support plan has only technical support for engineers via email.
phone.
Reference:
Question #17
Which resources can be used as a source for a Network security group inbound security rule?
A. Service Tags only
B. IP Addresses, Service tags and Application security groups
C. Application security groups only
D. IP Addresses only
Answer:B
Source or destination:
Any, or an individual IP address, classless inter-domain routing (CIDR) block (10.0.0.0/24, for example), service tag,
or application security group.
Reference:
https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
Question #18
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook
Question #19
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy
Question #20
HOTSPOT -
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview
Question #21
DRAG DROP -
You need to complete the defense-in-depth strategy used in a datacenter.
What should you do? To answer, drag the appropriate layers to the correct positions in the model. Each layer may
be used once, more than once, or not at all.
You may need to drag the split bar between panes or scroll to view content.
Select and Place:
Answer:
Defence in depth layers (from bottom to top):
➠ Data
- In almost all cases attackers are after data.
- Data can be in database, stored on disk inside VMs, on a SaaS application such as Office 365 or in cloud storage.
- Those storing and controlling access to data to ensures that it's properly secured
- Often regulatory requirements dictates controls & processes
- to ensure confidentiality, integrity, and availability.
➠ Application
- Ensure applications are secure and free of vulnerabilities.
- Store sensitive application secrets in a secure storage medium.
- Make security a design requirement for all application development.
- Integrate security into the application development life cycle.
➠ Compute
- Secure access to virtual machines.
- Implement endpoint protection and keep systems patched and current.
- Malware, unpatched systems, and improperly secured systems open your environment to attacks.
➠ Networking
- Limit communication between resources.
- Deny by default.
- Allow only what is required
- Restrict inbound internet access and limit outbound, where appropriate.
- Implement secure connectivity to on-premises networks.
➠ Perimeter
- Use distributed denial of service (DDoS) protection to filter large-scale attacks before they can cause a denial of
service for end users.
- Use perimeter firewalls to identify and alert on malicious attacks against your network.
➠ Identity and access
- Control access to infrastructure and change control.
- Access granted is only what is needed
- Use single sign-on and multi-factor authentication.
- Audit events and changes.
➠ Physical security
- Building security & controlling access to computing hardware.
- First line of defense.
Reference:
https://github.com/undergroundwires/Azure-in-bullet-points/blob/master/AZ-
900%20Microsoft%20Azure%20Fundamentals/4.2.%20Defence%20in%20Depth.md
Question #22
DRAG DROP -
Your company intends to subscribe to an Azure support plan.
The support plan must allow for new support requests to be opened.
Which of the following are support plans that will allow this? Answer by dragging the correct option from the list to
the answer area.
Select and Place:
Answer:
References:
Question #23
Your company has datacenters in Los Angeles and New York. The company has a Microsoft Azure subscription.
You are configuring the two datacenters as geo-clustered sites for site resiliency.
You need to recommend an Azure storage redundancy option.
You have the following data storage requirements:
➠Data must be stored on multiple nodes.
➠ Data must be stored on nodes in separate geographic locations.
➠ Data can be read from the secondary location as well as from the primary location
Which of the following Azure stored redundancy options should you recommend?
A. Geo-redundant storage
B. Read-only geo-redundant storage
C. Zone-redundant storage
D. Locally redundant storage
Answer:B
RA-GRS allows you to have higher read availability for your storage account by providing ‫ג‬€read only‫ג‬€ access to
the data replicated to the secondary location. Once you enable this feature, the secondary location may be used to
achieve higher availability in the event the data is not available in the primary region. This is an
‫ג‬€opt-in‫ג‬€ feature which requires the storage account be geo-replicated.
References:
https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy https://docs.microsoft.com/en-
us/azure/storage/common/storage-redundancy-grs#read-access-geo-redundant-storage
Question #24
Your company‫ג‬€™s Azure subscription includes a Basic support plan.
They would like to request an assessment of an Azure environment‫ג‬€™s design from Microsoft. This is, however,
not supported by the existing plan.
You want to make sure that the company subscribes to a support plan that allows this functionality, while keeping
expenses to a minimum.
Solution: You recommend that the company subscribes to the Professional Direct support plan.
A. Yes
B. No
Question #25
Solution: You should make use of Software as a Service (SaaS).
A. Yes
B. No
Answer:B
Question #26
Solution: You should make use of Platform as a Service (PaaS).
A. Yes
B. No
Answer:B
Question #27
Solution: You recommend the use of Azure Multi-Factor Authentication (MFA).
A. Yes
B. No
Answer:B
Question #28
DRAG DROP -
The company would like to develop a cloud solution by making use of Azure Government. Azure Government can
only be used by certain types of clients to develop cloud solutions.
Which of the following are the types of customers that can make use of Azure Government in this situation?
Answer by dragging the correct option from the list to the answer area.
Select and Place:
Answer:
References:
https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/2-what-is-azure-government
Question #29
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via
the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified
IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Identity Protection.
A. Yes
B. No
Answer:A
References:
Question #30
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via
the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified
IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Privileged Identity Management.
A. Yes
B. No
Answer:B
References:
Question #31
Solution: You recommend the use of Azure Information Protection.
A. Yes
B. No
Answer:B

AZ-900 ITExams

Uploaded by

Copyright:

Available Formats

AZ-900 ITExams

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AZ-900 ITExams

Uploaded by

Copyright:

Available Formats

https://itexamcertified.

AZ-900 Microsoft Azure Fundamentals

You are required to deploy an Artificial Intelligence (AI) solution in Azure.

You are required to sanction a strategy to create Azure resources automatically.

 A. Configure a Site-to-Site (S2S) VPN.

 D. Configure DirectAccess on a Windows Server 2012 server VM.

You have an on-premises network that contains several servers.

solution, while others might not have a correct solution.

 A. Software as a Service (SaaS)

You have an on-premises network that contains 100 servers.

 A. a complete migration to the public cloud

 B. an additional data center

You plan to migrate several servers from an on-premises network to Azure.

 A. The public cloud is owned by the public, NOT a private corporation

Select and Place:

Your company has an on-premises network that contains multiple servers.

➠ Backing up application data

 A. Replacing failed server hardware

You plan to provision Infrastructure as a Service (IaaS) resources in Azure.

 A. an Azure web app

To which cloud models can you deploy physical servers?

 A. private cloud and hybrid cloud only

 C. private cloud, hybrid cloud and public cloud

Box 1: Public Cloud -

Box 2: Private Cloud -

Box 3: Hybrid Cloud -

solution, while others might not have a correct solution.

 A. Software as a Service (SaaS)

Building a data center infrastructure is capital expenditure, not operation expenditure.

Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.

 D. Azure storage account and web server in Azure virtual machines.

What does a customer provide in a software as a service (SaaS) model?

You plan to deploy several Azure virtual machines.

 A. Azure Data Lake

 A. a physical server failure

Zones per supported Azure region.

location to create the resource group in.

 A. a virtual network gateway

 A. Create a service health alert

Your company plans to move several servers to Azure.

 A. an Azure SQL database

 D. a Blob service in a storage account

Your company plans to migrate all its network resources to Azure.

 A. Azure Event Hubs

B. Azure Service Health

D. Microsoft Trust Center

You plan to deploy several Azure virtual machines.

 A. Deploy the virtual machines to two or more availability zones.

including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as

 A. Azure Reserved Virtual Machines (VM) Instances

 A. Azure Service Fabric

Box 1: Azure DevOps.

Box 1: Azure SQL Database -

 A. Azure Data Lake

 E. Azure Notification Hubs

You have an Azure web app.

Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.

 A. Azure Logic Apps

You have an Azure environment.

 A. Use Bash in Azure Cloud Shell.