The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 401
You are migrating a custom web application to Azure. You are responsible for managing the application tools and scaling the infrastructure beneath your application. You want to use Azure App Services to get a granular insight of performance monitoring.
What should you include in the recommendation?
A. Software as a service (SaaS)
*B. Platform as a service (PaaS)
C. Infrastructure as a service (IaaS)
D. Database as a service (DBaaS)
Explanation
You should choose Platform as a service (PaaS). PaaS creates a development environment that includes the operating systems and application services. A company can use PaaS as a development environment for a given application without having to maintain the deployment platform. With Azure, you can use App Service to get tools such as Application Insights to get a granular insight of performance monitoring.
Software as a service (SaaS) allows fully functional applications provided by a third party. Typically, the software is available via subscription or pay-as-you-go. In this scenario, you are not placing the responsibility of changing or updating the application onto someone else, you are placing only the responsibility of managing the application infrastructure and scaling the infrastructure onto someone else.
Infrastructure as a service (IaaS) allows you to have pay-as-you-go services for storage, networking, and virtualization, but not application tools.
Database as a service (DBaaS) allows you to have access to a database without the need for installing software or physical hardware. The scenario has to do with migrating an application, not a database.
Question 402
Your company needs to protect their application and data from datacenter failures. The company plans to move to Azure. You want to ensure that applications and data are stored in availability zones.
Which of the following statements best describes availability zones?
A. A discrete market typically containing two or more regions that preserves data residency and compliance boundaries
B. A geographical area containing at least one, but potentially multiple, datacenters that are in close proximity and networked together with a low-latency network
C. A way for you to ensure your application remains online if a high-impact maintenance event is required or a hardware failure occurs
*D. Physically separate locations within an Azure region
Explanation
Availability zones are physically separate locations within an Azure region. Each availability zone has one or more datacenters. Each datacenter is equipped with independent power, cooling, and networking. Availability zones protect your applications and data from datacenter failures.
An availability zone is not a discrete market typically containing two or more regions that preserves data residency and compliance boundaries. That describes a geography. A geography is a unique market that contains two or more regions that stores data in the regions according to the compliance boundaries of the regions.
An availability zone is not a geographical area containing at least one, but potentially multiple, datacenters that are in close proximity and networked together with a low-latency network. That describes a region. A region is a geographical area containing one or more datacenters networked together with a low-latency network and are in close proximity.
An availability zone is not a way for you to ensure that your application remains online if a high-impact maintenance event is required, or a hardware failure occurs. That can be done with an availability set. Availability sets logically group resources so that Azure can ensure that VM resources are isolated from each other when they are in an Azure datacenter. Availability sets allow your application to remain online if a hardware failure occurs or a maintenance event is required.
Question 403
The IT team at the Nutex Corporation is planning to use the Azure VPN Gateway to encrypt communication between the Azure cloud network and the on-premises networks. You are the security analyst who must recommend an effective solution to achieve this.
Which of the following statements about the Azure VPN Gateway are TRUE? (Choose four)
*A. Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
B. A policy-based VPN gateway can be modified to a route-based VPN Gateway and vice versa.
*C. Azure VPN Gateways support 16-bit ASNs.
D. BGP can be used with policy-based and route-based VPN Gateways.
*E. User-defined routes must be configured in the virtual network to ensure that traffic is routed properly between the on-premises networks and the virtual network subnets.
*F. Azure generates different IPsec/IKE pre-shared keys for different VPN connections created for the same virtual network.
G. A VPN gateway can be assigned a static IP address provided by Microsoft Azure support.
Explanation
The following statements are true:
- Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
- After you set up your own VPN gateways or servers, you must configure user-defined routes in the virtual network to ensure that traffic is routed properly between the on-premises networks and the virtual network subnets.
- Azure generates different IPsec/IKE pre-shared keys for different VPN connections created for the same virtual network. This is done by default. However, you can use PowerShell cmdlets or the Set VPN Gateway Key REST API to configure a custom key value. The key must be in ASCII.
- Azure VPN gateways support 16-bit ASNs.
An autonomous system (AS) is a set of Internet Protocol (IP) routing prefixes that are connected on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet. A unique autonomous system number (ASN) is allocated to each AS for use in BGP routing. An ASN uniquely identifies each network on the Internet.
A policy-based VPN gateway type cannot be modified to a route-based or vice versa. The original gateway must be deleted, and the intended gateway must be created. This process could take around 60 minutes. The IP address of the original gateway and the pre-shared key (PSK) will not be deleted when the original gateway is deleted.
Policy-based VPNs send encrypted packets through IPsec tunnels based on the IPsec policies configured with the combinations of address prefixes between your on-premises network and the Azure VNet. Route-based VPNs use “routes” in the IP forwarding or routing table to direct packets into their corresponding tunnel interfaces.
Although the Azure VPN gateway parameter reads “Public IP address”, this public IP address is assigned dynamically by Azure to gateways when the gateway is created. It is not static. When Azure assigns an IP address, a public IP address object gets associated to the gateway.
You cannot request a static IP address from Microsoft. The dynamic IP address, assigned to a gateway, will change only if the gateway is deleted and re-created. The public IP address does not change across resizing, resetting, or other internal maintenance/upgrades of your gateway.
Border Gateway Protocol (BGP) cannot be used with both policy-based and route-based VPN gateways. BGP can only be used with route-based VPN gateways.
Question 404
You work as part of the Product Deployment team at the Nutex Corporation. You have a series of products to deploy on Azure. These products are targeted at audiences in different geographies. You need to understand the impact of deploying products by their geography.
Which of the following statements concerning pricing by geographies for Azure are TRUE? (Select all that apply.)
A. All Azure products are available in all Azure regions.
*B. A region in Azure is a set of geographies that preserves data residency and compliance boundaries.
C. Azure services are charged the same across all geographies.
*D. Azure Australia has two featured Azure Australia Central regions.
Explanation
The following statements are true:
- A region in Azure is a set of geographies that preserves data residency and compliance boundaries.
- Azure Australia has two featured Azure Australia Central regions.
A region consists of datacenters connected through a regional low-latency network and deployed within a latency-defined perimeter. Azure regions are organized into geographies typically containing two or more regions, which preserve data residency and compliance boundaries.
The two Azure Australia Central regions (Australia Central and Australia Central 2) are designed for the Australian and New Zealand governments, and critical infrastructure organizations and their suppliers. Services in the Azure Australia Central regions can be purchased in the same way as any other Azure service.
Azure services are not charged the same across all geographies. Azure charges customers based on the geographical locations in which the apps and services are deployed. Prices vary by the regions that define the geographical locations.
Azure products are available by regions; some products are not available in some regions.
Question 405
As Metroil Corporation has grown, the increasing number of Azure subscriptions has added worldwide complexity to management needs.
Metroil needs to implement select regional policies for resource control. What is a good first step for reaching this goal?
A. Assign the co-administrator role to each regional manager.
B. Create a root management group.
C. Create a regional policy by launching the Azure Policy service in the portal.
D. Create a regional manager group and assign the co-administrator role to it.
*E. Add a management group in the Azure Portal.
Explanation
The policy will need to be assigned to a management group, so the group must exist first.
The scenario does not indicate an explicit need to create a regional manager group and assign the co-administrator role to it.
The focus is not on managing subscriptions but on a hierarchical way to implement policies.
A root management group will be created at the top of the hierarchy, but it is automatically created by the portal when triggered by the addition of the first management group is added by a user.
Metroil will need to create a regional policy by launching the Azure Policy service in the portal, but it will not be the first step.
The scenario does not indicate an explicit need to assign the co-administrator role to each regional manager. The focus is not on managing subscriptions but on a hierarchical way to implement policies.
The first step will be to add a management group in the Azure Portal. Management groups are containers that hold subscriptions. The subscriptions in a management group inherit the policies and conditions applied to the group. The top group is known as the root management group (“Tenant root group” is the display name) and is created automatically when the first management group is created by a user.
Question 406
You have an application that needs to persist data in a container. The container needs to run on several VMs with access to the same files.
An associate suggests that you use a bind mount.
Does this solution meet your needs?
A. Yes
*B. No
Explanation
A bind mount will not work. You should use a named volume or a SMB volume instead.
A bind mount allows you to have a place to store files on the local machine if you need to share the files with multiple containers or if you need to restart the container.
A SMB mount or named volume can have the container run on several VMs with access to the same files.
Question 407
You need to delete a resource group. Which statements are true? (Choose two.)
A. All resources in the resource group are deleted except for child resources.
*B. When the managedBy property is set on a resource, the managing resource is deleted before the resource it manages.
C. Resources are always deleted in chronological order, from newest to oldest.
D. You can reverse a resource group deletion.
E. When the managedBy property is set on a resource, the resource being managed is deleted before the managing resource.
*F. When a delete operation returns an error, Resource Manager retries the DELETE call.
Explanation
When you delete a resource group, Resource Manager uses specific criteria to determine the order in which the resources are deleted:
- All nested (child) resources are deleted first.
- All resources that manage other resources, as indicated by the managedBy property set on the managed resource, are deleted next.
- The remaining resources are deleted last, but not in chronological order from newest to oldest.
Resource Manager continues to retry the DELETE call every 15 minutes when a delete operation returns an error with a 408, 428, and 5xx status.
All the child resources are deleted when a resource group is deleted.
A resource group deletion is final and not reversible.
Question 408
You have designed a specific infrastructure in Azure with many virtual machines and virtual networks. You need to create the same configuration for the remaining three environments in the company. You have to be sure that your deployments are consistent.
What will you choose to accomplish this?
A. Custom scripts
*B. Azure Resource Manager (ARM) templates
C. Chef
D. Desired State Configuration
Explanation
You would choose Azure Resource Manager (ARM) templates. With ARM templates and their JSON templates, you can make sure that your deployments are consistent.
You would not choose the Desired State Configuration because it helps you define a state for your machines instead of writing detailed manual instructions on how to achieve that state for each machine.
You would not choose custom scripts because those are used for post-deployment configuration, software installation, or any other configuration or management task.
You would not choose Chef because it is a tool for delivering automation and desired state configurations.
Question 409
Match the descriptions on the left with the cloud deployments on the right.
Descriptions:
- Allows organizations to deploy virtual machines, servers, and storage in a cloud
- Allows organizations to run applications in a cloud
- Allows organizations to deploy Web servers, databases, and development tools in a cloud
Cloud Deployments:
- Platform as a Service
- Software as a Service
- Infrastructure as a Service
Answer:
Platform as a Service: Allows organizations to deploy Web servers, databases, and development tools in a cloud
Software as a Service: Allows organizations to run applications in a cloud
Infrastructure as a Service: Allows organizations to deploy virtual machines, servers, and storage in a cloud
Explanation
The cloud deployments should be matched with the descriptions in the following manner:
- Platform as a Service (PaaS) – Allows organizations to deploy Web servers, databases, and development tools in a cloud
- Software as a Service (SaaS) – Allows organizations to run applications in a cloud
- Infrastructure as a Service (IaaS) – Allows organizations to deploy virtual machines, servers, and storage in a cloud
Question 410
You are part of the IT team at the Nutex Corporation. Your management has triggered an initiative to reduce the costs with Azure resources.
You need to reduce storage costs for blob data. You propose using Azure Hybrid Benefit.
Which of the following are true regarding Azure Hybrid Benefit? Choose two.
A. End-of-support software versions are not eligible
*B. Eligible licenses are SQL Server, and Windows Server with active Software Assurance
C. Allows you to use Azure cloud licenses with on-premises servers.
D. Eligible licenses are SQL Server, Exchange Server, and Windows Server with active Software Assurance
*E. Allows you to use on-premises licenses with servers in Azure.
Explanation
The following are correct:
- Eligible licenses are SQL Server, Exchange Server, and Windows Server with active Software Assurance
- Allows you to use on-premises licenses with servers in Azure.
Azure Hybrid Benefit saves you money by using existing on-premises licenses with active Software Assurance on a virtual machine in Azure. Azure Hybrid Benefit does allow you to use a cloud-based license with an on-premises server.
Windows Server and SQL Server licenses with active Software Assurance are eligible for Azure Hybrid Benefit. Exchange Server is not eligible. However, RedHat and SuSe Linux subscriptions are eligible.
End-of-support software versions are eligible for Azure Hybrid Benefit.