Azure-900 MCQ Dumps

Join for our main channel - https://t.
me/Tcs_wings_2022
AZ-900: Exam Questions (1-230)
Question 1
Instruction
For each of the following statements, select Yes if the statement is

true. Otherwise, select No.
Question
1. A platform as a service (PaaS) solution that hosts web apps in

Azure provides full control of the operating systems that host
applications.
2. A platform as a service (PaaS) solution that hosts web apps

in Azure web apps in Azure provides the ability to scale the
platform automatically.
3. A platform as a service (PaaS) solution that hosts web apps

in Azure provides professional development services to
continuously add features to custom applications.
Answer
1. No.
2. Yes.
3. Yes.
Join for our main channel - https://t.me/Tcs_wings_2022
Section: Describe Cloud Concepts
Explanation
<box 1>: No
A PaaS solution does not provide access to the operating system. The
Azure Web Apps service provides an environment for you to host your
web applications. Behind the scenes, the web apps are hosted on
virtual machines running IIS. However, you have no direct access to
the virtual machine, the operating system or IIS.
<box 2>: Yes
A PaaS solution that hosts web apps in Azure does provide the ability
to scale the platform automatically. This is known as autoscaling.
Behind the scenes, the web apps are hosted on virtual machines
running IIS. Autoscaling means adding more load balanced virtual
machines to host the web apps.
<box 3>: Yes
PaaS provides a framework that developers can build upon to develop

or customize cloud-based applications. PaaS development tools can
cut the time it takes to code new apps with pre-coded application
components built into the platform, such as workflow, directory
services, security features, search and so on.
Reference
● What is PaaS?
Question 2
Instruction

Question
1. Azure provides flexibility between capital

expenditure (CapEx) and operational expenditure
(OpEx).
2. If you create two Azure virtual machines that use the B2S
size, each virtual machine will always generate the same
monthly costs.
3. When an Azure virtual machine is stopped, you continue

to pay storage costs associated to the virtual machine.
Answer
1. Yes.
2. No.
3. Yes.

Explanation
<box 1>: Yes
Traditionally, IT expenses have been considered a Capital

Expenditure (CapEx). Today, with the move to the cloud and the pay-
as-you-go model, organizations have the ability to stretch their
budgets and are shifting their IT CapEx costs to Operating
Expenditures (OpEx) instead. This flexibility, in accounting terms, is
now an option due to the “as a Service” model of purchasing software,
cloud storage and other IT related resources.
<box 2>: No
Two virtual machines using the same size could have different disk
configurations. Therefore, the monthly costs could be different.
<box 3>: Yes
When an Azure virtual machine is stopped, you don’t pay for the
virtual machine. However, you still pay for the storage costs associated
to the virtual machine. The most common storage costs are for the
disks attached to the virtual machines. There are also other storage
costs associated with a virtual machine such as storage for diagnostic
data and virtual machine backups.
Reference
● CapEx Vs OpEx: Cloud Computing
Question 3
Instruction
To complete the sentence, select the appropriate option in the answer

area.
Question
When you are implementing a Software as a Service (SaaS) solution,

you are responsible for <box 1>
Answer Area for <box 1> :
● configuring high availability.
● defining scalability rules.
● installing the SaaS solution.
● configuring the SaaS solution.
Answer
configuring the SaaS solution.

Explanation
Everything else is managed by the cloud provider.
SaaS requires the least amount of management. The cloud provider is

responsible for managing everything, and the end user just uses the
software.
Software as a service (SaaS) allows users to connect to and use cloud-

based apps over the internet. Common examples are email,
calendaring and office tools (such as Microsoft Office 365).
SaaS provides a complete software solution which you purchase on a

pay-as-you-go basis from a cloud service provider. You rent the use of
an app for your organization and your users connect to it over the
internet, usually with a web browser. All of the underlying
infrastructure, middleware, app software and app data are located in
the service provider’s data center. The service provider manages the
hardware and software and with the appropriate service agreement,
will ensure the availability and the security of the app and your data
as well.
Reference
● What is SaaS?
● Discuss Azure fundamental concepts (24 minutes to read)
Question 4
Question
You have an on-premises network that contains several servers.
You plan to migrate all the servers to Azure.
You need to recommend a solution to ensure that some of the servers

are available if a single Azure data center goes offline for an extended
period.
What should you include in the recommendation?
A. fault tolerance
B. elasticity
C. scalability
D. low latency
Answer
A.
Explanation
Fault tolerance is the ability of a system to continue to function in the

event of a failure of some of its components.
In this question, you could have servers that are replicated across
datacenters.
Availability zones expand the level of control you have to maintain the
availability of the applications and data on your VMs. Availability
Zones are unique physical locations within an Azure region. Each
zone is made up of one or more datacenters equipped with
independent power, cooling, and networking. To ensure resiliency,
there are a minimum of three separate zones in all enabled regions.
The physical separation of Availability Zones within a region protects
applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime

SLA. By architecting your solutions to use replicated VMs in zones,
you can protect your applications and data from the loss of a
datacenter. If one zone is compromised, then replicated apps and data
are instantly available in another zone.
Reference
● Availability options for Azure Virtual Machines (3 minutes

to read)
Question 5
Instruction

area.
Question
An organization that hosts its infrastructure <box 1> no longer

requires a data center.
● in a private cloud
● in a hybrid cloud
● in the public cloud
● on a Hyper-V host
Answer
in the public cloud
Explanation
A private cloud is hosted in your datacenter. Therefore, you cannot

close your datacenter if you are using a private cloud.
A public cloud is hosted externally, for example, in Microsoft Azure.

An organization that hosts its infrastructure in a public cloud can close
its data center.
Public cloud is the most common deployment model. In this case, you
have no local hardware to manage or keep up-to-date — everything
runs on your cloud provider’s hardware.
Microsoft Azure is an example of a public cloud provider.
In a private cloud, you create a cloud environment in your own

datacenter and provide self-service access to compute resources to
users in your organization. This offers a simulation of a public cloud
to your users, but you remain completely responsible for the purchase
and maintenance of the hardware and software services you provide.
Reference
Question 6
Question
What are two characteristics of the public cloud?
A. dedicated hardware
B. unsecured connections
C. limited storage
D. metered pricing
E. self-service management
Answer
D, E.
Explanation
With the public cloud, you get pay-as-you-go pricing — you pay only
for what you use, no CapEx costs.
With the public cloud, you have self-service management. You are
responsible for the deployment and configuration of the cloud
resources such as virtual machines or web sites. The underlying
hardware that hosts the cloud resources is managed by the cloud
provider.
Incorrect Answers:
A: You don’t have dedicated hardware. The underlying hardware is

shared so you could have multiple customers using cloud resources
hosted on the same physical hardware.
B: Connections to the public cloud are secure.
C: Storage is not limited. You can have as much storage as you like.
Reference
Question 7
Instruction

area.
Question
When planning to migrate a public website to Azure, you must plan

to <box 1>
● deploy a VPN.
● pay monthly usage costs.

● pay to transfer all the website data to Azure.
● reduce the number of connections to the website.
Answer
pay monthly usage costs.
Explanation
When planning to migrate a public website to Azure, you must plan to

pay monthly usage costs. This is because Azure uses the pay-as-you-go
model.
Question 8
Question
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only Platform as a Service

(PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company

migration plan.
Solution: You create an Azure App Service and Azure SQL databases.
Does this meet the goal?
A. Yes
B. No
Answer
A.
Explanation
Azure App Service and Azure SQL databases are examples of Azure
PaaS solutions. Therefore, this solution does meet the goal.
Question 9
Question


migration plan.
Solution: You create an Azure App Service and Azure virtual

machines that have Microsoft SQL Server installed.
A. Yes
B. No
Answer
B.
Explanation
Azure App Service is a PaaS (Platform as a Service) service. However,

Azure virtual machines are an IaaS (Infrastructure as a Service)
service. Therefore, this solution does not meet the goal.
Question 10
Question


migration plan.
Solution: You create an Azure App Service and Azure Storage
accounts. Does this meet the goal?
A. Yes
B. No
Answer
B.
Explanation
Azure App Service is a PaaS (Platform as a Service) service. However,

Azure Storage accounts are an IaaS (Infrastructure as a Service)
service. Therefore, this solution does not meet the goal.
Question 11
Question
Your company hosts an accounting application named App1 that is

used by all the customers of the company.
App1 has low usage during the first three weeks of each month and
very high usage during the last week of each month.
Which benefit of Azure Cloud Services supports cost management for

this type of usage pattern?
A. high availability
B. high latency
C. elasticity
D. load balancing
Answer
C.
Explanation
Elasticity in this case is the ability to provide additional compute

resource when needed and reduce the compute resource when not
needed to reduce costs. Autoscaling is an example of elasticity.
Elastic computing is the ability to quickly expand or decrease computer

processing, memory and storage resources to meet changing demands
without worrying about capacity planning and engineering for peak

usage. Typically controlled by system monitoring tools, elastic
computing matches the amount of resources allocated to the amount
of resources actually needed without disrupting operations. With
cloud elasticity, a company avoids paying for unused capacity or idle
resources and doesn’t have to worry about investing in the purchase or
maintenance of additional resources and equipment.
Reference
● What is elastic computing or cloud elasticity?
Question 12
Question
You plan to migrate a web application to Azure. The web application

is accessed by external users.
You need to recommend a cloud deployment solution to minimize the

amount of administrative effort used to manage the web application.
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)

C. Infrastructure as a Service (IaaS)
D. Database as a Service (DaaS)
Answer
B.
Explanation
Azure App Service is a platform-as-a-service (PaaS) offering that lets

you create web and mobile apps for any platform or device and
connect to data anywhere, in the cloud or on-premises. App Service
includes the web and mobile capabilities that were previously
delivered separately as Azure Websites and Azure Mobile Services.
Reference
● Best practices for securing PaaS web and mobile

applications using Azure App Service (2 minutes to read)
Question 13
Instruction
To answer, select the appropriate options in the answer area.

Question
Which cloud deployment solution is used for Azure virtual machines

and Azure SQL databases?
Azure virtual machines: <box 1>
● Infrastructure as a service (IaaS)
● Platform as a service (PaaS)
● Software as a service (SaaS)
Azure SQL databases: <box 2>
● Infrastructure as a service (IaaS)
● Platform as a service (PaaS)
● Software as a service (SaaS)
Answer
Azure virtual machines: Infrastructure as a service (IaaS)
Azure SQL databases: Platform as a service (PaaS)

Explanation
<box 1>: Infrastructure as a service (IaaS)
Azure virtual machines are Infrastructure as a Service (IaaS).
Infrastructure as a Service is the most flexible category of cloud

services. It aims to give you complete control over the hardware that
runs your application (IT infrastructure servers and virtual machines
(VMs), storage, networks, and operating systems). Instead of buying
hardware, with IaaS, you rent it.
<box 2>: Platform as a service (PaaS)
Azure SQL databases are Platform as a Service (Paas).
Azure SQL Database is a fully managed Platform as a Service (PaaS)

Database Engine that handles most of the database management
functions such as upgrading, patching, backups, and monitoring
without user involvement. Azure SQL Database is always running on
the latest stable version of SQL Server Database Engine and patched
OS with 99.99% availability. PaaS capabilities that are built-in into
Azure SQL database enable you to focus on the domain specific
database administration and optimization activities that are critical
for your business.
Reference
● What is Azure SQL Database? (18 minutes to read)
Question 14
Question
You have an on-premises network that contains 100 servers.
You need to recommend a solution that provides additional resources

to your users. The solution must minimize capital and operational
expenditure costs.
A. a complete migration to the public cloud
B. an additional data center
C. a private cloud
D. a hybrid cloud
Answer
D.
Explanation
A hybrid cloud is a combination of a private cloud and a public cloud.
Capital expenditure is the spending of money up-front for

infrastructure such as new servers.
With a hybrid cloud, you can continue to use the on-premises servers
while adding new servers in the public cloud (Azure for example).
Adding new servers in Azure minimizes the capital expenditure costs
as you are not paying for new servers as you would if you deployed
new server on-premises.
Incorrect Answers:
A: A complete migration of 100 servers to the public cloud would

involve a lot of operational expenditure (the cost of migrating all the
servers).
B: An additional data center would involve a lot of capital expenditure

(the cost of the new infrastructure).
C: A private cloud is hosted on on-premises servers to this would

involve a lot of capital expenditure (the cost of the new infrastructure
to host the private cloud).
Reference
Question 15
Instruction

Question
1. To achieve a hybrid cloud model, a company must

always migrate from a private cloud model.
2. A company can extend the capacity of its internal network

by using the public cloud.
3. In a public cloud model, only guest users at your company

can access the resources in the cloud.
Answer
1. No.
2. Yes.
3. No.

Explanation
<box 1>: No
It is not true that a company must always migrate from a private cloud
model to implement a hybrid cloud. You could start with a public
cloud and then combine that with an on-premise infrastructure to
implement a hybrid cloud.
<box 2>: Yes
A company can extend the capacity of its internal network by using the
public cloud. This is very common. When you need more capacity,
rather than pay out for new on-premises infrastructure, you can
configure a cloud environment and connect your on-premises network
to the cloud environment by using a VPN.
<box 3>: No
It is not true that only guest users can access cloud resources. You can
give anyone with an account in Azure Active Directory access to the
cloud resources. There are many authentication scenarios but a
common one is to replicate your on-premises Active Directory
accounts to Azure Active Directory and provide access to the Azure
Active Directory accounts. Another commonly used authentication
method is ‘Federation’ where authentication for access to cloud
resources is
passed to another authentication provider such as an on-premises

Active Directory.
Reference
● What is a hybrid cloud?
Question 16
Question
You plan to migrate several servers from an on-premises network to

Azure.
What is an advantage of using a public cloud service for the servers

over an on-premises network?
A. The public cloud is owned by the public, NOT a private corporation
B. The public cloud is a crowd-sourcing solution that

provides corporations with the ability to enhance the cloud
C. All public cloud resources can be freely accessed by every member

of the public
D. The public cloud is a shared entity whereby multiple

corporations each use a portion of the resources in the cloud
Answer
D.
Explanation
The public cloud is a shared entity whereby multiple corporations

each use a portion of the resources in the cloud. The hardware
resources (servers, infrastructure etc.) are managed by the cloud
provider.
Multiple companies create resources such as virtual machines and
virtual networks on the hardware resources.
Incorrect Answers:
A: The public cloud is not owned by the public. In the case of

Microsoft Azure, the cloud is owned by Microsoft.
B: The public cloud is a not crowd-sourcing solution. In the case of

Microsoft Azure, the cloud is owned by Microsoft.
C: It is not true that public cloud resources can be freely accessed by

every member of the public. You pay for a cloud subscription and
create accounts for your users to access your cloud resources. No one
can access your cloud resources until you create user accounts and
provide the appropriate access permissions.
Question 17
Instruction

area.
Question
Azure Site Recovery provides <box 1> for virtual machines.
● fault tolerance
● disaster recovery
● elasticity
● high availability
Answer
fault tolerance
Explanation
Azure Site Recovery helps ensure business continuity by keeping

business apps and workloads running during outages. Site Recovery
replicates workloads running on physical and virtual machines (VMs)

from a primary site to a secondary location.
Reference
● About Site Recovery (3 minutes to read)
Question 18
Question
In which type of cloud model are all the hardware resources owned by
a third-party and shared between multiple tenants?
A. private
B. hybrid
C. public
Answer
C .
Explanation
Microsoft Azure, Amazon Web Services and Google Cloud are three
examples of public cloud services.
Microsoft, Amazon and Google own the hardware. The tenants are the
customers who use the public cloud services.
Question 19
Instruction

area.
Question
An Azure web app that queries an on-premises Microsoft SQL server is

an example of a <box 1> cloud.
● hybrid
● multi-vendor
● private
● public
Answer
hybrid
Explanation
Question 20
Question
You have 1,000 virtual machines hosted on the Hyper-V hosts in a

data center.
You plan to migrate all the virtual machines to an Azure pay-as-you-go

subscription.
You need to identify which expenditure model to use for the planned
Azure solution.
Which expenditure model should you identify?
A. operational
B. elastic
C. capital
D. scalable
Answer
A .
Explanation
One of the major changes that you will face when you move from on-
premises cloud to the public cloud is the switch from capital
expenditure (buying hardware) to operating expenditure (paying for
service as you use it). This switch also requires more careful
management of your costs. The benefit of the cloud is that you can
fundamentally and positively affect the cost of a service you use by
merely shutting down or resizing it when it’s not needed.
Reference
● Azure enterprise scaffold is now the Microsoft Cloud

Adoption Framework for Azure (2 minutes to read)
Question 21
Instruction
Match the Azure Cloud Services benefit to the correct description.

Each benefit may be used once, more than once, or not at all.
Question
Azure Cloud Services:
● Disaster recovery
● Fault tolerance
● Low latency
● Dynamic scalability
Descriptions:
1. A cloud service that remains available after a failure occurs
2. A cloud service that can be recovered after a failure occurs
3. A cloud service that performs quickly when demand increases
4. A cloud service that can be accessed quickly from the internet
Answer
1. Fault tolerance: A cloud service that remains available after

a failure occurs
2. Disaster recovery: A cloud service that can be recovered

after a failure occurs
3. Dynamic scalability:
A cloud service that performs
quickly when demand increases
4. Low latency: A cloud service that can be accessed quickly

from the internet
Explanation
<box 1>: Fault tolerance
Fault tolerance is the ability of a service to remain available after a

failure of one of the components of the service. For example, a service
running on multiple servers can withstand the failure of one of the
servers.
<box 2>: Disaster recovery
Disaster recovery is the recovery of a service after a failure. For

example, restoring a virtual machine from backup after a virtual
machine failure.
<box 3>: Dynamic scalability
Dynamic scalability is the ability for compute resources to be added to

a service when the service is under heavy load. For example, in a
virtual machine scale set, additional instances of the virtual machine
are added when the existing virtual machines are under heavy load.
<box 4>: Low latency
Latency is the time a service to respond to requests. For example, the

time it takes for a web page to be returned from a web server. Low
latency means low response time which means a quicker response.
Reference
● Microsoft Azure — Fault Tolerance Pitfalls and Resolutions

in the Cloud
● cloud disaster recovery (cloud DR)
● The Benefit of Scalability in Cloud Computing
● What is cloud computing?
Question 22
Instruction

Question
1. To implement a hybrid cloud model, a company must have

an internal network.
2. A company can extend the computing resources of its

internal network by using a hybrid cloud.
3. In a public cloud model, only guest users at your company

can access the resources in the cloud.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
It is not true that a company must always migrate from an internal

network to implement a hybrid cloud. You could start with a public
cloud and then combine that with an on-premise infrastructure to
implement a hybrid cloud.
<box 2>: Yes
A company can extend the computing resources of its internal network

by using the public cloud. This is very common. When you need more
resources, rather than pay out for new on-premises infrastructure, you
can configure a cloud environment and connect your on-premises
network to the cloud environment by using a VPN.
<box 3>: No
It is not true that only guest users can access cloud resources. You can
give anyone with an account in Azure Active Directory access to the
cloud resources. There are many authentication scenarios but a
common one is to replicate your on-premises Active Directory
accounts to Azure Active Directory and provide access to the Azure
Active Directory accounts. Another commonly used authentication
method is ‘Federation’ where authentication for access to cloud
resources is passed to another authentication provider such as an on-
premises Active Directory.
Reference
Question 23
Instruction

Question
1. A Platform as a Service (PaaS) solution provides full control

of operating systems that host applications.
2. A Platform as a Service (PaaS) solution provides

additional memory to apps by changing pricing tiers.
3. A Platform as a Service (PaaS) solution can

automatically scale the number of instances.
Answer
1. No.
2. No.
3. Yes.
Question 24
Question
Your company has an on-premises network that contains multiple

servers.
The company plans to reduce the following administrative

responsibilities of network administrators:
● Backing up application data
● Replacing failed server hardware
● Managing physical server security

● Updating server operating systems
● Managing permissions to shared documents
The company plans to migrate several servers to Azure virtual

machines.
You need to identify which administrative responsibilities will be

eliminated after the planned migration.
Which two responsibilities should you identify?
A. Replacing failed server hardware
B. Backing up application data
C. Managing physical server security
D. Updating server operating systems
E. Managing permissions to shared documents
Answer
A, C.

Explanation
Azure virtual machines run on Hyper-V physical servers. The physical

servers are owned and managed by Microsoft. As an Azure customer,
you have no access to the physical servers. Microsoft manage the
replacement of failed server hardware and the security of the physical
servers so you don’t need to.
Incorrect Answers:
B: Microsoft have no control over the applications you run on the

virtual machines. Therefore, it is your responsibility to ensure that
application data is backed up.
D: Microsoft do not manage the operating systems you run on the

virtual machines. Therefore, it is your responsibility to ensure that the
operating systems are updated.
E: Microsoft have no control over the shared folders you host on the
virtual machines. Therefore, it is your responsibility to ensure that
folder permissions are configured appropriately.
Question 25
Instruction

Question
1. Azure Pay-As-You-Go pricing is an example of CapEx.
2. Paying electricity for your datacenter is an example of OpEx.
3. Deploying your own datacenter is an example of CapEx.
Answer
1. No.
2. No.
3. Yes.
Explanation
One of the major changes that you will face when you move from on-
premises cloud to the public cloud is the switch from capital
expenditure (buying hardware) to operating expenditure (paying for
service as you use it).
<box 1>: No
With the pay-as-go model, you pay for services as you use them. This
is Opex (Operational Expenditure), not CapEx (Captial Expenditure).
CapEx is where you pay for something upfront. For example, buying a
new physical server.
<box 2>: No
Paying for electricity for your own datacenter will be classed as

CapEx, not OpEx.
<box 3>: Yes
Deploying your own datacenter is an example of CapEx. This is

because you need to purchase all the infrastructure upfront before
you can use it.
Reference
● Azure enterprise scaffold is now the Microsoft Cloud

Adoption Framework for Azure (2 minutes to read)
Question 26
Question
You plan to provision Infrastructure as a Service (IaaS) resources in

Azure.
Which resource is an example of IaaS?
A. an Azure web app
B. an Azure virtual machine

C. an Azure logic app
D. an Azure SQL database
Answer
B.
Explanation
An Azure virtual machine is an example of Infrastructure as a Service

(IaaS).
Azure web app, Azure logic app and Azure SQL database are all
examples of Platform as a Service (Paas).
Reference
● What is IaaS?
● What is PaaS?
Question 27
Question
To which cloud models can you deploy physical servers?

A. private cloud and hybrid cloud only
B. private cloud only
C. private cloud, hybrid cloud and public cloud
D. hybrid cloud only
Answer
A .
Explanation
A private cloud is on-premises so you can deploy physical servers.
A hybrid cloud is a mix of on-premise and public cloud resources. You

can deploy physical servers on-premises.
Reference
Question 28
Instruction
Match the cloud model to the correct advantage. Each cloud model
may be used once, more than once, or not at all.
Question
Cloud models:
● Hybrid Cloud
● Private Cloud
● Public Cloud
Advantages:
1. No required capital expenditure.
2. Provides complete control over security.
3. Provides a choice to use on-premises or cloud-

based resources.
Answer
1. Public Cloud: No required capital expenditure.
2. Private Cloud: Provides complete control over security.
3. Hybrid Cloud: Provides a choice to use on-premises or

cloud- based resources.

Explanation
<box 1>: Public Cloud
With a public cloud, there is no capital expenditure on server

hardware etc. You only pay for cloud resources that you use as you use
them.
<box 2>: Private Cloud
A private cloud exists on premises, so you have complete control over

security.
<box 3>: Hybrid Cloud
A hybrid cloud is a mix of public cloud resources and on-premises

resources. Therefore, you have a choice to use either.
Question 29
Instruction

Question
1. A company can extend a private cloud by adding its

own physical servers to the public cloud.
2. To build a hybrid cloud, you must deploy resources to

the public cloud.
3. A private cloud must be disconnected from the internet.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
You cannot add physical servers to the public cloud. You can only
deploy virtual servers in the public cloud. You can extend a private
cloud by deploying virtual servers in a public cloud. This would create
a hybrid cloud.
<box 2>: Yes
A hybrid cloud is a combination of a private cloud and public cloud.

Therefore, to create a hybrid cloud, you must deploy resources to a
public cloud.
<box 3>: No
It is not true that a private cloud must be disconnected from the

Internet. Private clouds can be and most commonly are connected to
the Internet. “Private cloud” means that the physical servers are
managed by you. It does not mean that it is disconnected from the
Internet.
Reference
● What are public, private, and hybrid clouds?
Question 30
Question
You have 50 virtual machines hosted on-premises and 50 virtual

machines hosted in Azure. The on-premises virtual machines and the
Azure virtual machines connect to each other.
Which type of cloud model is this?
A. hybrid
B. private
C. public
Answer
A.
Reference
Question 31
Instruction

Question
1. A platform as a service (PaaS) solution that hosts web apps in

Azure provides full control of the operating systems that host
applications.
2. A Platform as a Service (PaaS) solution that hosts web apps

in Azure can be provided with additional memory by
changing the pricing tier.
3. A Platform as a Service (PaaS) solution that hosts web apps

in Azure can be configured to automatically scale the number
of instances based on demand.
Answer
1. No.
2. Yes.
3. Yes.
Explanation
<box 1>: No
A PaaS solution does not provide access to the operating system. The
Azure Web Apps service provides an environment for you to host your
web applications. Behind the scenes, the web apps are hosted on
virtual machines running IIS. However, you have no direct access to
the virtual machine, the operating system or IIS.
<box 2>: Yes
<box 3>: Yes
A PaaS solution that hosts web apps in Azure does provide the ability
to scale the platform automatically. This is known as autoscaling.
Behind the scenes, the web apps are hosted on virtual machines
running IIS. Autoscaling means adding more load balanced virtual
machines to host the web apps.
Reference
● What is PaaS?
Question 32
Question


migration plan.
Solution: You create Azure virtual machines, Azure SQL databases,

and Azure Storage accounts.
A. Yes
B. No
Answer
B.
Explanation
Platform as a service (PaaS) is a complete development and

deployment environment in the cloud. PaaS includes infrastructure —
servers, storage, and networking — but also middleware, development
tools, business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the complete web
application lifecycle: building, testing, deploying, managing, and
updating.
However, virtual machines are examples of Infrastructure as a service

(IaaS). IaaS is an instant computing infrastructure, provisioned and
managed over the internet.
Reference
● What is PaaS?
● What is IaaS?
Question 33
Question
Your company plans to deploy several custom applications to Azure.

The applications will provide invoicing services to the customers of the
company. Each application will have several prerequisite applications

and services installed.
You need to recommend a cloud deployment solution for all the

applications.
What should you recommend?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (laaS)
Answer
C.
Explanation
Infrastructure as a service (IaaS) is an instant computing

infrastructure, provisioned and managed over the internet. The IaaS
service provider manages the infrastructure, while you purchase,
install, configure, and manage your own software.
Incorrect Answers:
A: Software as a service (SaaS) allows users to connect to and use

cloud-based apps over the Internet. Common examples are email,
calendaring, and office tools. In this scenario, you need to run
your own apps, and therefore require an infrastructure.
B: Platform as a service (PaaS) is a complete development and

deployment environment in the cloud. PaaS includes infrastructure —
servers, storage, and networking — but also middleware, development
tools, business intelligence (BI) services, database management
systems, and more. PaaS is designed to support the complete web
application lifecycle: building, testing, deploying, managing, and
updating.
Reference
● What is IaaS?
● What is SaaS?
● What is PaaS?
Question 34
Instruction

Question
1. Building a data center infrastructure is an example

of operational expenditure (OpEx) costs.
2. Monthly salaries for technical personnel are an example

of operational expenditure (OpEx) costs.
3. Leasing software is an example of operational

expenditure (OpEx) costs.
Answer
1. No.
2. Yes.
3. Yes.
Explanation
<box 1>: No
Building a data center infrastructure is capital expenditure, not

operation expenditure.
<box 2>: Yes
OpEx is ongoing costs (costs of operations) such as staff salaries.
<box 3>: Yes

OpEx is ongoing costs (costs of operations) such as leasing software.

If you purchased software as a one-off purchase, that would be
CapEx, but leasing software is ongoing so it’s OpEx.
Question 35
Instruction

area.
Question
Azure Cosmos DB is an example of <box 1> offering.
Answer Area for <box 1>:
● platform as a service (PaaS)
● infrastructure as a service (IaaS)
● serverless
● software as a service (SaaS)
Answer
platform as a service (PaaS)

Explanation
Azure Cosmos DB is an example of a platform as a service (PaaS)

cloud database provider.
Reference
● Security in Azure Cosmos DB — overview (14 minutes to read)
Question 36
Instruction

Question
1. With software as a service (SaaS), you must apply

software updates.
2. With infrastructure as a service (IaaS), you must install

the software that you want to use.
3. Azure Backup is an example of platform as a service (PaaS).
Answer
1. No.
2. Yes.
3. Yes.
Reference
● What is SaaS?
● What is IaaS?
● What is PaaS?
Question 37
Instruction

Question
1. You can create a resource group inside of another

resource group.
2. An Azure virtual machine can be in multiple resource groups.
3. A resource group can contain resources from multiple

Azure regions.
Answer
1. No.
2. No.
3. Yes.
Explanation
<box 1>: No
<box 2>: No
Each resource can exist in only one resource group.
<box 3>: Yes
Resources from multiple different regions can be placed in a resource

group. The resource group only contains metadata about the
resources it contains.
Reference
● What is Azure Resource Manager? (6 minutes to read)
● Effective ways to delete resources in a resource group

on Azure
Question 38
Instruction

Question
1. Microsoft SQL Server 2019 installed on an Azure

virtual machine is an example of platform as a service
(PaaS).
2. Azure SQL Database is an example of platform as a

service (PaaS).
3. Azure Cosmos DB is an example of software as a

service (SaaS).
Answer
1. No.
2. Yes.
3. Yes.
Reference
● What is Azure SQL? (18 minutes to read)
● Overview of Azure Cosmos DB
Question 39
Instruction

area.
Question
A Microsoft SQL Server database that is hosted in the cloud and has
software updates managed by Azure is an example of <box 1>
● disaster recovery as a service (DRaaS).
● infrastructure as a service (IaaS).
● platform as a service (PaaS).
● software as a service (SaaS).
Answer
platform as a service (PaaS).
Reference
● What is Azure SQL? (18 minutes to read)
Question 40
Question

You need to deploy an Azure environment that meets the company’s

migration plan.
What should you create?
A. Azure virtual machines, Azure SQL databases, and Azure

Storage accounts.
B. an Azure App Service and Azure virtual machines that

have Microsoft SQL Server installed.
C. an Azure App Service and Azure SQL databases.
D. Azure storage account and web server in Azure virtual machines.
Answer
C.

Explanation
Azure App Service and Azure SQL databases are examples of Azure
PaaS solutions. Therefore, this solution does meet the goal.
Question 41
Instruction
To complete the sentence, select the appropriate option in the answer area.
Question
You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual
machine named VM1 cannot connect to the other virtual machines, VM1 must <box 1>
● be deployed to a separate virtual network.

● run a different operating system than the other virtual machines.
● be deployed to a separate resource group.
● have two network interfaces.
Answer
be deployed to a separate virtual network.
Section: Describe Core Azure Services
Explanation
Azure automatically routes traffic between subnets in a virtual network. Therefore, all virtual
machines in a virtual network can connect to the other virtual machines in the same virtual
network. Even if the virtual machines are on separate subnets within the virtual network, they
can still communicate with each other.
To ensure that a virtual machine cannot connect to the other virtual machines, the virtual
machine must be deployed to a separate virtual network.
Reference
● Virtual network traffic routing (26 minutes to read)
Question 42
Instruction
Question
When you need to delegate permissions to several Azure virtual machines simultaneously, you
must deploy the Azure virtual machines <box 1>
● to the same Azure region.

● by using the same Azure Resource Manager template.
● to the same resource group.
● to the same availability zone.
Answer
to the same resource group.
Explanation
A resource group is a logical container for Azure resources. Resource groups make the
management of Azure resources easier.
With a resource group, you can allow a user to manage all resources in the resource group, such
as virtual machines, websites, and subnets. The permissions you apply to the resource group
apply to all resources contained in the resource group.
Reference
● Resource groups (6 minutes to read)
Question 43
Question
You plan to deploy several Azure virtual machines.
You need to ensure that the services running on the virtual machines are available if a single data
center fails.
Solution: You deploy the virtual machines to two or more availability zones.
A. Yes
B. No
Answer
A.
Explanation
Availability zones expand the level of control you have to maintain the availability of the
applications and data on your VMs. An Availability Zone is a physically separate zone, within an
Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your
solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a
datacenter. If one zone is compromised, then replicated apps and data are instantly available in
another zone.
Question 44
Instruction
This question requires that you evaluate the bold text to determine if it is correct. Review the
bold text. If it makes the statement correct, select “No change is needed”. If the statement is
incorrect, select the answer choice that makes the statement correct.
Question
One of the benefits of Azure SQL Data Warehouse is that high availability is built into the
platform.
A. No change is needed
B. automatic scaling
C. data compression
D. versioning
Answer
A.
Explanation
Azure Data Warehouse (now known as Azure Synapse Analytics) is a PaaS offering from
Microsoft. As with all PaaS services from Microsoft, SQL Data Warehouse offers an availability
SLA of 99.9%. Microsoft can offer 99.9% availability because it has high availability features
built into the platform.
Reference
● Dedicated SQL pool (formerly SQL DW) in Azure Synapse Analytics frequently
asked questions
Question 45
Question
center fails.
Solution: You deploy the virtual machines to two or more regions.
A. Yes
B. No
Answer
A.
Explanation
By deploying the virtual machines to two or more regions, you are deploying the virtual
machines to multiple datacenters. This will ensure that the services running on the virtual
machines are available if a single data center fails.
Azure operates in multiple datacenters around the world. These datacenters are grouped in to
geographic regions, giving you flexibility in choosing where to build your applications.
You create Azure resources in defined geographic regions like ‘West US’, ‘North Europe’, or
‘Southeast Asia’. You can review the list of regions and their locations. Within each region,
multiple datacenters exist to provide for redundancy and availability.
Reference
● Regions for virtual machines in Azure (4 minutes to read)
Question 46
Instruction
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Question
1. Azure resources can only access other resources in the same resource group.
2. If you delete a resource group, all the resources in the resource group will be deleted.
3. A resource group can contain resources from multiple Azure regions.
Answer
1. No.
2. Yes.
3. Yes.
Explanation
<box 1>: No
A resource can interact with resources in other resource groups.
<box 2>: Yes
Deleting the resource group will remove the resource group as well as all the resources in that
resource group. This can be useful for the management of resources. For example, a virtual
machine has several components (the VM itself, virtual disks, network adapter etc.). By placing
the VM in its own resource group, you can delete the VM along with all its associated
components by deleting the resource group.
Another example is when creating a test environment. You could place the entire test
environment (Network components, virtual machines etc.) in one resource group. You can then
delete the entire test environment by deleting the resource group.
<box 3>: Yes
Resources from multiple different regions can be placed in a resource group. The resource group
only contains metadata about the resources it contains.
Reference
● Effective ways to delete resources in a resource group on Azure
Question 47
Question
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized
by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend?
A. Azure Data Lake
B. Azure Cosmos DB
C. Azure SQL Data Warehouse
D. Azure SQL Database

E. Azure Database for PostgreSQL
Answer
A, C.
Explanation
You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL
Data Warehouse.
Azure Data Lake includes all of the capabilities required to make it easy for developers, data
scientists and analysts to store data of any size and shape and at any speed, and do all types of
processing and analytics across platforms and languages. It removes the complexities of
ingesting and storing all your data while making it faster to get up and running with batch,
streaming and interactive analytics. It also integrates seamlessly with operational stores and data
warehouses so that you can extend current data applications.
Reference
● Analyze data in Azure Data Lake Storage Gen1 by using Power BI (3 minutes to read)
● Data Lake
Question 48
Instruction
Question
You have an Azure environment that contains 10 web apps. To which URL should you connect
to manage all the Azure resources?
https://<box 1> <box 2> com
● admin.
● portal.
● www.
● azure.
● azurewebsites.
● microsoft.
Answer
https://portal. azure. com
Explanation
The Azure portal is a web-based management interface where you can view and manage all your
Azure resources in one unified hub, including web apps, databases, virtual machines, virtual
networks, storage and Visual Studio team projects.
The URL of the Azure portal is https://portal.azure.com.
Reference
● Microsoft Azure portal
Question 49
Question
You need to identify the type of failure for which an Azure Availability Zone can be used to
protect access to Azure services.
What should you identify?
A. a physical server failure
B. an Azure region failure
C. a storage failure
D. an Azure data center failure
Answer
D.
Explanation
applications and data on your VMs. An Availability Zone is a physically separate zone, within an
Azure region. There are three Availability Zones per supported Azure region.
Each Availability Zone has a distinct power source, network, and cooling. By architecting your
solutions to use replicated VMs in zones, you can protect your apps and data from the loss of a
datacenter. If one zone is compromised, then replicated apps and data are instantly available in
another zone.
Reference
● Availability options for Azure Virtual Machines (3 minutes to read)
Question 50
Question
You plan to extend your company’s network to Azure. The network contains a VPN appliance
that uses an IP address of 131.107.200.1.
You need to create an Azure resource that defines the VPN appliance in Azure.
Which Azure resource should you create?

Answer
Explanation
A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A
Virtual Network Gateway is the VPN object at the Azure end of the VPN. A ‘connection’ is what
connects the Local Network Gateway an the Virtual Network Gateway to bring up the VPN.
The local network gateway typically refers to your on-premises location. You give the site a
name by which Azure can refer to it, then specify the IP address of the on-premises VPN device
to which you will create a connection. You also specify the IP address prefixes that will be
routed through the VPN gateway to the VPN device. The address prefixes you specify are the
prefixes located on your on-premises network. If your on-premises network changes or you need
to change the public IP address for the VPN device, you can easily update the values later.
Reference
● Tutorial: Create a Site-to-Site connection in the Azure portal (19 minutes to read)
Question 51
Question
center fails.
Solution: You deploy the virtual machines to two or more resource groups.
A. Yes
B. No
Answer
B.
Explanation
A resource group is a logical container for Azure resources. When you create a resource group,
you specify which location to create the resource group in. However, when you create a virtual
machine and place it in the resource group, the virtual machine can still be in a different location
(different datacenter). Therefore, creating multiple resource groups, even if they are in separate
datacenters does not ensure that the services running on the virtual machines are available if a
single data center fails.
Reference
● Resource groups (6 minutes to read)
Question 52
Question
center fails.
Solution: You deploy the virtual machines to a scale set.
A. Yes
B. No
Answer
B.
Explanation
This answer does not specify that the scale set will be configured across multiple data centers so
this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The
number of VM instances can automatically increase or decrease in response to demand or a
defined schedule. Scale sets provide high availability to your applications, and allow you to
centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault
domains to maximize availability and resilience to outages due to data center outages, and
planned or unplanned maintenance events.
Question 53
Instruction
Question
1. An Azure subscription can be associated to multiple Azure Active Directory (Azure
AD) tenants.
2. You can change the Azure Active Directory (Azure AD) tenant to which an
Azure subscription is associated.
3. When an Azure subscription expires, the associated Azure Active Directory (Azure
AD) tenant is deleted automatically.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be
associated with one Azure AD tenant.
<box 2>: Yes
<box 3>: No
If your subscription expires, you lose access to all the other resources associated with the
subscription. However, the Azure AD directory remains in Azure. You can associate and manage
the directory using a different Azure subscription.
Reference
● Associate or add an Azure subscription to your Azure Active Directory tenant (4 minutes
to read)
Question 54
Instruction
Question
Resource groups provide organizations with the ability to manage the compliance of Azure
resources across multiple subscriptions.
B. Management groups
C. Azure policies
D. Azure App Service plans
Answer
C.
Explanation
Azure policies can be used to define requirements for resource properties during deployment and
for already existing resources. Azure Policy controls properties such as the types or locations of
resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These
policies enforce different rules and effects over your resources, so those resources stay compliant
with your corporate standards and service level agreements. Azure Policy meets this need by
evaluating your resources for non-compliance with assigned policies. All data stored by Azure
Policy is encrypted at rest.
For example, you can have a policy to allow only a certain SKU size of virtual machines in your
environment. Once this policy is implemented, new and existing resources are evaluated for
compliance. With the right type of policy, existing resources can be brought into compliance.
Reference
● What is Azure Policy? (11 minutes to read)
Question 55
Question
Your company plans to migrate to Azure. The company has several departments. All the Azure
resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments?
A. multiple subscriptions
B. multiple Azure Active Directory (Azure AD) directories
C. multiple regions
D. multiple resource groups
Answer
A, D.
Explanation
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to
resources and for billing. You are charged monthly for all resources in a subscription. A single
Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource
group can include all the resources for the solution, or only those resources that you want to
manage as a group.
To enable each department administrator to manage the Azure resources used by that
department, you will need to create a separate subscription per department. You can then assign
each department administrator as an administrator for the subscription to enable them to manage
all resources in that subscription.
Reference
● Create an additional Azure subscription (2 minutes to read)
Question 56
Instruction
Question
1. A single Microsoft account can be used to manage multiple Azure subscriptions.
2. Two Azure subscriptions can be merged into a single subscription.
3. A company can use resources from multiple subscriptions.
Answer
1. Yes.
2. No.
3. Yes.
Explanation
<box 1>: Yes
You can use the same account to manage multiple subscriptions. You can create an additional
subscription for your account in the Azure portal. You may want an additional subscription to
avoid hitting subscription limits, to create separate environments for security, or to isolate data
for compliance reasons.
<box 2>: No
You cannot merge two subscriptions into a single subscription. However, you can move some
Azure resources from one subscription to another. You can also transfer ownership of a
subscription and change the billing type for a subscription.
<box 3>: Yes

A company can have multiple subscriptions and store resources in the different subscriptions.
However, a resource instance can exist in only one subscription.
Reference
Question 57
Instruction
Question
You have several virtual machines in an Azure subscription. You create a new subscription. <box
1>
● The virtual machines cannot be moved to the new subscription.

● The virtual machines can be moved to the new subscription.
● The virtual machines can be moved to the new subscription only if they
are all in the same resource group.
● The virtual machines can be moved to the new subscription only if they
run Windows Server 2016.
Answer
The virtual machines can be moved to the new subscription.
Explanation
You can move a VM and its associated resources to a different subscription by using the Azure
portal.
Moving between subscriptions can be handy if you originally created a VM in a personal

subscription and now want to move it to your company’s subscription to continue your work.
You do not need to start the VM in order to move it and it should continue to run during the
move.
Reference
● Move a Windows VM to another Azure subscription or resource group (2 minutes to
read)
Question 58
Question
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network
to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation?
A. a virtual network gateway
B. a load balancer
C. an application gateway
D. a virtual network
E. a gateway subnet
Answer
A, E.
Explanation
To implement a solution that enables the client computers on your on-premises network to
communicate to the Azure virtual machines, you need to configure a VPN (Virtual Private
Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway
needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is
known as a gateway subnet and must be named ‘GatewaySubnet’.
Note: a virtual network (answer D) is also required. However, as we already have virtual
machines deployed in a Azure, we can assume that the virtual network is already in place.
Reference
● Connect an on-premises network to a Microsoft Azure virtual network (12 minutes to
read)
Question 59
Question
You attempt to create several managed Microsoft SQL Server instances in an Azure environment
and receive a message that you must increase your Azure subscription limits.
What should you do to increase the limits?
A. Create a service health alert
B. Upgrade your support plan
C. Modify an Azure policy
D. Create a new support request
Answer
D.
Explanation
Many Azure resource have quote limits. The purpose of the quota limits is to help you control
your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request,
select ‘Service and subscription limits (quotas)’ for the Issue type, select your subscription and
the service you want to increase the quota for. For this question, you would select ‘SQL
Database Managed Instance’ as the quote type.
Reference
● Overview of Azure SQL Managed Instance resource limits (10 minutes to read)
Question 60
Instruction
Question
1. Each Azure subscription can contain multiple account administrators.
2. Each Azure subscription can be managed by using a Microsoft account only.
3. An Azure resource group contains multiple Azure subscriptions.
Answer
1. Yes.
2. No.
3. No.
Explanation
<box 1>: Yes
You can assign additional account administrators in the Azure Portal.
<box 2>: No
You need an Azure Active Directory account to manage a subscription, not a Microsoft account.
An account is created in the Azure Active Directory when you create the subscription. Further
accounts can be created in the Azure Active Directory to manage the subscription.
<box 3>: No
Resource groups are logical containers for Azure resources. However, resource groups do not
contain subscriptions. Subscriptions contain resource groups.
Reference
● Subscriptions, licenses, accounts, and tenants for Microsoft’s cloud offerings (6 minutes
to read)
Question 61
Instruction
Question
1. Availability zones can be implemented in all Azure regions.
2. Only virtual machines that run Windows Server can be created in availability zones.
3. Availability zones are used to replicate data and applications to multiple regions.
Answer
1. No.
2. No.
3. No.
Explanation
<box 1>: No
Not all Azure regions support availability zones.
<box 2>: No
Availability zones can be used with many Azure services, not just VMs.
<box 3>: No
Availability Zones are unique physical locations within a single Azure region.
Reference
● Azure regions with Availability Zones (6 minutes to read)
Question 62
Question
You plan to create an Azure virtual machine.
You need to identify which storage service must be used to store the unmanaged data disks of the
virtual machine.
What should you identify?
Answer
Explanation
Azure containers are the backbone of the virtual disks platform for Azure IaaS. Both Azure OS
and data disks are implemented as virtual disks where data is durably persisted in the Azure
Storage platform and then delivered to the virtual machines for maximum performance. Azure
Disks are persisted in Hyper-V VHD format and stored as a page blob in Azure Storage.
Reference
● Overview of Azure page blobs (10 minutes to read)
Question 63
Question
Your company plans to move several servers to Azure.
The company’s compliance policy states that a server named FinServer must be on a separate
network segment.
You are evaluating which Azure services can be used to meet the compliance policy
requirements.
Which Azure solution should you recommend?
A. a resource group for FinServer and another resource group for all the other servers
B. a virtual network for FinServer and another virtual network for all the other servers
C. a VPN for FinServer and a virtual network gateway for each other server
D. one resource group for all the servers and a resource lock for FinServer
Answer
B.
Explanation
Networks in Azure are known as virtual networks. A virtual network can have multiple IP
address spaces and multiple subnets. Azure automatically routes traffic between different subnets
within a virtual network. The question states that FinServer must be on a separate network
segment. The only way to separate FinServer from the other servers in networking terms is to
place the server in a different virtual network to the other servers.
Reference
● Plan virtual networks (10 minutes to read)
Question 64
Question
You plan to map a network drive from several computers that run Windows 10 to Azure Storage.
You need to create a storage solution in Azure for the planned mapped drive.
A. an Azure SQL database
B. a virtual machine data disk
C. a Files service in a storage account
D. a Blobs service in a storage account
Answer
C.
Explanation
Azure Files is Microsoft’s easy-to-use cloud file system. Azure file shares can be seamlessly
used in Windows and Windows Server.
To use an Azure file share with Windows, you must either mount it, which means assigning it a
drive letter or mount point path, or access it via its UNC path.
Unlike other SMB shares you may have interacted with, such as those hosted on a Windows
Server, Linux Samba server, or NAS device, Azure file shares do not currently support Kerberos
authentication with your Active Directory (AD) or Azure Active Directory (AAD) identity,
although this is a feature we are working on. Instead, you must access your Azure file share with
the storage account key for the storage account containing your Azure file share. A storage
account key is an administrator key for a storage account, including administrator permissions to
all files and folders within the file share you’re accessing, and for all file shares and other storage
resources (blobs, queues, tables, etc) contained within your storage account.
Reference
● Mount SMB Azure file share on Windows (6 minutes to read)
Question 65
Question
You plan to implement an Azure database solution.
You need to implement a database solution that meets the following requirements:
● Can add data concurrently from multiple regions

● Can store JSON documents
Which database service should you deploy?
Answer
Explanation
Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service. With a
click of a button, Cosmos DB enables you to elastically and independently scale throughput and
storage across any number of Azure regions worldwide.
Azure Cosmos DB is a great way to store unstructured and JSON data. Combined with Azure
Functions, Cosmos DB makes storing data quick and easy with much less code than required for
storing data in a relational database.
Reference
● Welcome to Azure Cosmos DB (4 minutes to read)
● Store unstructured data using Azure Functions and Azure Cosmos DB (6 minutes to read)
Question 66
Question
Your company plans to migrate all its network resources to Azure.
You need to start the planning process by exploring Azure.
What should you create first?
A. a subscription
B. a resource group
C. a virtual network
D. a management group
Answer
A.
Explanation
The first thing you create in Azure is a subscription. You can think of an Azure subscription as
an ‘Azure account’. You get billed per subscription.
A subscription is an agreement with Microsoft to use one or more Microsoft cloud platforms or
services, for which charges accrue based on either a per-user license fee or on cloud-based
resource consumption.
Microsoft’s Software as a Service (SaaS)-based cloud offerings (Office 365, Intune/EMS, and
Dynamics 365) charge per-user license fees.
Microsoft’s Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) cloud offerings
(Azure) charge based on cloud resource consumption.
You can also use a trial subscription, but the subscription expires after a specific amount of time
or consumption charges. You can convert a trial subscription to a paid subscription.
Organizations can have multiple subscriptions for Microsoft’s cloud offerings.
Reference
● Subscriptions, licenses, accounts, and tenants for Microsoft’s cloud offerings (6 minutes
to read)
Question 67
Instruction
Question
1. All the Azure resources deployed to a resource group must use the same Azure region.
2. If you assign a tag to a resource group, all the Azure resources in that resource group
are assigned to the same tag.
3. If you assign permissions for a user to manage a resource group, the user can manage
all the Azure resources in that resource group.
Answer
1. No.
2. No.
3. Yes.
Explanation
<box 1>: No
Azure resources deployed to a single resource group can be located in different regions. The
resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may
be wondering, “Why does a resource group need a location? And, if the resources can have
different locations than the resource group, why does the resource group location matter at all?”
The resource group stores metadata about the resources. When you specify a location for the
resource group, you’re specifying where that metadata is stored. For compliance reasons, you
may need to ensure that your data is stored in a particular region.
<box 2>: No
Tags for resources are not inherited by default from their resource group.
<box 3>: Yes
A resource group can be used to scope access control for administrative actions. By default,
permissions set at the resource level are inherited by the resources in the resource group.
Reference
Question 68
Instruction
Question
Data that is stored in the Archive access tier of an Azure Storage account <box 1>
● can be accessed at any time by using azcopy.exe.

● can only be read by using Azure Backup.
● must be restored before the data can be accessed.
● must be rehydrated before the data can be accessed.
Answer
must be rehydrated before the data can be accessed.
Explanation
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs
compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or
modified. To read or download a blob in archive, you must first rehydrate it to an online tier.
Example usage scenarios for the archive access tier include:
● Long-term backup, secondary backup, and archival datasets.

● Original (raw) data that must be preserved, even after it has been processed into
final usable form.
● Compliance and archival data that needs to be stored for a long time and is hardly
ever accessed.
Reference
● Hot, cool, and archive access tiers for blob data (12 minutes to read)
Question 69
Question
You plan to deploy a critical line-of-business application to Azure.
The application will run on an Azure virtual machine.
You need to recommend a deployment solution for the application. The solution must provide a
guaranteed availability of 99.99 percent.
What is the minimum number of virtual machines and the minimum number of availability zones
you should recommend for the deployment?
Minimum number of virtual machines: <box 1>
● 1
● 2
● 3
Minimum number of availability zones: <box 2>
● 1
● 2
● 3
Answer
Minimum number of virtual machines: 2
Minimum number of availability zones: 2
Explanation
You need a minimum of two virtual machines with each one located in a different availability
zone.
Availability Zones is a high-availability offering that protects your applications and data from
datacenter failures. Availability zones are unique physical locations within an Azure region.
Each zone is made up of one or more datacenters equipped with independent power, cooling,
and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled
regions. The physical separation of Availability Zones within a region protects applications and
data from datacenter failures. Zone-redundant services replicate your applications and data
across Availability Zones to protect from single-points-of-failure. With Availability Zones,
Azure offers industry best 99.99% VM uptime SLA.
Reference
● Regions and Availability Zones in Azure (9 minutes to read)
Question 70
Question
Which Azure service should you use to collect events from multiple resources into a centralized
repository?
A. Azure Event Hubs
B. Azure Analysis Services
C. Azure Monitor
D. Azure Stream Analytics
Answer
A.
Explanation
Azure Event Hubs is a big data streaming platform and event ingestion service. It can receive
and process millions of events per second. Data sent to an event hub can be transformed and
stored by using any real-time analytics provider or batching/storage adapters.
Azure Event Hubs can be used to ingest, buffer, store, and process your stream in real time to get
actionable insights. Event Hubs uses a partitioned consumer model, enabling multiple
applications to process the stream concurrently and letting you control the speed of processing.
Azure Event Hubs can be used to capture your data in near-real time in an Azure Blob storage or
Azure Data Lake Storage for long-term retention or micro-batch processing.
Reference
● Azure Event Hubs — A big data streaming platform and event ingestion service (5
minutes to read)
Question 71
Instruction
Question
An Availability Zone in Azure has physically separate locations <box 1>
● across two continents.

● within a single Azure region.
● within multiple Azure regions.
● within a single Azure datacenter.
Answer
within a single Azure region.
Explanation
datacenter failures. Availability Zones are unique physical locations within an Azure region.
Reference
Question 72
Instruction
Question
1. Data that is stored in an Azure Storage account automatically has at least three copies.
2. All data that is copied to an Azure Storage account is backed up automatically to
another Azure data center.
3. An Azure Storage account can contain up to 2 TB of data and up to one million files.
Answer
1. Yes.
2. No.
3. No.
Explanation
<box 1>: Yes
There are different replication options available with a storage account. The ‘minimum’
replication option is Locally Redundant Storage (LRS). With LRS, data is replicated
synchronously three times within the primary region.
<box 2>: No
Data is not backed up automatically to another Azure Data Center although it can be depending
on the replication option configured for the account. Locally Redundant Storage (LRS) is the
default which maintains three copies of the data in the data center.
<box 3>: No
The limits are much higher than that. The current storage limit is 2 PB for US and Europe, and
500 TB for all other regions (including the UK) with no limit on the number of files.
Reference
● Storage account overview (6 minutes to read)
Question 73
Instruction
Question
1. If you have Azure resources deployed to every region, you can implement availability
zones in all the regions.
2. Only virtual machines that run Windows Server can be created in availability zones.
3. Availability zones are used to replicate data and applications to multiple regions.
Answer
1. No.
2. No.
3. No.
Explanation
<box 1>: No
Not all Azure regions support availability zones.
<box 1>: No
Regions that support availability zones support Linux virtual machines.
<box 3>: Yes
datacenter failures. Availability Zones are unique physical locations within an Azure region.
Each zone is made up of one or more datacenters equipped with independent power, cooling,
and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled
regions. The physical separation of Availability Zones within a region protects applications and
data from datacenter failures. Zone-redundant services replicate your applications and data
across Availability Zones to protect from single-points-of-failure. With Availability Zones,
Azure offers industry best 99.99% VM uptime SLA.
Reference
Question 74
Instruction
Question
1. North America is represented by a single Azure region.
2. Every Azure region has multiple datacenters.
3. Data transfers between Azure services located in different Azure regions are always free.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
North America has several Azure regions, including West US, Central US, South Central US,
East Us, and Canada East.
<box 2>: Yes
A region is a set of datacenters deployed within a latency-defined perimeter and connected

through a dedicated regional low-latency network.
<box 3>: No
Outbound data transfer is charged at the normal rate and inbound data transfer is free.
Reference
● Azure geographies
● Bandwidth pricing
Question 75
Question
center fails.
Solution: You deploy the virtual machines to two or more scale sets.
A. Yes
B. No
Answer
B.
Explanation
This answer does not specify that the scale set will be configured across multiple data centers so
this solution does not meet the goal.
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The
number of VM instances can automatically increase or decrease in response to demand or a
defined schedule. Scale sets provide high availability to your applications, and allow you to
centrally manage, configure, and update many VMs.
Virtual machines in a scale set can be deployed across multiple update domains and fault
domains to maximize availability and resilience to outages due to data center outages, and
planned or unplanned maintenance events.
Question 76
Question
You need to be notified when Microsoft plans to perform maintenance that can affect the
resources deployed to an Azure subscription.
What should you use?
A. Azure Monitor
B. Azure Service Health

C. Azure Advisor
D. Microsoft Trust Center
Answer
B.
Explanation
Azure Service Health provides a personalized view of the health of the Azure services and
regions you’re using. This is the best place to look for service impacting communications about
outages, planned maintenance activities, and other health advisories because the authenticated
Service Health experience knows which services and resources you currently use.
Reference
● What is Azure Service Health? (2 minutes to read)
Question 77
Instruction
Match the Azure Services service to the correct description. Each service may be used once,
more than once, or not at all.
Question
Azure Services:
● Azure Sphere
● IoT Central
● IoT Hub
Descriptions:
1. A managed service that provides bidirectional communication between IoT devices

and Azure
2. A fully managed software as a service (SaaS) solution to connect, monitor, and
manage IoT devices at scale
3. A software and hardware solution that provides communication and security features
for IoT devices
Answer
1. IoT Hub: A managed service that provides bidirectional communication between
IoT devices and Azure
2. IoT Central: A fully managed software as a service (SaaS) solution to connect, monitor,
and manage IoT devices at scale
3. Azure Sphere: A software and hardware solution that provides communication and
security features for IoT devices
Reference
● What is Azure Sphere? (12 minutes to read)
● What is Azure IoT Central? (6 minutes to read)
● What is Azure IoT Hub (4 minutes to read)
Question 78
Instruction
Question
1. A Windows Virtual Desktop session host can run Windows 10 only.
2. A Windows Virtual Desktop host pool that includes 20 session hosts supports a
maximum of 20 simultaneous user connections.
3. Windows Virtual Desktop supports desktop and app virtualization.
Answer
1. No.
2. No.
3. Yes.
Reference
● What is Azure Virtual Desktop? (6 minutes to read)
Question 79
Instruction
Question
<box 1> can calculate cost savings due to reduced electricity consumption as a result
of migrating on-premises Microsoft SQL servers to Azure.
● The Azure Migrate: Server Assessment tool

● The Azure Total Cost of Ownership (TCO) calculator
● The Database Migration Assistant
● The pricing calculator in Azure
Answer
The Azure Total Cost of Ownership (TCO) calculator can calculate cost savings due to
reduced electricity consumption as a result of migrating on-premises Microsoft SQL servers to
Azure.
Reference
● The Azure Total Cost of Ownership (TCO) calculator
Question 80
Instruction
Question
1. You can use Availability Zones in Azure to protect Azure virtual machines from a
datacenter failure.
2. You can use Availability Zones in Azure to protect Azure virtual machines from a
region failure.
3. You can use Availability Zones in Azure to protect Azure managed disks from a
datacenter failure.
Answer
1. Yes.
2. No.
3. Yes.
Explanation
applications and data on your VMs. Availability Zones are unique physical locations within an
Azure region. Each zone is made up of one or more datacenters equipped with independent
power, cooling, and networking. To ensure resiliency, there are a minimum of three separate
zones in all enabled regions. The physical separation of Availability Zones within a region
protects applications and data from datacenter failures.
With Availability Zones, Azure offers industry best 99.99% VM uptime SLA. By architecting
your solutions to use replicated VMs in zones, you can protect your applications and data from
the loss of a datacenter. If one zone is compromised, then replicated apps and data are instantly
available in another zone.
Reference
● Availability options for Azure Virtual Machines (3 minutes to read)
Question 81
Instruction
Question
1. An Azure subscription can have multiple account administrators.
2. An Azure subscription can be managed by using a Microsoft account only.
3. An Azure resource group can contain multiple Azure subscriptions.
Answer
1. No.
2. Yes.
3. No.
Question 82
Instruction
Question
An Azure region contains one or more data centers that are connected by using a low-
latency network.
B. Is found in each country where Microsoft has a subsidiary office
C. Can be found in every country in Europe and the Americas only
D. Contains one or more data centers that are connected by using a high-latency network
Answer
A.
Explanation
A region is a set of data centres deployed within a latency-defined perimeter and connected
through a dedicated regional low-latency network.
Microsoft Azure currently has 55 regions worldwide.
Regions are divided into Availability Zones. Availability Zones are physically separate locations
within an Azure region. Each Availability Zone is made up of one or more datacenters equipped
with independent power, cooling, and networking.
Reference
● Azure geographies
Question 83
Instruction
Question
1. To user Azure Active Directory (Azure AD) credentials to sign in to a computer that
runs Windows 10, the computer must be joined to Azure AD.
2. Users in Azure Active Directory (Azure AD) are organized by using resource groups.
3. Azure Active Directory (Azure AD) groups support dynamic membership rules.
Answer
1. Yes.
2. No.
3. Yes.
Reference
● Dynamic membership rules for groups in Azure Active Directory (14 minutes to read)
● Understanding Hybrid Azure Active Directory Join
Question 84
Question
You need to ensure that the services running on the virtual machines remain available if a single
data center fails.
What are two possible solutions? Each correct answer presents a complete solution.
A. Deploy the virtual machines to two or more availability zones.
B. Deploy the virtual machines to two or more resource groups.
C. Deploy the virtual machines to a scale set.
D. Deploy the virtual machines to two or more regions.
Answer
A, D.
Reference
● Regions for virtual machines in Azure (4 minutes to read)
Question 85
Question
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create
a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine
named VM1.
az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-

sshkeys
You need to create VM1 in Subscription1 by using the command.
Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command
in Cloud Shell.
A. Yes
B. No
Answer
A.
Section: Describe core solutions and management tools on Azure
Explanation
The command can be run in the Azure Cloud Shell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and
configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can
also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.
Reference
● Quickstart: Create a Linux virtual machine with the Azure CLI (3 minutes to read)
Question 86
Question
Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business
units require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
A. Azure Resource Manager templates
B. virtual machine scale sets
C. the Azure API Management service
D. management groups
Answer
A.
Explanation
You can use Azure Resource Manager templates to automate the creation of the Azure resources.
Deploying resource through templates is known as ‘Infrastructure as code’.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager
templates. The template is a JavaScript Object Notation (JSON) file that defines the
infrastructure and configuration for your project. The template uses declarative syntax, which
lets you state what you intend to deploy without having to write the sequence of programming
commands to create it. In the template, you specify the resources to deploy and the properties for
those resources.
Reference
● What are ARM templates? (7 minutes to read)
Question 87
Instruction
Match the Azure service to the correct definition. Each service may be used once, more than
once, or not at all.
Question
Azure Services:
● Azure Databricks
● Azure Functions
● Azure App Service
● Azure Application Insights
Definitions:
1. Provides the platform for serverless code

2. A big data analysis service for machine learning
3. Detects and diagnoses anomalies in web apps
4. Hosts web apps
Answer
1. Azure Functions: Provides the platform for serverless code
2. Azure Databricks: A big data analysis service for machine learning
3. Azure Application Insights: Detects and diagnoses anomalies in web apps
4. Azure App Service: Hosts web apps
Explanation
<box 1>: Azure Functions
Azure Functions provides the platform for serverless code.
Azure Functions is a serverless compute service that lets you run event-triggered code without
having to explicitly provision or manage infrastructure.
<box 2>: Azure Databricks
Azure Databricks is a big analysis service for machine learning.
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several
components including ‘MLib’. Mlib is a Machine Learning library consisting of common
learning algorithms and utilities, including classification, regression, clustering, collaborative
filtering, dimensionality reduction, as well as underlying optimization primitives.
<box 3>: Azure Application Insights
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance

Management (APM) service for developers and DevOps professionals. Use it to monitor your
live applications. It will automatically detect performance anomalies, and includes powerful
analytics tools to help you diagnose issues and to understand what users actually do with your
app.
<box 4>: Azure App Service
Azure App Service hosts web apps.
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and
mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java,
Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and
Linux-based environments.
Reference
● Azure Functions documentation
● What is Azure Databricks? (2 minutes to read)
● What is Application Insights? (5 minutes to read)
● App Service overview (5 minutes to read)
Question 88
Question
A team of developers at your company plans to deploy, and then remove, 50 customized virtual
machines each week. Thirty of the virtual machines run Windows Server 2016 and 20 of the
virtual machines run Ubuntu Linux.
You need to recommend which Azure service will minimize the administrative effort required to
deploy and remove the virtual machines.
A. Azure Reserved Virtual Machines (VM) Instances
B. Azure virtual machine scale sets
C. Azure DevTest Labs
D. Microsoft Managed Desktop
Answer
C.
Explanation
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager
templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the
following tasks:
● Quickly provision Windows and Linux environments by using reusable templates and
artifacts.
● Easily integrate your deployment pipeline with DevTest Labs to provision on-demand
environments.
● Scale up your load testing by provisioning multiple test agents and create pre-provisioned
environments for training and demos.
Reference
● About Azure DevTest Labs (3 minutes to read)
Question 89
Question
A support engineer plans to perform several Azure management tasks by using the Azure CLI.
You install the CLI on a computer.
You need to tell the support engineer which tools to use to run the CLI.
Which two tools should you instruct the support engineer to use?
A. Command Prompt
B. Azure Resource Explorer
C. Windows PowerShell
D. Windows Defender Firewall
E. Network and Sharing Center
Answer
A, C.
Explanation
For Windows the Azure CLI is installed via an MSI, which gives you access to the CLI through
the Windows Command Prompt (CMD) or PowerShell.
Reference
● Install Azure CLI on Windows (4 minutes to read)
Question 90
Question
You have an Azure environment. You need to create a new Azure virtual machine from a tablet
that runs the Android operating system.
Solution: You use PowerShell in Azure Cloud Shell.
A. Yes
B. No
Answer
A.
Explanation
Azure Cloud Shell is a browser-based shell experience to manage and develop Azure resources.
Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure
resources without the overhead of installing, versioning, and maintaining a machine yourself.
Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the
Android operating system.
Reference
● Features & tools for Azure Cloud Shell (2 minutes to read)
Question 91
Question
Solution: You use the PowerApps portal.
A. Yes
B. No
Answer
B.
Explanation
PowerApps lets you quickly build business applications with little or no code. It is not used to
create Azure virtual machines. Therefore, this solution does not meet the goal.
PowerApps Portals allow organizations to create websites which can be shared with users
external to their organization either anonymously or through the login provider of their choice
like LinkedIn, Microsoft Account, other commercial login providers.
Reference
● Introducing PowerApps Portals: powerful low-code websites for external users
Question 92
Question
Solution: You use the Azure portal.

A. Yes
B. No
Answer
A.
Explanation
The Azure portal is a web-based, unified console that provides an alternative to command-line
tools. With the Azure portal, you can manage your Azure subscription using a graphical user
interface. You can build, manage, and monitor everything from simple web apps to complex
cloud deployments. Create custom dashboards for an organized view of resources. Configure
accessibility options for an optimal experience.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android
operating system.
Reference
● Azure portal overview (5 minutes to read)
Question 93
Instruction
Question
<box 1> is an Apache Spark-based analytics service.
● Azure Databricks
● Azure Data Factory
● Azure DevOps
● Azure HDInsight
Answer
Azure Databricks
Explanation
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several
components including ‘MLib’. Mlib is a Machine Learning library consisting of common
learning algorithms and utilities, including classification, regression, clustering, collaborative
filtering, dimensionality reduction, as well as underlying optimization primitives.
Reference
● What is Azure Databricks? (2 minutes to read)
Question 94
Instruction
Question
1. Azure Monitor can monitor the performance of on-premises computers.
2. Azure Monitor can send alerts to Azure Active Directory security groups.
3. Azure Monitor can trigger alerts based on data in an Azure Log Analytics workspace.
Answer
1. Yes.
2. Yes.
3. Yes.
Explanation
<box 1>: Yes
Azure Monitor maximizes the availability and performance of your applications and services by
delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your
cloud and on-premises environments.
<box 2>: Yes
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to
take corrective action.
<box 3>: Yes
Azure Monitor uses Target Resource, which is the scope and signals available for alerting. A
target can be any Azure resource. Example targets: a virtual machine, a storage account, a virtual
machine scale set, a Log Analytics workspace, or an Application Insights resource.
Reference
● Azure Monitor overview (8 minutes to read)
● Overview of alerts in Microsoft Azure (9 minutes to read)
Question 95
Question
Which Azure service provides a set of version control tools to manage code?
A. Azure Repos
B. Azure DevTest Labs
C. Azure Storage
D. Azure Cosmos DB
Answer
A.
Explanation
Azure Repos is a set of version control tools that you can use to manage your code.
Incorrect Answers:
B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource
Manager templates. These have all the necessary tools and software that you can use to create
environments.
D: Azure Cosmos DB is Microsoft’s globally distributed, multi-model database service.
Question 96
Question
You need to manage Azure by using Azure Cloud Shell.
Which Azure portal icon should you select?
Answer
Explanation
You can access Azure Cloud Shell in the Azure portal by clicking the icon.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure
resources. It provides the flexibility of choosing the shell experience that best suits the way you
work, either Bash or PowerShell.
Cloud Shell enables access to a browser-based command-line experience built with Azure
management tasks in mind.
Reference
● Overview of Azure Cloud Shell (3 minutes to read)
Question 97
Question
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US
Azure region.
Which Azure service should you use from the Azure portal to view service failure notifications
that can affect the availability of VM1?
A. Azure Service Fabric
B. Azure Monitor
C. Azure virtual machines
D. Azure Advisor
Answer
C.
Explanation
In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status.
This column will display service issues that could affect your virtual machine. A service failure
is rare but host server maintenance that could affect your virtual machines is more common.
Azure periodically updates its platform to improve the reliability, performance, and security of
the host infrastructure for virtual machines. The purpose of these updates ranges from patching
software components in the hosting environment to upgrading networking components or

decommissioning hardware.
Reference
● Maintenance for virtual machines in Azure (6 minutes to read)
Question 98
Question
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Linux and has the Azure CLI tools installed.
A. Yes
B. No
Answer
B.
Explanation
A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script
needs to be run in PowerShell.
PowerShell can now be installed on Linux. However, the question states that the computer has
Azure CLI tools, not PowerShell installed. Therefore, this solution does not meet the goal.
Reference
● How to Write and Run Scripts in the Windows PowerShell ISE (5 minutes to read)
Question 99
Question
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
A. Yes
B. No
Answer
A.
Explanation
With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You
log in to the Azure Portal and select the Azure Cloud Shell option. This will open a PowerShell
session in the Web browser. The Azure Cloud Shell has the necessary Azure PowerShell module
installed.
Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory
where the PowerShell script is stored.
Reference
● Quickstart for PowerShell in Azure Cloud Shell (4 minutes to read)
Question 100
Instruction
Question
1. From Azure Service Health, an administrator can view the health of all the services in
an Azure environment.
2. From Azure Service Health, an administrator can create a rule to be alerted if an
Azure service fails.
3. From Azure Service Health, an administrator can prevent a service failure.
Answer
1. Yes.
2. Yes.
3. No.
Explanation
<box 1>: Yes
Azure Service Health consists of three components: Azure Status, Azure Service Heath
and Azure Resource Health.
Azure service health provides a personalized view of the health of the Azure services and regions
you’re using. This is the best place to look for service impacting communications about outages,
planned maintenance activities, and other health advisories because the authenticated Azure
Service Health experience knows which services and resources you currently use.
To view the health of all other services available in Azure, you would use the Azure Status
component of Azure Service Health. Azure status informs you of service outages in Azure on the
Azure Status page. The page is a global view of the health of all Azure services across all Azure
regions.
<box 2>: Yes
The best way to use Service Health is to set up Service Health alerts to notify you via your
preferred communication channels when service issues, planned maintenance, or other changes
may affect the Azure services and regions you use.
<box 3>: No
You can use Resource Health to view the health of a virtual machine. However, you cannot use
Resource Health to prevent a service failure affecting the virtual machine.
Azure resource health provides information about the health of your individual cloud resources
such as a specific virtual machine instance.
Reference
● What is Azure Service Health? (2 minutes to read)
Question 101
Question
Solution: Run the script from a computer that runs macOS and has PowerShell Core 6.0
installed.
A. Yes
B. No
Answer
A.
Explanation
In this question, the computer has PowerShell Core 6.0 installed. Therefore, this solution does
meet the goal.
Note: To create Azure resources using PowerShell, you would need to import the Azure
PowerShell module which includes the PowerShell cmdlets required to create the resources.
Reference
Question 102
Question
You need to view a list of planned maintenance events that can affect the availability of an Azure
subscription.
Which blade should you use from the Azure portal?

Answer
Explanation
On the Help and Support blade, there is a Service Health option. If you click Service Health, a
new blade opens. The Service Health blade contains the Planned Maintenance link which opens
a blade where you can view a list of planned maintenance events that can affect the availability
of an Azure subscription.
Question 103
Instruction
Match the Azure service to the correct definition. Each service may be used once, more than
Question
Azure Services:
● Azure Advisor
● Azure Cognitive Services
● Azure Application Insights
● Azure DevOps
Definitions:
1. An integrated solution for the deployment of code

2. A tool that provides guidance and recommendations to improve an Azure environment
3. A simplified tool to build intelligent Artificial Intelligence (AI) applications
4. Monitors web applications
Answer
1. Azure DevOps: An integrated solution for the deployment of code
2. Azure Advisor: A tool that provides guidance and recommendations to improve an
Azure environment
3. Azure Cognitive Services: A simplified tool to build intelligent Artificial Intelligence
(AI) applications
4. Azure Application Insights: Monitors web applications

Explanation
<box 1>: Azure DevOps
Azure DevOps is Microsoft’s primary software development and deployment platform.
DevOps influences the application lifecycle throughout its plan, develop, deliver and operate
phases.
<box 2>: Azure Advisor
Advisor is a personalized cloud consultant that helps you follow best practices to optimize your
Azure deployments. It analyzes your resource configuration and usage telemetry and then
recommends solutions that can help you improve the cost effectiveness, performance, high
availability, and security of your Azure resources.
<box 3>: Azure Cognitive Services
Azure Cognitive Services are APIs, SDKs, and services available to help developers build
intelligent applications without having direct AI or data science skills or knowledge. Azure
Cognitive Services enable developers to easily add cognitive features into their applications. The
goal of Azure Cognitive Services is to help developers create applications that can see, hear,
speak, understand, and even begin to reason. The catalog of services within Azure Cognitive
Services can be categorized into five main pillars — Vision, Speech, Language, Web Search, and
Decision.
<box 4>: Azure Application Insights
Azure Application Insights detects and diagnoses anomalies in web apps.
Application Insights, a feature of Azure Monitor, is an extensible Application Performance

Management (APM) service for developers and DevOps professionals. Use it to monitor your
live applications. It will automatically detect performance anomalies, and includes powerful
analytics tools to help you diagnose issues and to understand what users actually do with your
app.
Reference
● What is Application Insights? (5 minutes to read)
● What is DevOps?
● Introduction to Azure Advisor (3 minutes to read)
● What are Azure Cognitive Services? (5 minutes to read)
Question 104
Instruction
Match the Azure service to the correct description. Each service may be used once, more than
Question
Azure Services:
● Azure HDInsight
● Azure Data Lake Analytics
● Azure SQL Synapse Analytics
● Azure SQL Database
Descriptions:
1. A managed relational cloud database service.

2. A cloud-based service that leverages massively parallel processing (MPP) to quickly run
complex queries across petabytes of data in a relational database.
3. Can run massively parallel data transformation and processing programs across petabytes
of data.
4. An open-source framework for the distributed processing and analysis of big data sets
in clusters.
Answer
1. Azure SQL Database: A managed relational cloud database service.
2. Azure SQL Synapse Analytics: A cloud-based service that leverages massively
parallel processing (MPP) to quickly run complex queries across petabytes of data in
a relational database.
3. Azure Data Lake Analytics: Can run massively parallel data transformation
and processing programs across petabytes of data.
4. Azure HDInsight: An open-source framework for the distributed processing and
analysis of big data sets in clusters.
Explanation
<box 1>: Azure SQL Database
SQL Server is a relational database service. Azure SQL Database is a managed SQL Server
Database in Azure. The SQL Server is managed by Microsoft; you just have access to the
database.
<box 2>: Azure SQL Synapse Analytics
Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-
a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel
processing) relational database technology in the same class of competitors as Amazon Redshift
or Snowflake. Azure SQL Synapse Analytics is an important component of the Modern Data
Warehouse multi-platform architecture. Because Azure SQL Synapse Analytics is an MPP
system with a shared-nothing architecture across distributions, it is meant for large-scale
analytical workloads which can take advantage of parallelism.
<box 3>: Azure Data Lake Analytics
You can process big data jobs in seconds with Azure Data Lake Analytics. You can process
petabytes of data for diverse workload categories such as querying, ETL, analytics, machine
learning, machine translation, image processing and sentiment analysis by leveraging existing
libraries written in .NET languages, R or Python.
<box 4>: Azure HDInsight
Apache Hadoop was the original open-source framework for distributed processing and analysis
of big data sets on clusters. The Hadoop ecosystem includes related software and utilities,
including Apache Hive, Apache HBase, Spark, Kafka, and many others.
Azure HDInsight is a fully managed, full-spectrum, open-source analytics service in the cloud
for enterprises. The Apache Hadoop cluster type in Azure HDInsight allows you to use HDFS,
YARN resource management, and a simple MapReduce programming model to process and
analyze batch data in parallel.
Reference
● Azure SQL Database
● What is dedicated SQL pool (formerly SQL DW) in Azure Synapse Analytics? (2
minutes to read)
● What is Apache Hadoop in Azure HDInsight? (2 minutes to read)
● IS AZURE SQL DATA WAREHOUSE A GOOD FIT? (UPDATED)
● Data Lake Analytics
Question 105
Instruction
Question
You need to identify which blades in the Azure portal must be used to perform the following
tasks:
● View security recommendations.

● Monitor the health of Azure services.
● Browse available virtual machine images.
Which blade should you identify for each task?
Monitor the health of Azure services: <box 1>
● Monitor
● Subscriptions
● Marketplace
● Advisor
Browse available virtual machine images: <box 2>
● Monitor
● Subscriptions
● Marketplace
● Advisor
View security recommendations: <box 3>
● Monitor
● Subscriptions
● Marketplace
● Advisor
Answer
Monitor the health of Azure services: Monitor
Browse available virtual machine images: Marketplace
View security recommendations: Advisor

Explanation
<box 1>: Monitor
Azure Monitor is used to monitor the health of Azure services.
Azure Monitor maximizes the availability and performance of your applications and services by
delivering a comprehensive solution for collecting, analyzing, and acting on telemetry from your
cloud and on-premises environments. It helps you understand how your applications are
performing and proactively identifies issues affecting them and the resources they depend on.
<box 2>: Marketplace
You can browse available virtual machine images in the Azure Marketplace.
Azure Marketplace provides access and information on solutions and services available from
Microsoft and their partners. Customers can discover, try, or buy cloud software solutions built
on or for Azure. The catalog of 8,000+ listings provides Azure building blocks, such as Virtual
Machines (VMs), APIs, Azure apps, Solution Templates and managed applications, SaaS apps,
containers, and consulting services.
<box 3>: Advisor
Azure Advisor displays security recommendations.
Azure Advisor provides you with a consistent, consolidated view of recommendations for all
your Azure resources. It integrates with Azure Security Center to bring you security
recommendations. You can get security recommendations from the Security tab on the Advisor
dashboard.
Security Center helps you prevent, detect, and respond to threats with increased visibility into
and control over the security of your Azure resources. It periodically analyzes the security state
of your Azure resources. When Security Center identifies potential security vulnerabilities, it
creates recommendations. The recommendations guide you through the process of configuring
the controls you need.
Reference
● Common questions about the Microsoft commercial marketplace
● Make resources more secure with Azure Advisor (2 minutes to read)
Question 106
Question
Solution: You use Bash in Azure Cloud Shell.
A. Yes
B. No
Answer
A.
Explanation
With Azure Cloud Shell, you can create virtual machines using Bash or PowerShell.
Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure
resources. It provides the flexibility of choosing the shell experience that best suits the way you
work, either Bash or PowerShell.
Reference
● Quickstart for Bash in Azure Cloud Shell (2 minutes to read)
Question 107
Question
You have an on-premises application that sends email notifications automatically based on a
rule.
You plan to migrate the application to Azure.
You need to recommend a serverless computing solution for the application.

A. a web app
B. a server image in Azure Marketplace
C. a logic app
D. an API app
Answer
C.
Explanation
Azure Logic Apps is a cloud service that helps you schedule, automate, and orchestrate tasks,
business processes, and workflows when you need to integrate apps, data, systems, and services
across enterprises or organizations. Logic Apps simplifies how you design and build scalable
solutions for app integration, data integration, system integration, enterprise application
integration (EAI), and business-to-business (B2B) communication, whether in the cloud, on
premises, or both.
For example, here are just a few workloads you can automate with logic apps:
● Process and route orders across on-premises systems and cloud services.
● Send email notifications with Office 365 when events happen in various systems, apps,
and services.
● Move uploaded files from an SFTP or FTP server to Azure Storage.
● Monitor tweets for a specific subject, analyze the sentiment, and create alerts or tasks for
items that need review.
Reference
● What is Azure Logic Apps? (14 minutes to read)
Question 108
Question
You plan to deploy a website to Azure. The website will be accessed by users worldwide and
will host large video files.
You need to recommend which Azure feature must be used to provide the best video playback
experience.
A. an application gateway
B. an Azure ExpressRoute circuit
C. a content delivery network (CDN)
D. an Azure Traffic Manager profile
Answer
C.
Explanation
The question states that users are located worldwide and will be downloading large video files.
The video playback experience would be improved if they can download the video from
servers in the same region as the users. We can achieve this by using a content deliver network.
A content delivery network (CDN) is a distributed network of servers that can efficiently deliver
web content to users. CDNs store cached content on edge servers in point-of-presence (POP)
locations that are close to end users, to minimize latency.
Azure Content Delivery Network (CDN) offers developers a global solution for rapidly
delivering high-bandwidth content to users by caching their content at strategically placed
physical nodes across the world.
Azure CDN can also accelerate dynamic content, which cannot be cached, by leveraging various
network optimizations using CDN POPs. For example, route optimization to bypass Border
Gateway Protocol (BGP).
The benefits of using Azure CDN to deliver web site assets include:
● Better performance and improved user experience for end users, especially when using
applications in which multiple round-trips are required to load content.
● Large scaling to better handle instantaneous high loads, such as the start of a
product launch event.
● Distribution of user requests and serving of content directly from edge servers so that less
traffic is sent to the origin server.
Reference
● What is a content delivery network on Azure? (3 minutes to read)
Question 109
Question
Your company plans to deploy several million sensors that will upload data to Azure.
You need to identify which Azure resources must be created to support the planned solution.
Which two Azure resources should you identify?
A. Azure Data Lake
B. Azure Queue storage
C. Azure File Storage
D. Azure IoT Hub
E. Azure Notification Hubs
Answer
A, D.
Explanation
IoT Hub (Internet of things Hub) provides data from millions of sensors.
IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-
directional communication between your IoT application and the devices it manages. You can
use Azure IoT Hub to build IoT solutions with reliable and secure communications between
millions of IoT devices and a cloud-hosted solution backend. You can connect virtually any
device to IoT Hub.
There are two storage services IoT Hub can route messages to — Azure Blob Storage and Azure
Data Lake Storage Gen2 (ADLS Gen2) accounts. Azure Data Lake Storage accounts are
hierarchical namespace-enabled storage accounts built on top of blob storage. Both of these use
blobs for their storage.
Reference
● Use IoT Hub message routing to send device-to-cloud messages to different endpoints (9
minutes to read)
Question 110
Question
You have an Azure web app.
You need to manage the settings of the web app from an iPhone.
What are two Azure management tools that you can use?
A. Azure CLI
B. the Azure portal
C. Azure Cloud Shell
D. Windows PowerShell
E. Azure Storage Explorer
Answer
B, C.
Explanation
The Azure portal is the web-based portal for managing Azure. Being web-based, you can use the
Azure portal on an iPhone.
Azure Cloud Shell is a web-based command line for managing Azure. You access the Azure
Cloud Shell from the Azure portal. Being web-based, you can use the Azure Cloud Shell on an
iPhone.
Incorrect Answers:
A: Azure CLI can be installed on MacOS but it cannot be installed on an iPhone.
D: Windows PowerShell can be installed on MacOS but it cannot be installed on an iPhone.
E: Azure Storage Explorer is not used to manage Azure web apps.
Reference
● Managing Azure from an iPad
Question 111
Question
Your company plans to deploy an Artificial Intelligence (AI) solution in Azure.
What should the company use to build, test, and deploy predictive analytics solutions?
A. Azure Logic Apps
B. Azure Machine Learning Designer
C. Azure Batch
D. Azure Cosmos DB
Answer
B.
Explanation
Azure Machine Learning designer lets you visually connect datasets and modules on an
interactive canvas to create machine learning models.
Reference
● What is Azure Machine Learning designer? (4 minutes to read)
Question 112
Instruction
Question
1. Azure Advisor can generate a list of Azure virtual machines that are protected by
Azure Backup.
2. If you implement the security recommendations provided by Azure Advisor, your
company’s secure score will decrease.
3. To maintain Microsoft support, you must implement the security recommendations
provided by Azure Advisor within a period of 30 days.
Answer
1. No.
2. No.
3. No.
Explanation
<box 1>: No
Azure Advisor does not generate a list of virtual machines that ARE protected by Azure Backup.
Azure Advisor does however, generate a list of virtual that ARE NOT protected by Azure
Backup. You can view a list of virtual machines that are protected by Azure Backup by viewing
the Protected Items in the Azure Recovery Services Vault.
<box 2>: No
If you implement the security recommendations, you company’s score will increase, not
decrease.
<box 3>: No
There is no requirement to implement the security recommendations provided by Azure Advisor.

The recommendations are just that, ‘recommendations’. They are not ‘requirements’.
Reference
● Enhance protection of VMs with Azure Advisor backup recommendations
● Introduction to Azure Advisor (3 minutes to read)
● Get the most out of Azure Advisor
Question 113
Question
What can you use to automatically send an alert if an administrator stops an Azure virtual
machine?
A. Azure Advisor
B. Azure Service Health
C. Azure Monitor
D. Azure Network Watcher
Answer
C.
Reference
● Monitor virtual machines with Azure Monitor: Alerts (13 minutes to read)
Question 114
Instruction
Match the Azure services to the correct descriptions. Each service may be used once, more than
Question
Azure Services:
● Azure Machine Learning

● Azure Synapse Analytics
● Azure IoT Hub
● Azure Functions
Descriptions:
1. Provides a cloud-based Enterprise Data Warehouse (EDW).

2. Uses past trainings to provide predictions that have high probability.
3. Provides serverless computing functionalities.
4. Processes data from millions of sensors.
Answer
1. Azure Synapse Analytics: Provides a cloud-based Enterprise Data Warehouse (EDW).
2. Azure Machine Learning: Uses past trainings to provide predictions that have
high probability.
3. Azure Functions: Provides serverless computing functionalities.
4. Azure IoT Hub: Processes data from millions of sensors.
Explanation
<box 1>: Azure SQL Synapse Analytics
Azure SQL Synapse Analytics (previously called Data Warehouse) is a cloud-based Platform-as-
a-Service (PaaS) offering from Microsoft. It is a large-scale, distributed, MPP (massively parallel
processing) relational database technology in the same class of competitors as Amazon Redshift
or Snowflake. Azure SQL Synapse Analytics is an important component of the Modern Data
Warehouse multi-platform architecture. Because Azure SQL Synapse Analytics is an MPP
system with a shared-nothing architecture across distributions, it is meant for large-scale
analytical workloads which can take advantage of parallelism.
<box 2>: Azure Machine Learning
Azure Machine Learning uses past trainings to provide predictions that have high probability.
Machine learning is a data science technique that allows computers to use existing data to
forecast future behaviors, outcomes, and trends. By using machine learning, computers
learn without being explicitly programmed.
Forecasts or predictions from machine learning can make apps and devices smarter. For
example, when you shop online, machine learning helps recommend other products you might
want based on what you’ve bought.
Azure Functions provides serverless computing functionalities.
<box 4>: Azure IoT Hub
device to IoT Hub.
Reference
● Azure Synapse Analytics
● What is Azure Machine Learning? (6 minutes to read)
● Introduction to Azure Functions (2 minutes to read)
Question 115
Question
You have an Azure environment.
You need to create a new Azure virtual machine from a tablet that runs the Android operating
system.
What are three possible solutions? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Use Bash in Azure Cloud Shell.
B. Use PowerShell in Azure Cloud Shell.

C. Use the PowerApps portal.
D. Use the Security & Compliance admin center.
E. Use the Azure portal.
Answer
A, B, E.
Explanation
The Android tablet device will have a web browser (Chrome). That’s enough to connect to the
Azure portal. The Azure portal offers three ways to create a VM:
● Using the graphical portal.

● Using the Azure Cloud Shell using Bash.
● Using the Azure Cloud Shell using PowerShell.
Question 116
Question
A team of developers at your company plans to deploy, and then remove, 50 virtual machines
each week. All the virtual machines are configured by using Azure Resource Manager templates.
You need to recommend which Azure service will minimize the administrative effort required to
deploy and remove the virtual machines.
A. Azure Reserved Virtual Machine (VM) Instances
B. Azure DevTest Labs
C. Azure virtual machine scale sets
D. Microsoft Managed Desktop
Answer
B.
Explanation
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager
templates. By using DevTest Labs, you can test the latest versions of your applications by doing
the following tasks:
● Quickly provision Windows and Linux environments by using reusable templates and
artifacts.
● Easily integrate your deployment pipeline with DevTest Labs to provision on-demand
environments.
● Scale up your load testing by provisioning multiple test agents and create pre-provisioned
environments for training and demos.
Reference
● About Azure DevTest Labs (3 minutes to read)
Question 117
Instruction
Question
1. Azure Advisor provides recommendations on how to improve the security of an Azure
Active Directory (Azure AD) environment.
2. Azure Advisor provides recommendations on how to reduce the cost of running
Azure virtual machines.
3. Azure Advisor provides recommendations on how to configure the network settings on
Answer
1. No.
2. Yes.
3. No.

Explanation
<box 1>: No
Azure Advisor provides you with a consistent, consolidated view of recommendations for all
your Azure resources. It integrates with Azure Security Center to bring you security
recommendations. You can get security recommendations from the Security tab on the Advisor
dashboard. Examples of recommendations include restricting access to virtual machines by
configuring Network Security Groups, enabling storage encryption, installing vulnerability
assessment solutions.
However, Azure Advisor does not provide recommendations on how to improve the security of
an Azure AD environment.
<box 2>: Yes
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and
underutilized resources. You can get cost recommendations from the Cost tab on the Advisor
dashboard.
<box 3>: No
Azure Advisor does not provide recommendations on how to configure network settings on
Reference
● Make resources more secure with Azure Advisor (2 minutes to read)
● Reduce service costs by using Azure Advisor (7 minutes to read)
Question 118
Question
named VM1.

sshkeys

Solution: From the Azure portal, launch Azure Cloud Shell and select PowerShell. Run the
command in Cloud Shell.
A. Yes
B. No
Answer
A.
Explanation
The command can be run in the Azure Cloud Shell. Although this question says you select
PowerShell rather than Bash, the Az commands will work in PowerShell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and
configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can
also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com/bash.
Reference
● Quickstart: Create a Linux virtual machine with the Azure CLI (3 minutes to read)
Question 119
Question
named VM1.

ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From PowerShell, sign in
to Azure and then run the command.
A. Yes
B. No
Answer
B.
Explanation
The command can be run from PowerShell or the command prompt if you have the Azure CLI
installed. However, it must be run on the Windows 10 computer, not in Azure.
Reference
Question 120
Question
named VM1.

ssh-keys
Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt,
sign in to Azure and then run the command.
A. Yes
B. No
Answer
B.
Explanation
The command can be run from PowerShell or the command prompt if you have the Azure CLI
installed. However, it must be run on the Windows 10 computer, not in Azure.
Reference
Question 121
Instruction
Question
Several support engineers plan to manage Azure by using the computers shown in the following
table:
You need to identify which Azure management tools can be used from each computer.
What should you identify for each computer?
Computer1: <box 1>
● The Azure CLI and the Azure portal

● The Azure portal and Azure PowerShell
● The Azure CLI and Azure PowerShell
● The Azure CLI, the Azure portal, and Azure PowerShell
Computer2: <box 2>

Computer3: <box 3>

Answer
Computer1: The Azure CLI, the Azure portal, and Azure PowerShell
Explanation
Previously, the Azure CLI (or x-plat CLI) was the only option for managing Azure subscriptions
and resources from the command-line on Linux and macOS. Now with the open source and
cross-platform release of PowerShell, you’ll be able to manage all your Azure resources from
Windows, Linux and macOS using your tool of choice, either the Azure CLI or Azure
PowerShell cmdlets.
The Azure portal runs in a web browser so can be used in either operating system.
Reference
● PowerShell now Open Source AND Cross-Platform! Linux, macOS, Windows
Question 122
Instruction
Question
You can access Compliance Manager from the <box 1>
● Azure Active Directory admin center

● Azure portal
● Microsoft 365 admin center
● Microsoft Service Trust Portal
Answer
Azure portal
Question 123
Instruction
Question
<box 1> a common platform for deploying objects to a cloud infrastructure and
for implementing consistency across the Azure environment.

● Azure policies provide

● Resource groups provide
● Azure Resource Manager templates provide
● Management groups provide
Answer
Azure Resource Manager templates provide
Explanation
Azure Resource Manager templates provides a common platform for deploying objects to a
cloud infrastructure and for implementing consistency across the Azure environment.
Azure policies are used to define rules for what can be deployed and how it should be deployed.
Whilst this can help in ensuring consistency, Azure policies do not provide the common platform
for deploying objects to a cloud infrastructure.
Reference
Question 124
Instruction
Match the Azure service to the correct description. Each service may be used once, more than
Question
Azure Services:
● Azure Machine Learning

● Azure IoT Hub
● Azure Bot Services
● Azure Functions
Descriptions:
1. Provides a digital online assistant that provides speech support

2. Uses past trainings to provide predictions that have high probability

3. Provides serverless computing functionalities
4. Processes data from millions of sensors
Answer
1. Azure Bot Services: Provides a digital online assistant that provides speech support
2. Azure Machine Learning: Uses past trainings to provide predictions that have high
probability
3. Azure Functions: Provides serverless computing functionalities
4. Azure IoT Hub: Processes data from millions of sensors
Explanation
<box 1>: Azure Bot Services
Azure Bot Services provides a digital online assistant that provides speech support.
Bots provide an experience that feels less like using a computer and more like dealing with a
person — or at least an intelligent robot. They can be used to shift simple, repetitive tasks, such
as taking a dinner reservation or gathering profile information, on to automated systems that may
no longer require direct human intervention. Users converse with a bot using text, interactive
cards, and speech. A bot interaction can be a quick question and answer, or it can be a
sophisticated conversation that intelligently provides access to services.
<box 2>: Azure Machine Learning
Azure Machine Learning uses past trainings to provide predictions that have high probability.
Machine learning is a data science technique that allows computers to use existing data to
forecast future behaviors, outcomes, and trends. By using machine learning, computers
learn without being explicitly programmed.
Forecasts or predictions from machine learning can make apps and devices smarter. For
example, when you shop online, machine learning helps recommend other products you might
want based on what you’ve bought.
Azure Functions provides serverless computing functionalities.
<box 4>: Azure IoT Hub
device to IoT Hub.
Reference
● What is the Bot Framework SDK? (6 minutes to read)
● What is Azure Machine Learning? (6 minutes to read)
Question 125
Question
Solution: Run the script from a computer that runs Windows 10 and has the Azure PowerShell
module installed.
A. Yes
B. No
Answer
A.
Explanation
In this question, the computer has the Azure PowerShell module installed. Therefore, this
solution does meet the goal.
Reference
Question 126
Instruction
Match the Azure services to the correct description. Each service may be used once, more than
Question
Azure Services:
● Azure Functions
● Azure App Service
● Azure virtual machines
● Azure Container Instances
Descriptions:
1. Provide operating system virtualization

2. Provide portable environment for virtualized applications
3. Used to build, deploy, and scale web apps
4. Provide a platform for serverless code
Answer
1. Azure virtual machines: Provide operating system virtualization
2. Azure Container Instances: Provide portable environment for virtualized applications
3. Azure App Service: Used to build, deploy, and scale web apps
4. Azure Functions: Provide a platform for serverless code
Explanation
<box 1>: Azure virtual machines
Azure virtual machines provide operation system virtualization.
Azure Virtual Machines (VM) is one of several types of on-demand, scalable computing
resources that Azure offers. Typically, you choose a VM when you need more control over the
computing environment than the other choices offer.
<box 2>: Azure Container Instances
Azure Container Instances provide portable environments for virtualized applications.
Containers are becoming the preferred way to package, deploy, and manage cloud applications.
Azure Container Instances offers the fastest and simplest way to run a container in Azure,
without having to manage any virtual machines and without having to adopt a higher-level
service.
Containers offer significant startup benefits over virtual machines (VMs). Azure Container
Instances can start containers in Azure in seconds, without the need to provision and manage
VMs.
<box 3>: Azure App Service
Azure App Service is used to build, deploy and scale web apps.
Azure App Service is a platform-as-a-service (PaaS) offering that lets you create web and mobile
apps for any platform or device and connect to data anywhere, in the cloud or on-premises. App
Service includes the web and mobile capabilities that were previously delivered separately as
Azure Websites and Azure Mobile Services.
Azure Functions provide a platform for serverless code.
Reference
● Windows virtual machines in Azure (5 minutes to read)
● Best practices for securing PaaS web and mobile applications using Azure App Service
(2 minutes to read)
● What is Azure Container Instances? (3 minutes to read)
Question 127
Question
Which service provides serverless computing in Azure?
A. Azure Virtual Machines
B. Azure Functions
C. Azure storage account
D. Azure dedicated hosts
Answer
B.
Explanation
Azure Functions provide a platform for serverless code.
Reference
Question 128
Question
Which three computers can run the script?

A. a computer that runs macOS and has PowerShell Core 6.0 installed.
B. a computer that runs Windows 10 and has the Azure PowerShell module installed.
C. a computer that runs Linux and has the Azure PowerShell module installed.
D. a computer that runs Linux and has the Azure CLI tools installed.
E. a computer that runs Chrome OS and uses Azure Cloud Shell.
Answer
A, B, E.
Explanation
Reference
● Quickstart for PowerShell in Azure Cloud Shell (4 minutes to read)
Question 129
Instruction
Question
1. Azure Firewall will encrypt all the network traffic sent from Azure to the Internet.
2. A network security group (NSG) will encrypt all the network traffic sent from Azure
to the Internet.
3. Azure virtual machines that run Windows Server 2016 can encrypt network traffic sent to
the Internet.
Answer
1. No.
2. No.
3. No.
Section: Describe general security and network security features
Explanation
<box 1>: No
Azure firewall does not encrypt network traffic. It is used to block or allow traffic based on
source/destination IP address, source/destination ports and protocol.
<box 2>: No
A network security group does not encrypt network traffic. It works in a similar way to a firewall
in that it is used to block or allow traffic based on source/destination IP address,
source/destination ports and protocol.
<box 3>: No
The question is rather vague as it would depend on the configuration of the host on the Internet.
Windows Server does come with a VPN client and it also supports other encryption methods
such IPSec encryption or SSL/TLS so it could encrypt the traffic if the Internet host was
configured to require or accept the encryption. However, the VM could not encrypt the traffic to
an Internet host that is not configured to require the encryption.
Reference
● Azure data security and encryption best practices (9 minutes to read)
Question 130
Instruction
Question
1. Azure Security Center can monitor Azure resources and on-premises resources.
2. All Azure Security Center features are free.
3. From Azure Security Center, you can download a Regulatory Compliance report.
Answer
1. Yes.
2. No.
3. Yes.
Explanation
<box 1>: Yes
Azure Security Center is a unified infrastructure security management system that strengthens
the security posture of your data centers, and provides advanced threat protection across your
hybrid workloads in the cloud — whether they’re in Azure or not — as well as on premises.
<box 2>: No
Only two features: Continuous assessment and security recommendations, and Azure secure
score, are free.
<box 3>: Yes
The advanced monitoring capabilities in Security Center also let you track and manage
compliance and governance over time. The overall compliance provides you with a measure of
how much your subscriptions are compliant with policies associated with your workload.
Reference
● What is Azure Security Center? (8 minutes to read)
Question 131
Question
You need to configure an Azure solution that meets the following requirements:
● Secures websites from attacks

● Generates reports that contain details of attempted attacks
What should you include in the solution?
A. Azure Firewall
B. a network security group (NSG)
C. Azure Information Protection
D. DDoS protection
Answer
D.
Explanation
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the
application’s availability and its ability to handle legitimate requests. DDoS attacks can be
targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS
Protection Basic and DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic
service, including logging, alerting, and telemetry. DDoS Standard can generate reports that
contain details of attempted attacks as required in this question.
Reference
● Azure DDoS Protection — Designing resilient solutions (15 minutes to read)
Question 132
Instruction
Question
You plan to implement several security services for an Azure environment. You need to identify
which Azure services must be used to meet the following security requirements:
● Monitor threats by using sensors

● Enforce Azure Multi-Factor Authentication (MFA) based on a condition
Which Azure service should you identify for each requirement?
Monitor threats by using sensors: <box 1>
● Azure Monitor
● Azure Security Center
● Azure Active Directory (Azure AD) Identity Protection
● Azure Advanced Threat Protection (ATP)
Monitor threats by using sensors: <box 2>
● Azure Monitor
● Azure Advanced Threat Protection (ATP)
Answer
Monitor threats by using sensors: Azure Advanced Threat Protection (ATP)
Monitor threats by using sensors: Azure Active Directory (Azure AD) Identity
Protection
Explanation
<box 1>: Azure Advanced Threat Protection (ATP)
To monitor threats by using sensors, you would use Azure Advanced Threat Protection (ATP).
Azure Advanced Threat Protection (ATP) is a cloud-based security solution that leverages your
on-premises Active Directory signals to identify, detect, and investigate advanced threats,
compromised identities, and malicious insider actions directed at your organization.
Sensors are software packages you install on your servers to upload information to Azure ATP.
<box 2>: Azure Active Directory (Azure AD) Identity Protection

To enforce MFA based on a condition, you would use Azure Active Directory Identity
Protection.
Azure AD Identity Protection helps you manage the roll-out of Azure Multi-Factor
Authentication (MFA) registration by configuring a Conditional Access policy to require MFA
registration no matter what modern authentication app you are signing in to.
Reference
● What is Microsoft Defender for Identity? (4 minutes to read)
● How To: Configure the Azure AD Multi-Factor Authentication registration policy (2
minutes to read)
Question 133
Question
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over
HTTP.
What are two possible solutions?
A. Modify an Azure Traffic Manager profile
B. Modify a network security group (NSG)
C. Modify a DDoS protection plan
D. Modify an Azure firewall
Answer
B.
Explanation
A network security group works like a firewall. You can attach a network security group to a
virtual network and/or individual subnets within the virtual network. You can also attach a
network security group to a network interface assigned to a virtual machine. You can use
multiple network security groups within a virtual network to restrict traffic between resources
such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a
network security group. A network security group contains security rules that allow or deny
inbound network traffic to, or outbound network traffic from, several types of Azure resources.
In this question, we need to add a rule to the network security group to allow the connection to
the virtual machine on port 80 (HTTP).
Reference
● Network security groups (9 minutes to read)
Question 134
Instruction
Question
You can enable just in time (JIT) VM access by using <box 1>
● Azure Bastion
● Azure Firewall
● Azure Front Door
Answer
Azure Security Center
Explanation
The just-in-time (JIT) virtual machine (VM) access feature in Azure Security Center allows you
to lock down inbound traffic to your Azure Virtual Machines. This reduces exposure to attacks
while providing easy access when you need to connect to a VM.
Reference
● Secure your management ports with just-in-time access (10 minutes to read)
Question 135
Instruction
Question
1. You can associate a network security group (NSG) to a virtual network subnet.
2. You can associate a network security group (NSG) to a virtual network.
3. You can associate a network security group (NSG) to a network interface.
Answer
1. Yes.
2. No.
3. Yes.
Reference
● How network security groups filter network traffic (5 minutes to read)
Question 136
Question
You have an Azure environment that contains 10 virtual networks and 100 virtual machines.
You need to limit the amount of inbound traffic to all the Azure virtual networks.
A. one application security group (ASG)
B. 10 virtual network gateways

C. 10 Azure ExpressRoute circuits
D. one Azure firewall
Answer
D.
Explanation
You can restrict traffic to multiple virtual networks with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure
Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability
and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across
subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual
network resources allowing outside firewalls to identify traffic originating from your virtual
network.
Reference
● What is Azure Firewall? (9 minutes to read)
Question 137
Instruction
Question
Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user
accounts.
B. Azure Active Directory (Azure AD) administrative accounts

C. Personally Identifiable Information (PII)
D. server applications
Answer
D.
Explanation
Centralizing storage of application secrets in Azure Key Vault allows you to control their
distribution. Key Vault greatly reduces the chances that secrets may be accidentally leaked.
When using Key Vault, application developers no longer need to store security information in
their application. Not having to store security information in applications eliminates the need to
make this information part of the code. For example, an application may need to connect to a
database. Instead of storing the connection string in the app’s code, you can store it securely in
Key Vault.
Reference
● About Azure Key Vault (4 minutes to read)
● Manage secrets in your server apps with Azure Key Vault (46 minutes to read)
Question 138
Question
Your company plans to automate the deployment of servers to Azure.
Your manager is concerned that you may expose administrative credentials during the
deployment.
You need to recommend an Azure solution that encrypts the administrative credentials during the
deployment.
A. Azure Key Vault
B. Azure Information Protection

C. Azure Security Center
D. Azure Multi-Factor Authentication (MFA)
Answer
A.
Explanation
Azure Key Vault is a secure store for storage various types of sensitive information. In this
question, we would store the administrative credentials in the Key Vault. With this solution,
there is no need to store the administrative credentials as plain text in the deployment scripts.
All information stored in the Key Vault is encrypted.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords,
certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and
hardware security modules (HSMs). The HSMs used are Federal Information Processing
Standards (FIPS) 140–2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or
application) can get access. Authentication establishes the identity of the caller, while
authorization determines the operations that they are allowed to perform.
Reference
Question 139
Question
You need to control the ports that devices on the Internet can use to access the virtual machines.

A. a network security group (NSG)
B. an Azure Active Directory (Azure AD) role
C. an Azure Active Directory group
D. an Azure key vault
Answer
A.
Explanation
Reference
Question 140
Instruction
Question
After you create a virtual machine, you need to modify the <box 1> to allow connections to
TCP port 8080 on the virtual machine.

● network security group (NSG)

● virtual network gateway
● virtual network
● route table
Answer
network security group (NSG)
Explanation
When you create a virtual machine, the default setting is to create a Network Security Group
attached to the network interface assigned to a virtual machine.
the virtual machine on port 8080.
Reference
Question 141
Instruction
Question
1. You can create custom Azure roles to control access to resources.
2. A user account can be assigned to multiple Azure roles.
3. A resource group can have the Owner role assigned to multiple users.
Answer
1. Yes.
2. Yes.
3. No.
Reference
● Owner
Question 142
Question
HTTP.
Solution: You modify a network security group (NSG).
A. Yes
B. No
Answer
A.
Explanation
the virtual machine on port 80 (HTTP).
Reference
Question 143
Question
HTTP.
Solution: You modify a DDoS protection plan.
A. Yes
B. No
Answer
B.
Explanation
DDoS is a form of attack on a network resource. A DDoS protection plan is used to protect
against DDoS attacks; it does not provide connectivity to a virtual machine.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you
need to modify a network security group or Azure Firewall.
Reference
● Azure DDoS Protection Standard overview (3 minutes to read)
Question 144
Question
You need to collect and automatically analyze security events from Azure Active Directory
(Azure AD).
A. Azure Sentinel
B. Azure Synapse Analytics
C. Azure AD Connect
D. Azure Key Vault
Answer
A.
Reference
● What is Azure Sentinel? (5 minutes to read)
Question 145
Question
HTTP.
Solution: You modify an Azure firewall.
A. Yes
B. No
Answer
A.
Explanation
In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual
machine on port 80 (HTTP).
Question 146
Question
HTTP.
Solution: You modify an Azure Traffic Manager profile.
A. Yes
B. No
Answer
B.
Explanation
Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a
virtual machine named VM1 is accessible from the Internet over HTTP.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you
need to modify a network security group or Azure Firewall.
In this question, we need to add a rule to a network security group or Azure Firewall to allow the
connection to the virtual machine on port 80 (HTTP).
Reference
● What is Traffic Manager? (2 minutes to read)
Question 147
Question
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers
to the database servers.
A. network security groups (NSGs)
B. Azure Service Bus
C. a local network gateway
D. a route filter
Answer
A.
Explanation
Reference
Question 148
Instruction
Question
From <box 1> you can view which user turned off a specific virtual machine during the last
14 days.
● Azure Access Control IAM

● Azure Event Hubs
● Azure Activity Log
● Azure Service Health
Answer
Azure Activity Log
Explanation
You would use the Azure Activity Log, not Access Control to view which user turned off a
specific virtual machine during the last 14 days.
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting
date isn’t more than 90 days in the past.
In this question, we would create a filter to display shutdown operations on the virtual machine
in the last 14 days.
Reference
● Azure Activity log (12 minutes to read)
Question 149
Which service provides network traffic filtering across multiple Azure subscriptions and virtual
networks?
A. Azure Firewall
B. an application security group
C. Azure DDoS protection
D. a network security group (NSG)
Answer
A.
Explanation
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure
firewall.
You can centrally create, enforce, and log application and network connectivity policies across
subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual
network resources allowing outside firewalls to identify traffic originating from your virtual
network.
Reference
● What is Azure Firewall? (9 minutes to read)
Question 150
Question
Which Azure service should you use to store certificates?
A. Azure Security Center
B. an Azure Storage account
C. Azure Key Vault
D. Azure Information Protection
Answer
C.
Explanation
Azure Key Vault is a secure store for storage various types of sensitive information including
passwords and certificates.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords,
certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and
hardware security modules (HSMs). The HSMs used are Federal Information Processing
Standards (FIPS) 140–2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or
application) can get access. Authentication establishes the identity of the caller, while
authorization determines the operations that they are allowed to perform.
Reference
Question 151
Question
Which Azure service can you use as a security information and event management (SIEM)
solution?
A. Azure Analysis Services
B. Azure Sentinel
C. Azure Information Protection
D. Azure Cognitive Services
Answer
B.
Reference
● Azure Sentinel
Question 152
Question
What can Azure Information Protection encrypt?
A. network traffic
B. documents and email messages
C. an Azure Storage account
D. an Azure SQL database
Answer
B.
Section: Describe identity, governance, privacy, and compliance features
Explanation
Azure Information Protection can encrypt documents and emails.
Azure Information Protection is a cloud-based solution that helps an organization to classify and
optionally, protect its documents and emails by applying labels. Labels can be applied
automatically by administrators who define rules and conditions, manually by users, or a
combination where users are given recommendations.
The protection technology uses Azure Rights Management (often abbreviated to Azure RMS).
This technology is integrated with other Microsoft cloud services and applications, such as
Office 365 and Azure Active Directory.
This protection technology uses encryption, identity, and authorization policies. Similarly to the
labels that are applied, protection that is applied by using Rights Management stays with the
documents and emails, independently of the location — inside or outside your organization,
networks, file servers, and applications.
Reference
● What is Azure Information Protection? (4 minutes to read)
● Quickstart: Configure a label for users to easily protect emails that contain sensitive
information (4 minutes to read)
Question 153
Question
What should you use to evaluate whether your company’s Azure environment meets regulatory
requirements?
A. the Knowledge Center website
B. the Advisor blade from the Azure portal
C. Compliance Manager from the Service Trust Portal
D. the Solutions blade from the Azure portal

Answer
C.
Explanation
Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that
helps you track, assign, and verify your organization’s regulatory compliance activities related to
Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.
Reference
● Get started with the Microsoft Service Trust Portal (7 minutes to read)
Question 154
Instruction
Question
Your company implements <box 1> to automatically add a watermark to Microsoft
Word documents that contain credit card information.
● Azure policies
● DDoS protection
● Azure Information Protection
Answer
Azure Information Protection
Explanation
Azure Information Protection is used to automatically add a watermark to Microsoft Word

documents that contain credit card information.
You use Azure Information Protection labels to apply classification to documents and emails.
When you do this, the classification is identifiable regardless of where the data is stored or with
whom it’s shared. The labels can include visual markings such as a header, footer, or watermark.
Labels can be applied automatically by administrators who define rules and conditions, manually
by users, or a combination where users are given recommendations. In this question, we would
configure a label to be automatically applied to Microsoft Word documents that contain credit
card information. The label would then add the watermark to the documents.
Reference
● What is Azure Information Protection? (4 minutes to read)
● Tutorial: Configure Azure Information Protection policy settings and create a new label
(11 minutes to read)
Question 155
Instruction
Question
You have an Azure virtual network named VNET1 in a resource group named RG1.
You assigned the Azure Policy definition of Not Allowed Resource Type and specify that virtual
networks are not an allowed resource type in RG1.
VNET1 <box 1>
● is deleted automatically.
● is moved automatically to another resource group.
● continues to function normally.
● is now a read-only object.
Answer
continues to function normally.
Explanation
The VNet will be marked as ‘Non-compliant’ when the policy is assigned. However, it will not
be deleted and will continue to function normally.
with your corporate standards and service level agreements.
If there are any existing resources that aren’t compliant with a new policy assignment, they
appear under Non-compliant resources.
Reference
● Quickstart: Create a policy assignment to identify non-compliant resources (4 minutes to
read)
Question 156
Question
Your company has an Azure subscription that contains resources in several regions.
A company policy states that administrators must only be allowed to create additional Azure
resources in a region in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
A. a read-only lock
B. an Azure policy
C. a management group
D. a reservation
Answer
B.
Explanation
resources.
with your corporate standards and service level agreements. Azure Policy meets this need by
evaluating your resources for non-compliance with assigned policies. All data stored by Azure
Policy is encrypted at rest.
Azure Policy offers several built-in policies that are available by default. In this question, we
would use the ‘Allowed Locations’ policy to define the locations where resources can be
deployed.
Reference
Question 157
Instruction
bold text. If it makes the statement correct, select “No change is needed.” If the statement is
Question
From Azure Cloud Shell, you can track your company’s regulatory standards and regulations,
such as ISO 27001.
A. No change is needed.
B. the Microsoft Cloud Partner Portal
C. Compliance Manager
D. the Trust Center
Answer
C.
Explanation
Microsoft Compliance Manager (Preview) is a free workflow-based risk assessment tool that lets
you track, assign, and verify regulatory compliance activities related to Microsoft cloud services.
Azure Cloud Shell, on the other hand, is an interactive, authenticated, browser-accessible shell
for managing Azure resources.
Reference
● Microsoft Compliance Manager (5 minutes to read)
Question 158
Instruction
Question
1. You can create Group Policies in Azure Active Directory (Azure AD).
2. You can join Windows 10 devices to Azure Active Directory (Azure AD).
3. You can join Android devices to Azure Active Directory (Azure AD).
Answer
1. Yes.
2. Yes.
3. No.
Explanation
Azure AD join only applies to Windows 10 devices.
Reference
● Administer Group Policy in an Azure Active Directory Domain Services
managed domain (5 minutes to read)
● How to: Plan your Azure AD join implementation (11 minutes to read)
Question 159
Instruction
Question
The <box 1> explains what data Microsoft processes, how Microsoft processes the data, and
the purpose of processing the data.
● Microsoft Online Services Privacy Statement

● Microsoft Online Services Terms
● Microsoft Online Service Level Agreement
● Online Subscription Agreement for Microsoft Azure
Answer
Microsoft Online Services Privacy Statement
Explanation
The Microsoft Privacy Statement explains what personal data Microsoft processes, how
Microsoft processes the data, and the purpose of processing the data.
Reference
● Microsoft Privacy Statement
Question 160
Instruction
Question
<box 1> is the process of verifying a user’s credentials.
● Authorization
● Authentication
● Federation
● Ticketing
Answer
Authentication
Explanation
Authentication, not authorization is the process of verifying a user’s credentials.
The difference between authentication and authorization is:
● Authentication is proving your identity, proving that you are who you say you are. The
most common example of this is logging in to a system by providing credentials such as
a username and password.
● Authorization is what you’re allowed to do once you’ve been authenticated. For example,
what resources you’re allowed to access and what you can do with those resources.
Question 161
Instruction
Question
An Azure Policy initiative definition is a <box 1>
● collection of policy definitions.

● collection of Azure Policy definition assignments.
● group of Azure Blueprints definitions.
● group of role-based access control (RBAC) role assignments.
Answer
collection of policy definitions.
Reference
Question 162
Instruction
Question
<box 1> provide organizations with the ability to manage the compliance of Azure
resources across multiple subscriptions.
● Resource groups
● Management groups
● Azure policies
● Azure App Service plans
Answer
Azure policies
Reference
Question 163
Instruction
Question
1. General Data Protection Regulation (GDPR) defines data protection and privacy rules.
2. General Data Protection Regulation (GDPR) applies to companies that offer goods
or services to individuals in the EU.
3. Azure can be used to build a General Data Protection Regulation (GDPR)-compliant
infrastructure.
Answer
1. Yes.
2. Yes.
3. Yes.
Reference
● New capabilities to enable robust GDPR compliance
Question 164
Instruction
Question
1. You can add an Azure Resource Manager template to an Azure blueprint.
2. You can assign an Azure blueprint to a resource group.
3. You can use Azure Blueprints to grant permissions to a resource.
Answer
1. Yes.
2. No.
3. Yes.
Reference
● What is Azure Blueprints? (8 minutes to read)
Question 165
Instruction
Question
1. Azure China is operated by Microsoft.
2. Azure Government is operated by Microsoft.
3. Azure Government is available only to US government agencies and their partners.
Answer
1. No.
2. Yes.
3. Yes.
Reference
● Microsoft Azure operated by 21Vianet (2 minutes to read)
● What is Azure Government? (2 minutes to read)
Question 166
Instruction
Question
1. An Azure resource can have multiple Delete locks.
2. An Azure resource inherits locks from its resource group.
3. If an Azure resource has a Read-only lock, you can add a Delete lock to the resource.
Answer
1. Yes.
2. Yes.
3. Yes.
Reference
● Lock resources to prevent unexpected changes (11 minutes to read)
Question 167
Question
Your company plans to migrate all on-premises data to Azure.
You need to identify whether Azure complies with the company’s regional requirements.
A. the Knowledge Center
B. Azure Marketplace
C. the MyApps portal
D. the Trust Center
Answer
D.

Explanation
Azure has more than 90 compliance certifications, including over 50 specific to global regions
and countries, such as the US, the European Union, Germany, Japan, the United Kingdom,
India and China.
You can view a list of compliance certifications in the Trust Center to determine whether Azure
meets your regional requirements.
Reference
● Azure compliance
● Get started with the Microsoft Service Trust Portal (7 minutes to read)
Question 168
Instruction
Question
1. Authorization to access Azure resources can be provided only to Azure Active
Directory (Azure AD) users.
2. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and
on-premises Active Directory can be used to access Azure resources.
3. Azure has built-in authentication and authorization services that provide secure access
to Azure resources.
Answer
1. No.
2. Yes.
3. Yes.
Explanation
<box 1>: No
Authorization to access Azure resources can be provided by other identity providers by using
federation. A commonly used example of this is to federate your on-premises Active Directory
environment with Azure AD and use this federation for authentication and authorization.
<box 2>: Yes
As described above, third-party cloud services and on-premises Active Directory can be used to
access Azure resources. This is known as ‘federation’.
Federation is a collection of domains that have established trust. The level of trust may vary, but
typically includes authentication and almost always includes authorization. A typical federation
might include a number of organizations that have established trust for shared access to a set of
resources.
<box 3>: Yes
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the
primary built-in authentication and authorization service to provide secure access to Azure
resources.
Reference
● What is federation with Azure AD? (2 minutes to read)
● Authentication vs. authorization (2 minutes to read)
Question 169
Instruction
Question
If a resource group named RG1 has a delete lock, <box 1> can delete RG1.
● only a member of the global administrators group

● the delete lock must be removed before an administrator
● an Azure policy must be modified before an administrator
● an Azure tag must be added before an administrator
Answer
the delete lock must be removed before an administrator
Explanation
You can configure a lock on a resource group to prevent the accidental deletion of the resource
group. The lock applies to everyone, including global administrators. If you want to delete the
resource group, the lock must be removed first.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent
other users in your organization from accidentally deleting or modifying critical resources. You
can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete
and Read-only respectively.
● CanNotDelete means authorized users can still read and modify a resource, but they
can’t delete the resource.
● ReadOnly means authorized users can read a resource, but they can’t delete or update
the resource. Applying this lock is similar to restricting all authorized users to the
permissions granted by the Reader role.
Reference
Question 170
Instruction
Question
Azure Germany can be used by legal residents of Germany only.
A. no change is needed
B. only enterprises that are registered in Germany
C. only enterprises that purchase their azure licenses from a partner based in Germany
D. any user or enterprise that requires its data to reside in Germany
Answer
D.
Explanation
Azure Germany is available to eligible customers and partners globally who intend to do
business in the EU/EFTA, including the United Kingdom.
Azure Germany offers a separate instance of Microsoft Azure services from within German
datacenters. The datacenters are in two locations, Frankfurt/Main and Magdeburg. This
placement ensures that customer data remains in Germany and that the datacenters connect to
each other through a private network. All customer data is exclusively stored in those
datacenters. A designated German company — the German data trustee — controls access to
customer data and the systems and infrastructure that hold customer data.
Reference
● Welcome to Azure Germany (3 minutes to read)
● Data trustee principle (2 minutes to read)
Question 171
Instruction
Question
1. Identities stored in an on-premises Active Directory can be synchronized to Azure Active
Directory (Azure AD).
2. Identities stored in Azure Active Directory (Azure AD), third-party cloud services, and
on-premises Active Directory can be used to access Azure resources.
3. Azure has built-in authentication and authorization services that provide secure access to
Azure resources.
Answer
1. Yes.
2. Yes.
3. Yes.
Explanation
<box 1>: Yes
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory
Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD
Connect. It takes care of all the operations that are related to synchronize identity data between
your on-premises environment and Azure AD.
<box 2>: Yes
As described above, third-party cloud services and on-premises Active Directory can be used to
access Azure resources. This is known as ‘federation’.
Federation is a collection of domains that have established trust. The level of trust may vary, but
typically includes authentication and almost always includes authorization. A typical federation
might include a number of organizations that have established trust for shared access to a set of
resources.
<box 3>: Yes
resources.
Reference
● Azure AD Connect sync: Understand and customize synchronization (3 minutes to read)
● What is federation with Azure AD? (2 minutes to read)
Question 172
Instruction
Question
You can view your company’s regulatory compliance report from <box 1>
● Azure Advisor
● Azure Analysis Services
● Azure Monitor
Answer
Azure Security Center
Explanation
The advanced monitoring capabilities in Security Center lets you track and manage compliance
and governance over time. The overall compliance provides you with a measure of how much
your subscriptions are compliant with policies associated with your workload.
Question 173
Question
What should you use to evaluate whether your company’s Azure environment meets regulatory
requirements?
A. Azure Service Health
B. Azure Knowledge Center
C. Azure Security Center
D. Azure Advisor
Answer
C.
Explanation
The advanced monitoring capabilities in Security Center lets you track and manage compliance
and governance over time. The overall compliance provides you with a measure of how much
your subscriptions are compliant with policies associated with your workload.
Reference
● What is Azure Security Center? (8 minutes to read)
Question 174
Question
Your company has an Azure subscription that contains resources in several regions.
You need to ensure that administrators can only create resources in those regions.
A. a read-only lock
B. an Azure policy
C. a management group
D. a reservation
Answer
B.
Reference
Question 175
Instruction
Question
1. Azure Active Directory (Azure AD) requires the implementation of domain controllers
on Azure virtual machines.
2. Azure Active Directory (Azure AD) provides authentication services for resources
hosted in Azure and Microsoft 365.
3. Each user account in Azure Active Directory (Azure AD) can be assigned only
one license.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
Azure Active Directory (Azure AD) is a cloud-based service. It does not require domain
controllers on virtual machines.
<box 2>: Yes
resources and Microsoft 365.
<box 3>: No
User accounts in Azure Active Directory can be assigned multiple licenses for different Azure or
Microsoft 365 services.
Question 176
Question
Which two types of customers are eligible to use Azure Government to develop a cloud solution?
A. a Canadian government contractor
B. a European government contractor

C. a United States government entity
D. a United States government contractor
E. a European government entity
Answer
C, D.
Explanation
Azure Government is a cloud environment specifically built to meet compliance and security
requirements for US government. This mission-critical cloud delivers breakthrough innovation to
U.S. government customers and their partners. Azure Government applies to government at any
level — from state and local governments to federal agencies including Department of Defense
agencies.
The key difference between Microsoft Azure and Microsoft Azure Government is that Azure
Government is a sovereign cloud. It’s a physically separated instance of Azure, dedicated to U.S.
government workloads only. It’s built exclusively for government agencies and their solution
providers.
Reference
Question 177
Instruction
Question
1. To implement an Azure Multi-Factor Authentication (MFA) solution, you must sync on-
premises identities to the cloud.
2. Two valid methods for Azure Multi-Factor Authentication (MFA) are picture
identification and a passport number.
3. Azure Multi-Factor Authentication (MFA) can be required for administrative and non-
administrative user accounts.
Answer
1. No.
2. No.
3. Yes.
Explanation
<box 1>: No
It is not true that you must deploy a federation solution or sync on-premises identities to the
cloud. You can have a cloud-only environment and use MFA.
<box 2>: No
Picture identification and passport numbers are not valid MFA authentication methods. Valid
methods include: Password, Microsoft Authenticator App, SMS and Voice call.
<box 3>: Yes
You can configure MFA to be required for administrator accounts only or you can configure
MFA for any user account.
Reference
● Plan an Azure Active Directory Multi-Factor Authentication deployment (10 minutes to
read)
● What authentication and verification methods are available in Azure Active Directory? (3
minutes to read)
Question 178
Question
You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD
from the Internet by using an anonymous IP address, the users are prompted automatically to
change their password.
Which Azure service should you use?
A. Azure AD Connect Health
B. Azure AD Privileged Identity Management

C. Azure Advanced Threat Protection (ATP)
D. Azure AD Identity Protection
Answer
D.
Explanation
Azure AD Identity Protection includes two risk policies: sign-in risk policy and user risk policy.
A sign-in risk represents the probability that a given authentication request isn’t authorized by
the identity owner.
There are several types of risk detection. One of them is Anonymous IP Address. This risk
detection type indicates sign-ins from an anonymous IP address (for example, Tor browser or
anonymous VPN). These IP addresses are typically used by actors who want to hide their login
telemetry (IP address, location, device, etc.) for potentially malicious intent.
You can configure the sign-in risk policy to require that users change their password.
Reference
● How To: Configure and enable risk policies (3 minutes to read)
● What is risk? (8 minutes to read)
Question 179
Instruction
Match the term to the correct definition. Each term may be used once, more than once, or not at
all.
Question
Terms:
● Azure Government
● GDPR
● ISO
● NIST
Definitions:
1. An organization that defines international standards across all industries

2. An organization that defines standards used by the United States government.
3. A European policy that regulates data privacy and data protection.
4. A dedicated public cloud for federal and state agencies in the United States.
Answer
1. ISO: An organization that defines international standards across all industries
2. NIST: An organization that defines standards used by the United States government.
3. GDPR: A European policy that regulates data privacy and data protection.
4. Azure Government: A dedicated public cloud for federal and state agencies in the United
States.
Explanation
<box 1>: ISO
ISO is the International Organization for Standardization. Companies can be certified to ISO
standards, for example ISO 9001 or 27001 are commonly used in IT companies.
<box 2>: NIST
The National Institute of Standards and Technology (NIST) is a physical sciences laboratory,
and a non-regulatory agency of the United States Department of Commerce.
<box 3>: GDPR
GDPR is the General Data Protection Regulations. This standard was adopted across Europe in
May 2018 and replaces the now deprecated Data Protection Directive.
The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data
protection and privacy in the European Union (EU) and the European Economic Area (EEA). It
also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims
primarily to give control to individuals over their personal data and to simplify the regulatory
environment for international business by unifying the regulation within the EU.
<box 4>: Azure Government
US government agencies or their partners interested in cloud services that meet government
security and compliance requirements, can be confident that Microsoft Azure Government
provides world-class security, protection, and compliance services. Azure Government delivers a
dedicated cloud enabling government agencies and their partners to transform mission-critical
workloads to the cloud. Azure Government services handle data that is subject to certain
government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR,
IRS 1075, DoD L4, and CJIS. In order to provide you with the highest level of security and
compliance, Azure Government uses physically isolated datacenters and networks (located in
U.S. only).
Reference
● National Institute of Standards and Technology
● General Data Protection Regulation
Question 180
Question
To what should an application connect to retrieve security tokens?
A. an Azure Storage account
B. Azure Active Directory (Azure AD)
C. a certificate store
D. an Azure key vault
Answer
B.
Explanation
Azure AD authenticates users and provides access tokens. An access token is a security token
that is issued by an authorization server. It contains information about the user and the app for
which the token is intended, which can be used to access Web APIs and other protected
resources.
Instead of creating apps that each maintain their own username and password information, which
incurs a high administrative burden when you need to add or remove users across multiple apps,
apps can delegate that responsibility to a centralized identity provider.
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating
authentication and authorization to it enables scenarios such as Conditional Access policies that
require a user to be in a specific location, the use of multi-factor authentication, as well as
enabling a user to sign in once and then be automatically signed in to all of the web apps that
share the same centralized directory. This capability is referred to as Single Sign On (SSO).
Reference
Question 181
Question
Your network contains an Active Directory forest. The forest contains 5,000 user accounts.
Your company plans to migrate all network resources to Azure and to decommission the on-
premises data center.
You need to recommend a solution to minimize the impact on users after the planned migration.
A. Implement Azure Multi-Factor Authentication (MFA)
B. Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
C. Instruct all users to change their password
D. Create a guest user account in Azure Active Directory (Azure AD) for each user
Answer
B.
Explanation
To migrate to Azure and decommission the on-premises data center, you would need to create
the 5,000 user accounts in Azure Active Directory. The easy way to do this is to sync all the
Active Directory user accounts to Azure Active Directory (Azure AD). You can even sync their
passwords to further minimize the impact on users.
The tool you would use to sync the accounts is Azure AD Connect. The Azure Active Directory
Connect synchronization services (Azure AD Connect sync) is a main component of Azure AD
Connect. It takes care of all the operations that are related to synchronize identity data between
your on-premises environment and Azure AD.
Reference
● Azure AD Connect sync: Understand and customize synchronization (3 minutes to read)
Question 182
Question
1. You can configure the Azure Active Directory (Azure AD) activity logs to appear
in Azure Monitor.
2. From Azure Monitor, you can monitor resources across multiple Azure subscriptions.
3. From Azure Monitor, you can create alerts.
Answer
1. Yes.
2. Yes.
3. Yes.
Explanation
<box 1>: Yes
You can send Azure AD activity logs to Azure Monitor logs to enable rich visualizations,
monitoring and alerting on the connected data.
All data collected by Azure Monitor fits into one of two fundamental types, metrics and logs
(including Azure AD activity logs). Activity logs record when resources are created or
modified. Metrics tell you how the resource is performing and the resources that it’s consuming.
<box 2>: Yes
Azure Monitor can consolidate log entries from multiple Azure resources, subscriptions, and
tenants into one location for analysis together.
<box 3>: Yes

You can create alerts in Azure Monitor.
Alerts in Azure Monitor proactively notify you of critical conditions and potentially attempt to
take corrective action. Alert rules based on metrics provide near real time alerting based on
numeric values, while rules based on logs allow for complex logic across data from multiple
sources.
Reference
● Azure AD activity logs in Azure Monitor (7 minutes to read)
Question 183
Question
You create a resource group named RG1 in Azure Resource
Manager. You need to prevent the accidental deletion of the resources
in RG1. Which setting should you use?

Answer
Explanation
You can configure a lock on a resource group to prevent the accidental deletion.
As an administrator, you may need to lock a subscription, resource group, or resource to prevent
other users in your organization from accidentally deleting or modifying critical resources. You
can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete
and Read-only respectively.
● CanNotDelete means authorized users can still read and modify a resource, but they
can’t delete the resource.
● ReadOnly means authorized users can read a resource, but they can’t delete or update the
resource. Applying this lock is similar to restricting all authorized users to the
permissions granted by the Reader role.
Reference
Question 184
Question
You have a resource group named RG1.
You need to prevent the creation of virtual machines only in RG1. The solution must ensure that
other objects can be created in RG1.
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
Answer
D.
Explanation
resources.
with your corporate standards and service level agreements.
In this question, we would create an Azure policy assigned to the resource group that denies the
creation of virtual machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the
creation of any resources in the resource group, not virtual machines only. Therefore, an Azure
Policy is a better solution.
Reference
Question 185
Instruction
Question
1. Storing 1 TB of data in Azure Blob storage will always cost the same, regardless of
the Azure region in which the data is located.
2. When you use a general-purpose v2 Azure Storage account, you are only charged for the
amount of data that is stored. All read and write operations are free.
3. Transferring data between Azure Storage accounts in different Azure regions is free.
Answer
1. No.
2. No.
3. No.
Section: Describe Azure cost management and Service Level Agreements
Explanation
<box 1>: No
The price of Azure storage varies by region. If you use the Azure storage pricing page, you can
select different regions and see how the price changes per region.
<box 2>: No
You are charged for read and write operations in general-purpose v2 storage accounts.
<box 3>: No
You would be charge for the read operations of the source storage account and write operations
in the destination storage account.
Reference
● Storage account overview (6 minutes to read)
● Azure Blob Storage pricing
Question 186
Instruction
Question
1. In Azure Active Directory Premium P2, at least 99.9 percent availability is guaranteed.
2. The Service Level Agreement (SLA) for Azure Active Directory Premium P2 is the same
as the SLA for Azure Active Directory Free.
3. All paying Azure customers receive a credit if their monthly uptime percentage is
below the guaranteed amount in the Service Level Agreement (SLA).
Answer
1. Yes.
2. No.
3. Yes.
Explanation
<box 1>: Yes
Microsoft guarantee at least 99.9% availability of the Azure Active Directory Premium edition
services. The services are considered available in the following scenarios:
● Users are able to login to the service, login to the Access Panel, access applications
on the Access Panel and reset passwords.
● IT administrators are able to create, read, write and delete entries in the directory
or provision or de-provision users to applications in the directory.
<box 2>: No
No SLA is provided for the Free tier of Azure Active Directory.
<box 3>: Yes

You can claim credit if the availability falls below the SLA. The amount of credit depends on the
availability. For example: You can claim 25% credit if the availability is less than 99.9%, 50%
credit for less than 99% and 100% for less than 95% availability.
Reference
● SLA for Azure Active Directory (Azure AD) (original)
● SLA for Azure Active Directory (Azure AD) (updated)
Question 187
Instruction
Question
1. Adding resource groups in an Azure subscription generates additional costs.
2. Copying 10 GB of data to Azure from an on-premises network over a VPN generates
additional Azure data transfer costs.
3. Copying 10 GB of data from Azure to an on-premises network over a VPN generates
additional Azure data transfer costs.
Answer
1. No.
2. No.
3. Yes.
Explanation
<box 1>: No
Resource groups are logical containers for Azure resources. You do not pay for resource groups.
<box 2>: No
Data ingress over a VPN is data ‘coming in’ to Azure over the VPN. You are not charged data
transfer costs for data ingress.
<Box 3>: Yes

Data egress over a VPN is data ‘going out’ of Azure over the VPN. You are charged for data
egress.
Reference
● Manage Azure Resource Manager resource groups by using the Azure portal (3 minutes
to read)
Question 188
Instruction
Question
You deploy an Azure resource. The resource becomes unavailable for an extended period due to
a service outage. Microsoft will <box 1>
● refund your bank account.

● migrate the resource to another subscription.
● credit your Azure account.
● send you a coupon code that you can redeem for Azure credits.
Answer
credit your Azure account.
Explanation
If the SLA for an Azure service is not met, you receive credits for that service and that service
only. The credits are deducted from your monthly bill for that service. If you stopped using the
service where the SLA was not met, your account would remain in credit for that service. The
credits would not be applied to any other services that you may be using.
Service Credits apply only to fees paid for the particular Service, Service Resource, or Service
tier for which a Service Level has not been met. In cases where Service Levels apply to
individual Service Resources or to separate Service tiers, Service Credits apply only to fees paid
for the affected Service Resource or Service tier, as applicable. The Service Credits awarded in
any billing month for a particular Service or Service Resource will not, under any circumstance,
exceed your monthly service fees for that Service or Service Resource, as applicable, in the
billing month.
Reference
● SLA for Azure Analysis Services
Question 189
Question
Which task can you perform by using Azure Advisor?
A. Integrate Active Directory and Azure Active Directory (Azure AD).
B. Estimate the costs of an Azure solution.
C. Confirm that Azure subscription security follows best practices.
D. Evaluate which on-premises resources can be migrated to Azure.
Answer
B.
Reference
● What is Azure Advisor?
Question 190
Instruction
Question
1. If your company uses an Azure free account, you will only be able to use a subset of
Azure services.
2. All Azure free accounts expire after a specific period.
3. You can create up to 10 Azure free accounts by using the same Microsoft account.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
Azure Free Account gives you 12 months access to the most popular free services. It also gives
you a credit (150 GBP or 200 USD) to use on any Azure service for up to 30 days.
<box 2>: Yes
All free accounts expire after 12 months.
<box 3>: No
You can only create one free Azure account per Microsoft account.
Reference
● Build in the cloud with an Azure free account
Question 191
Instruction
Question
1. All Azure services in private preview must be accessed by using a separate Azure portal.
2. Azure services in public preview can be used in production environments.
3. Azure services in public preview are subject to a Service Level Agreement (SLA).
Answer
1. No.
2. Yes.
3. No.
Explanation
Public Preview means that the service is in public beta and can be tried out by anyone with an
Azure subscription. Services in public preview are often offered at a discount price.
<box 1>: No
Services in private preview can be viewed in the regular Azure portal. However, you need to be
signed up for the feature in private preview before you can view it. Access to private preview
features is usually by invitation only.
<box 2>: Yes
You can use services in public preview in production environments. However, you should be
aware that the service may have faults, is not subject to an SLA and may be withdrawn without
notice.
<Box 3>: No
Public previews are excluded from SLAs and in some cases, no support is offered.
Reference
● Several more Azure services now available in private, public preview
Question 192
Question
Your company has 10 offices. You plan to generate several billing reports from the Azure portal.
Each report will contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
A. tags
B. templates
C. locks
D. policies
Answer
A.
Explanation
You can use resource tags to ‘label’ Azure resources. Tags are metadata elements attached to
resources. Tags consist of pairs of key/value strings. In this question, we would tag each resource
with a tag to identify each office. For example: Location = Office1. When all Azure resources
are tagged, you can generate reports to list all resources based on the value of the tag. For
example: All resources used by Office1.
Reference
● Resource naming and tagging decision guide (5 minutes to read)
Question 193
Instruction
Question
1. A Standard support plan is included in an Azure free account.
2. A Premier support plan can only be purchased by companies that have an
Enterprise Agreement (EA).
3. Support from MSDN forums is only provided to companies that have a pay-as-you-go
subscription.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
An Azure free account comes with a ‘basic’ support plan, not a ‘standard’ support plan.
<box 2>: Yes
You can purchase the Professional Direct, Standard, and Developer support plans with the
Microsoft Customer Agreement. You can also purchase the Professional and Standard support
plans with the Enterprise Agreement.
<box 3>: No
Users with any type of Azure subscription (pay-as-you-go, Enterprise Agreement, Microsoft
Customer Agreement etc.) can get support from the MSDN forums.
Reference
● Compare support plans
Question 194
Instruction
Question
If Microsoft plans to end support for an Azure service that does NOT have a successor service,
Microsoft will provide notification at least 12 months before.
B. 6 months
C. 90 days
D. 30 days
Answer
A.
Explanation
The Modern Lifecycle Policy covers products and services that are serviced and supported
continuously. For products governed by the Modern Lifecycle Policy, Microsoft will provide a
minimum of 12 months’ notification prior to ending support if no successor product or service
is offered — excluding free services or preview releases.
Reference
● Modern Lifecycle Policy (2 minutes to read)
Question 195
Instruction
Question
1. A user who is assigned the Owner role can transfer ownership of an Azure subscription.
2. You can convert the Azure subscription of your company from Free Trial to Pay-As-
You-Go.
3. The Azure spending limit is fixed and cannot be increased or decreased.
Answer
1. No.
2. Yes.
3. Yes.
Explanation
<box 1>: No
You need to be an administrator of the billing account that has the subscription to be able to
transfer the subscription. This could be a Billing Administrator or Global Administrator. A
subscription owner can manage all resources and permissions within the subscription but cannot
transfer ownership of the subscription.
<box 2>: Yes
You can convert a free trial subscription to Pay-As-You-Go. This is common practice for people
who wish to continue using the Azure services when the free trial period expires.
<box 3>: Yes
You can remove the spending limit, but you can’t increase or decrease it.
The spending limit in Azure prevents spending over your credit amount. All new customers who
sign up for an Azure free account or subscription types that include credits over multiple months
have the spending limit turned on by default. The spending limit is equal to the amount of credit
and it can’t be changed. For example, if you signed up for Azure free account, your spending
limit is $200 and you can’t change it to $500. However, you can remove the spending limit. So,
you either have no limit, or you have a limit equal to the amount of credit.
Reference
● Add or change Azure subscription administrators (2 minutes to read)
● Upgrade your Azure free account or Azure for Students Starter account (2 minutes to
read)
● Azure spending limit (5 minutes to read)
Question 196
Instruction
Question
1. With Azure Reservations, you pay less for virtual machines than pay-as-you-go pricing.
2. Two Azure virtual machines that use the B2S size have the same monthly costs.
3. When an Azure virtual machine is stopped, you continue to pay storage costs for the
virtual machine.
Answer
1. Yes.
2. No.
3. Yes.
Explanation
<box 1>: Yes
A reservation is where you commit to pay for a resource (for example a virtual machine) for one
or three years. This gives you a discounted price on the resource for the reservation period.
<box 2>: No
There are other factors that influence the cost of a virtual machine such as the virtual hard disks
attached to the virtual machine. You could have multiple virtual machines with the same ‘size’
(B2S in this case) but with different virtual hard disk configurations.
<box 3>: Yes
When a virtual machine is stopped (deallocated), the virtual machine is unloaded/dismounted

from the physical server in Azure. In this state, you are not charged for the virtual machine itself.
However, you are still charged for the storage costs of the virtual hard disks attached to the
virtual machine.
If the virtual machine is stopped but not deallocated (this happens if you shut down the virtual
machine from the operating system of the virtual machine), the virtual machine is still mounted
on the physical server in Azure and you are charged for the virtual machine itself as well as the
storage costs. To ensure that a virtual machine is ‘stopped (deallocated)’, you need to stop the
virtual machine in the Azure portal.
Reference
● Reservations
● B-series burstable virtual machine sizes (7 minutes to read)
● Azure Virtual Machines — Stopping versus Stopping (Deallocating) (4 minutes to read)
Question 197
Question
Your company has an Azure subscription that contains the following unused resources:
● 20 user accounts in Azure Active Directory (Azure AD)

● Five groups in Azure AD
● 10 public IP addresses
● 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused network interfaces.
A. Yes
B. No
Answer
B.
Explanation
You are not charged for unused network interfaces. Therefore, deleting unused network
interfaces will not reduce the Azure costs for the company.
Reference
● Reduce costs by deleting or reconfiguring idle virtual network gateways (7 minutes to
read)
Question 198
Question

Solution: You remove the unused public IP addresses.

A. Yes
B. No
Answer
A.
Explanation
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will
reduce the Azure costs.
Reference
read)
Question 199
Question

Solution: You remove the unused user accounts.
A. Yes
B. No
Answer
B.
Explanation
You are not charged for user accounts. Therefore, deleting unused user accounts will not reduce
the Azure costs for the company.
Reference
read)
Question 200
Instruction
Question
How should you calculate the monthly uptime percentage?
<box 1> ÷ <box 2> × <box 3>
● Downtime in Minutes
● Maximum Available Minutes
● (Maximum Available Minutes − Downtime in Minutes)
● 60
● 1,440
● Maximum Available Minutes
● 100
● 99.99
● 1.440
Answer
<box 1>: (Maximum Available Minutes − Downtime in Minutes)
<box 2>: Maximum Available Minutes
<box 3>: 100
Explanation
“Maximum Available Minutes” is the total accumulated minutes during a billing month.
“Downtime” is the total accumulated minutes that are part of Maximum Available Minutes
where a system is unavailable.
“Monthly Uptime Percentage” for a service is calculated as Maximum Available Minutes less
Downtime divided by Maximum Available Minutes x 100.
Monthly Uptime Percentage is represented by the following formula:
Monthly Uptime % = (Maximum Available Minutes-Downtime) / Maximum Available Minutes

x 100.
Reference
● SLA for Cloud Services (original)
● SLA for Cloud Services (updated)
Question 201
Instruction
Question
1. By creating additional resource groups in an Azure subscription, additional costs
are incurred.
2. By copying several gigabits of data to Azure from an on-premises network over a VPN,
additional data transfer costs are incurred.
3. By copying several GB of data from Azure to an on-premises network over a VPN,
additional data transfer costs are incurred.
Answer
1. No.
2. No.
3. Yes.
Explanation
<box 1>: No
Resource groups are logical containers for Azure resources. You do not pay for resource groups.
<box 2>: No
Data ingress over a VPN is data ‘coming in’ to Azure over the VPN. You are not charged data
transfer costs for data ingress.
<box 3>: Yes
Data egress over a VPN is data ‘going out’ of Azure over the VPN. You are charged for data
egress.
Reference
● Manage Azure Resource Manager resource groups by using the Azure portal (3 minutes
to read)
Question 202
Instruction
Question
A support plan solution that gives you best practice information, health status and notifications,
and 24/7 access to billing information at the lowest possible cost is a Standard support plan.
B. Developer
C. Basic
D. Premier
Answer
C.
Explanation
A basic support plan provides:
● 24x7 access to billing and subscription support, online self-help, documentation,

whitepapers, and support forums
● Best practices: Access to full set of Azure Advisor recommendations
● Health Status and Notifications: Access to personalized Service Health Dashboard &
Health API
Reference
Question 203
Question
In which Azure support plans can you open a new support request?
A. Premier and Professional Direct only
B. Premier, Professional Direct, and Standard only

C. Premier, Professional Direct, Standard, and Developer only
D. Premier, Professional Direct, Standard, Developer, and Basic
Answer
C.
Explanation
You can open support cases in the following plans: Premier, Professional Direct, Standard, and
Developer only.
You cannot open support cases in the Basic support plan.
Reference
Question 204
Instruction
bold text. If it makes the statement correct, select “No change is needed.” If the statement is
Question
You can create an Azure support request from support.microsoft.com.
B. the Azure portal
C. the Knowledge Center
D. the Security & Compliance admin center
Answer
B.
Explanation
You can create an Azure support request from the Help and Support blade in the Azure portal or
from the context menu of an Azure resource in the Support + Troubleshooting section.
Reference
● Create an Azure support request
Question 205
Question

Solution: You remove the unused groups.
A. Yes
B. No
Answer
B.
Explanation
You are not charged for Azure Active Directory Groups. Therefore, deleting unused groups will
not reduce your Azure costs.
Reference
read)
Question 206
Instruction
Question
The Azure Standard support plan is the lowest cost option to receive 24x7 access to support
engineers by phone.
B. Developer
C. Basic
D. Professional Direct
Answer
A.
Explanation
The Basic support plan is free so is therefore the cheapest. The Developer support plan is the
cheapest paid for support plan. The order of support plans in terms of cost ranging from the
cheapest to most expensive is: Basic, Developer, Standard, Professional Direct, Premier.
However, 24/7 access to technical support by email and phone is only available for Standard,
Professional Direct, Premier plans.
Reference
Question 207
Instruction
Question
All Azure services that are in public preview are <box 1>
● provided without any documentation.

● only configurable from Azure CLI.
● excluded from the Service Level Agreements.
● only configurable from the Azure portal.
Answer
excluded from the Service Level Agreements.
Explanation
Preview features are made available to you on the condition that you accept additional terms
which supplement the regular Azure terms. The supplemental terms state:
PREVIEWS ARE PROVIDED “AS-IS,” “WITH ALL FAULTS,” AND “AS AVAILABLE,”
AND ARE EXCLUDED FROM THE SERVICE LEVEL AGREEMENTS AND LIMITED
WARRANTY.
Reference
● Supplemental Terms of Use for Microsoft Azure Previews
Question 208
Question
What is guaranteed in an Azure Service Level Agreement (SLA) for virtual machines?
A. uptime
B. feature availability
C. bandwidth
D. performance
Answer
A.
Explanation
The SLA for virtual machines guarantees ‘uptime’. The amount of uptime guaranteed depends
on factors such as whether the VMs are in an availability set or availability zone if there is more
than one VM, the distribution of the VMs if there is more than one or the disk type if it is a
single VM.
The SLA for Virtual Machines states:
● For all Virtual Machines that have two or more instances deployed across two or
more Availability Zones in the same Azure region, we guarantee you will have
Virtual Machine Connectivity to at least one instance at least 99.99% of the time.
● For all Virtual Machines that have two or more instances deployed in the same
Availability Set or in the same Dedicated Host Group, we guarantee you will have
Virtual Machine Connectivity to at least one instance at least 99.95% of the time.
● For any Single Instance Virtual Machine using Premium SSD or Ultra Disk for all
Operating System Disks and Data Disks, we guarantee you will have Virtual
Machine Connectivity of at least 99.9%.
Reference
● SLA summary for Azure services
● SLA for Virtual Machines
Question 209
Instruction
Question
An Azure service is available to all Azure customers when it is in <box 1>
● public preview.
● private preview.
● development.
● an Enterprise Agreement (EA) subscription.
Answer
public preview.
Explanation
Incorrect Answers:
● Services in private preview are available only to selected people who has signed up to the
private preview program.
● Services in development are not available to the public.
● Services provided under an Enterprise Agreement (EA) subscription are available only
to the subscription owner.
Reference
● Several more Azure services now available in private, public preview
Question 210
Question
Your company plans to purchase an Azure subscription.
The company’s support policy states that the Azure environment must provide an option to
access support engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Basic support plan.
A. Yes
B. No
Answer
B.
Explanation
The Basic support plan does not have any technical support for engineers.
Access to Support Engineers via email or phone is available in the following support plans:
Premier, Professional Direct and standard.
Reference
Question 211
Question
Solution: Recommend a Standard support plan.
A. Yes
B. No
Answer
A.
Explanation
The Standard, Professional Direct, and Premier support plans have technical support for
engineers via email and phone.
Reference
Question 212
Question
Solution: Recommend a Premier support plan.
A. Yes
B. No
Answer
A.
Explanation
Reference
Question 213
Question
Your company plans to request an architectural review of an Azure environment from Microsoft.
The company currently has a Basic support plan.
You need to recommend a new support plan for the company. The solution must minimize costs.
Which support plan should you recommend?
A. Premier
B. Developer
C. Professional Direct
D. Standard
Answer
A.
Explanation
The Premier support plan provides customer specific architectural support such as design
reviews, performance tuning, configuration and implementation assistance delivered by
Microsoft Azure technical specialists.
Reference
Question 214
Instruction
Question
1. Most Azure services are included in private preview before being introduced in public
preview, and then in general availability.
2. Azure services in public preview can be managed only by using the Azure CLI.
3. The cost of an Azure service in private preview decreases when the service
becomes generally available.
Answer
1. Yes.
2. No.
3. No.
Explanation
<box 1>: Yes
Most services go to private preview then public preview before being released to general
availability.
The private preview is only available to certain Azure customers for evaluation purposes. The
public preview is available to all Azure customers.
<box 2>: No
Azure services in public preview can be managed using the regular management tools: Azure
Portal, Azure CLI and PowerShell.
<box 3>: No
Services in private or public preview are usually offered at reduced costs. However, the costs
increase, not decrease when the services are released to general availability.
Question 215
Question
What is required to use Azure Cost Management?
A. a Dev/Test subscription
B. Software Assurance
C. an Enterprise Agreement (EA)
D. a pay-as-you-go subscription
Answer
C.
Explanation
Azure customers with an Azure Enterprise Agreement (EA), Microsoft Customer Agreement
(MCA), or Microsoft Partner Agreement (MPA) can use Azure Cost Management.
Cost management is the process of effectively planning and controlling costs involved in your
business. Cost management tasks are normally performed by finance, management, and app
teams. Azure Cost Management + Billing helps organizations plan with cost in mind. It also
helps to analyze costs effectively and take action to optimize cloud spending.
Reference
● What is Azure Cost Management + Billing? (5 minutes to read)
Question 216
Instruction
Question
Your Azure trial account expired last week. You are now unable to <box 1>
● create additional Azure Active Directory (Azure AD) user accounts.

● start an existing Azure virtual machine.
● access your data stored in Azure.
● access the Azure portal.
Answer
start an existing Azure virtual machine.
Explanation
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM
mounts the VM on a host server before the VM starts. As soon as the VM is mounted, it becomes
chargeable. For this reason, you are unable to start a VM after a trial has expired.
Incorrect Answers:
● You are not charged for Azure Active Directory user accounts so you can continue to
create accounts.
● You can access data that is already stored in Azure.
● You can access the Azure Portal. You can also reactivate and upgrade the expired
subscription in the portal.
Question 217
Question
Solution: Recommend a Professional Direct support plan.
A. Yes
B. No
Answer
A.
Explanation
The Basic support plan does not have any technical support for engineers.
The Developer support plan has only technical support for engineers via email.
Reference
Question 218
Question
Your company has a Software Assurance agreement that includes Microsoft SQL Server
licenses.
You plan to deploy SQL Server on Azure virtual machines.
What should you do to minimize licensing costs for the deployment?

A. Deallocate the virtual machines during off hours.
B. Use Azure Hybrid Benefit.
C. Configure Azure Cost Management budgets.
D. Use Azure reservations.
Answer
B.
Explanation
Azure Hybrid Benefit is a licensing benefit that helps you to significantly reduce the costs of
running your workloads in the cloud. It works by letting you use your on-premises Software
Assurance-enabled Windows Server and SQL Server licenses on Azure.
Reference
● Azure Hybrid Benefit
Question 219
Question
Your company has 10 departments.
The company plans to implement an Azure environment.
You need to ensure that each department can use a different payment option for the
Azure services it consumes.
What should you create for each department?
A. a reservation
B. a subscription
C. a resource group
D. a container instance
Answer
B.
Explanation
There are different payment options in Azure including pay-as-you-go (PAYG), Enterprise
Agreement (EA), and Microsoft Customer Agreement (MCA) accounts.
Your Azure costs are ‘per subscription’. You are charged monthly for all resources in a
subscription. Therefore, to use different payment options per department, you will need to create
a separate subscription per department. You can create multiple subscriptions in a single Azure
Active Directory tenant.
Incorrect Answers:
A: A reservation is where you commit to a resource (for example a virtual machine) for one or
three years. This gives you a discounted price on the resource for the reservation period.
Reservations do not provide a way to use different payment options per department.
C: A resource group is a logical container for Azure resources. You can view the total cost of all
the resources in a resource group. However, resource groups do not provide a way to use
different payment options per department.
D: A container instance is an Azure resource used to run an application. Container instances do

not provide a way to use different payment options per department.
Reference
Question 220
Instruction
Question
1. An Azure free account has a spending limit.

2. An Azure free account has a limit of 2 TB of data that can be uploaded to Azure.
3. An Azure free account can contain an unlimited number of web apps.
Answer
1. Yes.
2. No.
3. No.
Explanation
<box 1>: Yes
An Azure free account has a spending limit. This is currently 200 USD or 150 GBP.
<box 2>: No
Azure free account has a 5 GB blob storage limit and a 5 GB file storage limit.
<box 3>: No
Azure free account has a limit of 10 web, mobile or API apps
Reference
● Build in the cloud with an Azure free account
● Azure free account FAQ
● Avoid charges with your Azure free account (2 minutes to read)
Question 221
Instruction
Question
1. An Azure service in private preview is released to all Azure customers.
2. An Azure service in public preview is released to all Azure customers.
3. An Azure service in general availability is released to a subset of Azure customers.
Answer
1. No.
2. Yes.
3. No.
Explanation
<box 1>: No
Most services go to private preview then public preview before being released to general
availability. The private preview is only available to certain Azure customers for evaluation
purposes.
<box 2>: Yes
<box 3>: No
An Azure service in general availability is available to all Azure customers, not just a subset of
the customers.
Question 222
Instruction
Question
1. With a consumption-based plan, you pay a fixed rate for all data sent to or from virtual
machines hosted in the cloud.
2. With a consumption-based plan, you reduce overall costs by paying only for extra
capacity when it is required.
3. Serverless computing is an example of a consumption-based plan.
Answer
1. No.
2. Yes.
3. Yes.
Question 223
Instruction
Question
1. The cost of Azure resources can vary between regions.
2. An Azure reservation is used to reserve server capacity at a specific data center.
3. You can stop an Azure SQL Database instance to decrease costs.
Answer
1. Yes.
2. Yes.
3. No.
Question 224
Instruction
Question
You have an application that is comprised of an Azure web app that has a Service Level
Agreement (SLA) of 99.95 percent and an Azure SQL database that has an SLA of 99.99
percent.
The composite SLA for the application is <box 1>

● the product of both SLAs, which equals 99.94 percent.

● the lowest SLA associated to the application, which is 99.95 percent.
● the highest SLA associated to the application, which is 99.99 percent.
● the difference between the two SLAs, which is 0.05 percent.
Answer
the product of both SLAs, which equals 99.94 percent.
Explanation
Composite SLAs involve multiple services supporting an application, each with differing levels
of availability. For example, consider an App Service web app that writes to Azure SQL
Database. At the time of this writing, these Azure services have the following SLAs:
● App Service web apps = 99.95%

● SQL Database = 99.99%
What is the maximum downtime you would expect for this application? If either service fails, the
whole application fails. The probability of each service failing is independent, so the composite
SLA for this application is 99.95% × 99.99% = 99.94%. That’s lower than the individual SLAs,
which isn’t surprising because an application that relies on multiple services has more potential
failure points.
Reference
● Using business metrics to design resilient Azure applications (6 minutes to read)
Question 225
Instruction
Question
1. The Service Level Agreement (SLA) guaranteed uptime for paid Azure services is
at least 99.9 percent.
2. Companies can increase the Service Level Agreement (SLA) guaranteed uptime
by adding Azure resources to multiple regions.
3. Companies can increase the Service Level Agreement (SLA) guaranteed uptime by
purchasing multiple subscriptions.
Answer
1. Yes.
2. Yes.
3. No.
Explanation
<box 1>: Yes
SLA’s vary based on the resource type and the location distribution of the resource. However,
the minimum uptime for all Azure services is 99.9 percent.
<box 2>: Yes
The SLA guaranteed uptime is increased (usually to 99.95 percent) when resources are deployed
across multiple regions.
<box 3>: No
The number of subscriptions is unrelated to uptime SLA’s. You can deploy resources to multiple
regions under a single subscription or you can have multiple subscriptions with resources
deployed to the same region.
Reference
● SLA summary for Azure services
Question 226
Question
Which statement accurately describes the Modern Lifecycle Policy for Azure services?
A. Microsoft provides mainstream support for a service for five years.
B. Microsoft provides a minimum of 12 months’ notice before ending support for a service.
C. After a service is made generally available, Microsoft provides support for the service for
a minimum of four years.
D. When a service is retired, you can purchase extended support for the service for up to
five years.
Answer
B.
Explanation
For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12
months’ notification prior to ending support if no successor product or service is offered —
excluding free services or preview releases.
Reference
● Modern Lifecycle Policy (2 minutes to read)
Question 227
Question
You need to request that Microsoft increase a subscription quota limit for your company.
Which blade should you use from the Azure portal?

Answer
Explanation
Request a standard quota increase from Help + support
Reference
● Standard quota: Increase limits by VM series (3 minutes to read)
Question 228
Instruction
Question
You can use <box 1> in Azure to send email alerts when the cost of the current billing period
for an Azure subscription exceeds a specified limit.
● Advisor recommendations
● Access control (IAM)
● Budget alerts
● Compliance
Answer
Budget alerts
Explanation
Budget alerts notify you when spending, based on usage or cost, reaches or exceeds the
amount defined in the alert condition of the budget. Cost Management budgets are created
using the Azure portal or the Azure Consumption API.
Reference
● Use cost alerts to monitor usage and spending (3 minutes to read)
Question 229
Instruction
Question
1. From the Azure portal, you can distinguish between services that are generally
available and services that are in public preview.
2. After an Azure service becomes generally available, the service is no longer updated with
new features.
3. When you create Azure resources for a service in public preview, you must recreate the
resources once the service becomes generally available.
Answer
1. Yes.
2. No.
3. No.
Reference
● Supplemental Terms of Use for Microsoft Azure Previews
Question 230
Instruction
Question
1. When using an Azure ExpressRoute connection, inbound data traffic from an on-
premises network to Azure is always free.
2. Outbound data traffic from Azure to an on-premises network is always free.
3. Data traffic between Azure services within the same Azure region is always free.
Answer
1. Yes.
2. No.
3. Yes.
Explanation
<box 1>: Yes
With Azure ExpressRoute, all inbound data transfer is free of charge.
<box 2>: No
Inbound data traffic is free but outbound data traffic is not.
<box 3>: Yes
Reference
● Azure ExpressRoute pricing
https://royseto.medium.com/microsoft-azure-az-900-practice-questions-part-1-of-10-a1ff6d7595e8
https://royseto.medium.com/microsoft-azure-az-900-practice-questions-part-2-of-12-55a9a38e950a
https://royseto.medium.com/microsoft-azure-az-900-practice-questions-part-3-of-12-859880fe5c10
https://royseto.medium.com/az-900-exam-questions-4-12-b4966781c2ff
https://royseto.medium.com/az-900-exam-questions-5-12-9c20e96b7240
https://royseto.medium.com/az-900-exam-questions-6-12-83893f491d48
https://royseto.medium.com/az-900-exam-questions-7-12-f97a191129a6
https://royseto.medium.com/az-900-exam-questions-8-12-78a55b755c3a
https://royseto.medium.com/az-900-exam-questions-9-12-86a94def891b
https://royseto.medium.com/az-900-exam-questions-10-12-c5353245c01f
https://royseto.medium.com/az-900-exam-questions-11-12-ee341fac502b
https://royseto.medium.com/az-900-exam-questions-12-12-b1c19b910fab

Azure-900 MCQ Dumps

Uploaded by

Copyright:

Available Formats

Azure-900 MCQ Dumps

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Azure-900 MCQ Dumps

Uploaded by

Copyright:

Available Formats

What are the different types of cloud services provided by Azure?

What are the different types of cloud services provided by Azure?

Describe the difference between PaaS and IaaS in Azure.

Describe the difference between PaaS and IaaS in Azure.

Join for our main channel - https://t.

AZ-900: Exam Questions (1-230)

For each of the following statements, select Yes if the statement is

1. A platform as a service (PaaS) solution that hosts web apps in

2. A platform as a service (PaaS) solution that hosts web apps

3. A platform as a service (PaaS) solution that hosts web apps

Section: Describe Cloud Concepts

<box 2>: Yes

<box 3>: Yes

PaaS provides a framework that developers can build upon to develop

For each of the following statements, select Yes if the statement is

1. Azure provides flexibility between capital

3. When an Azure virtual machine is stopped, you continue

Section: Describe Cloud Concepts

<box 1>: Yes

Traditionally, IT expenses have been considered a Capital

<box 3>: Yes

● CapEx Vs OpEx: Cloud Computing

To complete the sentence, select the appropriate option in the answer

When you are implementing a Software as a Service (SaaS) solution,

Answer Area for <box 1> :

● configuring high availability.

● defining scalability rules.

● installing the SaaS solution.

● configuring the SaaS solution.

configuring the SaaS solution.

Section: Describe Cloud Concepts

Everything else is managed by the cloud provider.

SaaS requires the least amount of management. The cloud provider is

Software as a service (SaaS) allows users to connect to and use cloud-

SaaS provides a complete software solution which you purchase on a

● Discuss Azure fundamental concepts (24 minutes to read)

You have an on-premises network that contains several servers.

You plan to migrate all the servers to Azure.

You need to recommend a solution to ensure that some of the servers

What should you include in the recommendation?

Section: Describe Cloud Concepts

Fault tolerance is the ability of a system to continue to function in the

With Availability Zones, Azure offers industry best 99.99% VM uptime

● Availability options for Azure Virtual Machines (3 minutes

To complete the sentence, select the appropriate option in the answer

An organization that hosts its infrastructure <box 1> no longer

Answer Area for <box 1> :

● in the public cloud

in the public cloud

Section: Describe Cloud Concepts

A private cloud is hosted in your datacenter. Therefore, you cannot

A public cloud is hosted externally, for example, in Microsoft Azure.

Microsoft Azure is an example of a public cloud provider.

In a private cloud, you create a cloud environment in your own

● Discuss Azure fundamental concepts (24 minutes to read)

What are two characteristics of the public cloud?

Section: Describe Cloud Concepts

A: You don’t have dedicated hardware. The underlying hardware is

B: Connections to the public cloud are secure.