The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 391
You have 50 virtual machines hosted on-premises and 50 virtual machines hosted in Azure. The on-premises virtual machines and the Azure virtual machines connect to each other.
Which type of cloud model is this?
*A. hybrid
B. private
C. public
Question 392
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to migrate all its data and resources to Azure.
The company’s migration plan states that only Platform as a Service (PaaS) solutions must be used in Azure.
You need to deploy an Azure environment that meets the company migration plan.
Solution: You create Azure virtual machines, Azure SQL databases, and Azure Storage accounts.
Does this meet the goal?
A. Yes
*B. No
Explanation
Platform as a service (PaaS) is a complete development and deployment environment in the cloud. PaaS includes infrastructure “servers, storage, and networking” but also middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS is designed to support the complete web application lifecycle: building, testing, deploying, managing, and updating.
However, virtual machines are examples of Infrastructure as a service (IaaS). IaaS is an instant computing infrastructure, provisioned and managed over the internet.
Question 393
Azure Cosmos DB is an example of a __________ offering.
*A. platform as a service (PaaS)
B. infrastructure as a service (IaaS)
C. serverless
D. software as a service (SaaS)
Explanation
Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.
Question 394
The Nutex Corporation wants to implement Azure locks to prevent administrators from accidentally deleting subscriptions and resources.
Which of the following statements about Azure locks are TRUE? (Choose two.)
A. A CanNotModify lock prevents a user from modifying a resource, but the user is able to delete the resource.
B. Applying an Azure lock to an Azure database permits changes but not operations on the resource.
*C. Applying an Azure lock to a parent scope enforces the lock on the resources within the scope.
D. A user with the appropriate permissions to modify or delete a resource can override an Azure lock and modify or delete a resource.
*E. Only Owner and User Access Administrator roles are granted permissions to create or delete Azure locks.
Explanation
The following statements are true:
- Only Owner and User Access Administrator roles are granted permissions to create or delete Azure locks. These are the only roles which have access to
Microsoft.Authorization/*andMicrosoft.Authorization/locks/*actions by which locks can be created and deleted. - Applying an Azure lock to a parent scope enforces the lock on the resources within the scope. When you apply a lock to a parent scope, all resources within that scope inherit the same lock, even if they are added after the lock was applied. The most restrictive lock in the inheritance takes precedence.
Azure locks apply only to operations that occur in the management plane. Resource operations are not restricted; only resource changes are restricted. For example, a ReadOnly lock on an SQL Database does not prevent users from creating, updating, or deleting data in the database. It only prevents them from deleting or modifying the database.
Even if a user has all the permissions allowed in Azure, they cannot bypass or override the Azure locks. Azure locks are not bound to RBAC permissions.
CanNotModify is not a valid type of Azure lock. There are two types of Azure locks, ReadOnly and CanNotDelete. ReadOnly locks make the resource read-only, no changes can be made to the resource, and it cannot be deleted. CanNotDelete locks prevent a resource from being deleted, although it can be modified.
Question 395
Your company has an Active Directory infrastructure with six forests, named metroil.com, nutex.com, verigon.com, dreamsuites.com, cdpress.com, and virtuart.com. Metroil.com has two child domains, north.metroil.com and south.metroil.com. Nutex.com has two child domains, north.nutex.com and south.nutex.com. No other forests have child domains.
There is a forest trust between metroil.com and nutex.com. This is the only forest trust in your AD infrastructure. You plan to prepare your Azure AD custom domains.
You want to ensure that all users from all forests can use Office 365 with single sign-on (SSO). What is the minimum number of verified custom domains you have to add in Azure for your AD infrastructure?
A. 10
*B. 5
C. 2
D. 1
Explanation
You will need at least five Azure AD domains. You need one Azure AD domain for metroil.com and nutex.com, because you have a forest trust between these two forests. If you want to deliver SSO to all users of both forests, a Kerberos trust between both forests has to exist to make SSO possible for a user from forest metroil.com to access Office 365 through nutex.com and a user from nutex.com to access Office 365 through metroil.com.
If you use metroil.com as Azure AD domain name in Office 365, you can create an additional UPN suffix in nutex.com named metroil.com, and you can change the user account suffix on the nutex.com user accounts to @metroil.com. This is needed in order for them to sign-in to Office 365 through SSO.
Because there is no forest trust between the other forests, you have to create one additional Azure AD custom domain for every forest, like verigon.com, dreamsuites.com, cdpress.com, virtuart.com. You have to be the owner of all these public domain names, before you can add them in Office 365 Azure AD.
All other answers are incorrect. You will need more than two domains. You do not need 10 domains. The subdomains north.nutex.com, south.nutex.com, north.metroil.com, and south.metroil.com do not need to have a separate custom domain for each subdomain.
Question 396
Your company plans to deploy a web application but does not want to install an operating system or web server, nor manage system updates for the web server.
Which type of cloud service should the company implement?
A. FaaS
B. IaaS
C. SaaS
*D. PaaS
Explanation
You would choose Platform as a service (PaaS). PaaS provides a company with an environment for developing, running, debugging, testing, patching, and deploying software applications. PaaS allows you to quickly create an application without having to worry about managing the underlying infrastructure. PaaS eliminates the need to install an operating system, web server, server patches, or other infrastructure to create applications. PaaS creates a complete deployment environment in the cloud that has tools to deliver simple cloud-based apps or sophisticated cloud-enabled enterprise applications. The tools and resources are purchased from the service provider on a pay-as-you-go basis.
You would not choose Infrastructure as a service (IaaS). IaaS is a category of cloud computing services that is used by many cloud providers. With IaaS, you pay for resources such as servers, virtual machines (VMs), storage, networks, and operating systems from a cloud provider on a pay-as-you-go basis. These resources are provisioned and managed over the Internet.
You would not choose Software as a service (SaaS). SaaS is software that is hosted in the cloud and managed by the cloud provider for the customer. The customer can configure the software according to their needs. SaaS allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendars, and office tools. SaaS is typically licensed through a monthly or annual subscription. Microsoft Office 365 is an example of SaaS software.
You would not choose Function as a service (FaaS). This type of service uses a service-hosted remote procedure call. It uses serverless computing in the cloud to enable deployment of the functions that run-in response to events that occur in the cloud.
Question 397
You work as part of the Product Analysis team at the Nutex Corporation. You have been asked to obtain a report of the profitability of products by the costs incurred to serve data to the products.
Which of the following statements about costs for ingress and egress data in Azure are TRUE? (Select all that apply.)
*A. For site-to-site and point-to-site VPN connections, the first 5 GB of data transfer are exempt from monthly charges for egress data.
B. Both ingress and egress data charges apply for a metered Azure ExpressRoute plan.
*C. Ingress to Azure datacenters from on-premises environments is not charged.
*D. Both ingress and egress data charges apply for VNet peering.
*E. Different ingress and egress data charges apply for VNet peering between the same Azure region and different Azure regions.
Explanation
The following statements are true:
- For site-to-site and point-to-site VPN connections, the monthly charges for egress data are not applicable to the first 5 GB of data transfer.
- Ingress to Azure datacenters from on-premises environments is not charged.
- Different ingress and egress data charges apply for VNet peering between the same Azure region and different Azure regions.
- Both ingress and egress data charges apply for VNet peering.
Data egress for site-to-site and point-to-site connections are charged at regular data transfer rates. The first 5 GB per month is free, and any data transfer beyond that is charged based on the following usage: 5GB-10TB @ $0.087/GB, 10-50TB @ $0.083/GB, and 50-150TB @ $0.07/GB (USD, as of this writing).
It is not true that both ingress and egress data charges apply for a metered Azure ExpressRoute plan. The two types of billing plans associated with ExpressRoute are:
- Metered plans – Customers are charged for outbound data transfer based on Azure datacenter regions grouped as zones, but inbound data transfer is free.
- Unlimited plans – Customers pay a flat fee based on the selected port speed, and both inbound and outbound data transfers are free.
Question 398
Your company has the need to keep services up and running, with very little downtime, depending on the service. Which cloud feature is needed in this scenario?
A. Fault tolerance
B. Economy of scale
C. Scalability
*D. High availability
E. Agility
F. Elasticity
G. Disaster recovery
Explanation
You would choose high availability. This feature allows services to run for extended periods, with very little downtime, depending on the service.
You would not choose scalability. This feature can increase (scale-up) or decrease (scale-down) resources that are assigned to a workload. As demand increases, you can add additional resources or capabilities to manage the increase in demand (known as scaling up). Scalability does not have to be done automatically.
You would not choose elasticity. This feature increases or decreases resources as needed, but unlike scalability, elasticity is done automatically. Elastic resources are based on the current needs and resources are added or removed dynamically to meet those needs, from the most advantageous geographic location. A distinction between scalability and elasticity is that elasticity is done automatically.
You would not choose agility. Agility is the ability to react quickly. Cloud services can allocate and deallocate resources quickly. These are on-demand services that are provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services. Agility does not allow you to have high availability or redundancy.
You would not choose fault tolerance. Fault tolerance is the ability to remain up and running in the event of a component or service that is no longer functioning. Typically, redundancy is built into cloud services architecture so that if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.
You would not choose disaster recovery. This feature allows you to recover from a cloud service outage caused by an event. Cloud services disaster recovery can happen very quickly with automation, with resources being readily available for use.
You would not choose economy of scale. The concept of economy of scale is the ability to do business cheaper and more efficiently when operating on a larger scale, in comparison to operating on a smaller scale.
Question 399
The worldwide growth of Verigon Corporation has more than doubled its Azure subscriptions and resource usage. The increased complexity has made it difficult to forecast departmental expenses. Verigon needs a more granular method to track individual Azure resource usage costs by department.
What do you suggest as the first cost management step to obtain this information?
A. Create a resource group for each department.
B. Under Cost Management in the Azure Portal, choose Cost Analysis.
C. Under Cost Management in the Azure Portal, create a monthly budget for each department.
*D. Use the Azure portal to apply a tag to each resource.
E. Create a management group for each department.
Explanation
Verigon needs to first tag each resource so it can be associated with the appropriate project and/or department. Tags are name/value pairs that enable you to categorize resources and view consolidated billing by applying the same tag to multiple resources and resource groups. Tags can be applied via the portal, the Azure (CLI) command-line interface, or the Powershell New-AzTag cmdlet. The Tag Contributor role, or higher, is needed for access.
Creating a budget under Cost Management would be a good way to monitor subscription usage and costs. However, resources must be tagged as the first step in correlating the data in cost reporting.
A resource group is a container that holds related resources for an Azure solution. It is not designed for cost tracking or management. However, a tag can be assigned to a resource group.
A management group is a container used for more efficient control subscriptions. That is not the focus of this scenario.
Choosing Cost Management, Cost Analysis would be a good way to monitor subscription usage and costs. However, resources must be tagged as the first step in correlating the data in cost reporting.
Question 400
The Nutex Corporation has begun migrating resources to Azure. The corporation has systems that must continue working and whose communication should be a direct connection from an on-premises datacenter to the Microsoft cloud.
Encryption of connectivity is not necessary.
Which solution should be used?
*A. Azure ExpressRoute
B. Azure Traffic Manager
C. Application Gateway
D. Azure Load Balancer
Explanation
You would choose Azure Express Route because it is the service that enables secure direct connection to Azure. The traffic will not traverse the Internet and will have high bandwidth. It is an ideal solution for migrating resources to Azure.
You would not choose Azure Load Balancer or Application Gateway because they are load balancers in Azure.
You would not choose Azure Traffic Manager because it enables the distribution of traffic across application endpoints. Still, the traffic is not direct to or from on-premises to Azure, it traverses through the public Internet.