Skip to Content

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers – Page 5 Part 2

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

Question 481

You plan to store historical tax information from 2015 to 2021 in Azure. Users in the tax department must mount a network drive to access the tax information from their Windows 11 and Linux devices.

Your solution is to implement Azure Information Protection (AIP).

Does your solution meet the needs of the tax department?

*A. No
B. Yes

Explanation

Azure Information Protection (AIP) will not meet the needs of the tax department. Azure Information Protection (AIP) will not allow tax department users from Linux or Windows devices to map a drive to access the historical tax information. You will need to use an Azure file share. You can use a storage account key to access the file share. You can have the file share accessed with either Server Message Blocks (SMB) or Network File System (NFS) protocol. With the Azure Files service, you can mount file shares can be mounted by cloud or on-premises deployments. Windows clients can access SMB Azure file shares. Linux or macOS clients can access SMB Azure file shares and NFS Azure Files shares.

Azure Information Protection (AIP) is a cloud-based solution that is part of the Microsoft Information Protection (MIP) solution. It uses labels to classify assets and apply tags.

Question 482

Your company plans to deploy web applications running on several Azure virtual machines. These applications need to continue to run even if a datacenter fails.

What feature in Azure can protect the applications from a datacenter failure?

*A. Availability zone
B. Fault domain
C. Update domain
D. Virtual machine scale set

Explanation

An availability zone consists of several datacenters that have separate power, cooling, and networking equipment. Every region has three separate availability zones to ensure resiliency by physically separating applications and data from datacenter failures.

You would not choose virtual machine scale sets. A virtual machine scale set allows you to increase or decrease on demand or by schedule. A virtual machine scale allows you to create load balanced VMs that are identical.

You would not choose fault domain. A fault domain defines a set of virtual machines that share a common network switch and power source. A fault domain may protect a set of virtual machines but will not protect against a datacenter failure.

You would not choose update domain. An update domain can allow your application to stay up and running during an update of the application. An update domain will not protect against a datacenter failure.

Question 483

Your company needs to host multiple virtual machines that run an application your customers use in the East US region of Azure. You need to ensure that no other VMs are placed on the physical machines in the data center. All VMs need to have high availability using availability zones.

What should you use?

A. Azure DevTest Labs
B. Azure Pipelines
*C. Dedicated Host
D. Azure Advisor
E. Desired State Configuration
F. Azure Board

Explanation

Azure Dedicated Host is a service that provisions physical hardware in a data center dedicated to one or more of your company’s and no one else’s virtual machines. Dedicated hosts are physical servers in a data center that can provide hardware isolation at the physical server level. These dedicated hosts share the same network and storage as non-isolated hosts. Dedicated hosts can opt in or out of a maintenance window to reduce the impact of the workload running on a dedicated host. You can deploy multiple dedicated hosts for high availability using availability zones or fault domains for fault isolation.

You would not choose the Desired State Configuration (DSC) because it helps define a state for your machines. DSC does not ensure that VMs will be physically isolated on specific hardware.

You would not choose Azure Advisor. Azure Advisor examines resource configuration and usage and provides recommended solutions. Recommendations for cost, security, reliability (formerly High Availability), operational excellence, and performance are combined in a single dashboard. Azure Advisor makes recommendations but may not recommend having VMs be physically isolated on specific hardware.

Azure DevTest Labs allows you to create virtual machines (VMs) and PaaS resources without approvals. Azure DevTest Labs enables your team to create multiple VMs or an empty resource group as a sandbox to isolate VMs. You can use reusable templates and artifacts to provide your environment using Microsoft VMs or Linux VMs quickly. VMs can be created from custom images that have all the software applications and any tools installed. Azure DevTest Labs does not ensure that VMs will be physically isolated on specific hardware.

You would not choose to use Azure Pipelines because it integrates your code repository with builds and releases in Azure DevOps.

You would not choose to use Azure Boards. Azure Boards use an agile methodology to track and plan projects using tools such as scrum boards, Kanban boards, and dashboards.

Question 484

You need to monitor the VMs running in your department’s resource group. These VMs run several applications that query a backend database. Department members create spreadsheets from the data that is queried from the database. You need to respond quickly to alerts and take action on those alerts by using Azure CLI or PowerShell commands.

You will be attending a two-day music festival over the weekend. You plan to take only your Android phone. However, there are no team members that can take over your monitoring activities.

What can you do to ensure that monitoring activities continue?

A. Download the Microsoft tunnel app
B. Download the Microsoft 365 Admin app
C. Download the Remote Desktop app
*D. Download the Azure mobile app

Explanation

You should download the Azure mobile app. This app will allow you to monitor VMs, respond to alerts and take corrective actions for those alerts. You can also use this app to run Azure PowerShell commands, or Azure CLI commands.

You should not use the Remote Desktop app. This app will allow you to connect via RDP to a VM. While you can connect to a VM, you are not alerted if there are issues with the VM.

You should not use the Microsoft 365 Admin app. This app will allow you to manage all the apps in Microsoft 365. While the developers use the spreadsheets, the monitoring should be on the VMs, not on the spreadsheets.

You should not download the Microsoft tunnel app. This app is used to ensure that you can securely connect to Azure resources. This app by itself will not notify of issues with Azure resources.

Question 485

The Nutex Corporation wants to ensure that the apps and services deployed on Azure are compliant with global and industry-specific compliance standards.

Which of the following Azure products can be used to monitor and ensure that apps and services are compliant with the industry-specific compliance standards? (Choose four.)

A. Azure ExpressRoute
*B. Microsoft Trust Center
C. Azure Service Bus
D. Azure Monitor
*E. Azure Security Center
*F. Microsoft Compliance Manager

Explanation

The following products can be used:

  • Azure Monitor
  • Microsoft Trust Center
  • Azure Security Center
  • Microsoft Compliance Manager

Azure Monitor is a comprehensive solution for collecting, analyzing, and acting on telemetry from the cloud and on-premises environments.

Microsoft Trust Center is where the security and privacy settings for Microsoft Office programs are configured.

Azure Security Center is a security management system that strengthens the security of data centers and implements advanced threat protection for hybrid workloads in the cloud.

Microsoft Compliance Manager is a workflow-based risk assessment tool that tracks, assigns, and verifies regulatory compliance activities related to Microsoft cloud services. Compliance Manager helps manage regulatory compliance within the shared responsibility model for Microsoft cloud services. Compliance Manager offers a centralized dashboard for viewing standards, regulations, and control implementation details, as well as test results for Microsoft service assessments. It also includes tools to manage custom control implementations and compliance tracking by organizations.

Azure ExpressRoute extends your on-premises networks into the Microsoft cloud over a private connection. You can establish connections to Microsoft cloud services with ExpressRoute. ExpressRoute does not allow monitoring of compliance standards.

Azure Service Bus is an enterprise integration message broker. Service Bus can decouple applications and services. Service Bus has a secure platform that uses asynchronous data and state transfer. Azure Service Bus does not allow monitoring of compliance standards.

Question 486

The Nutex Corporation wants to implement an Azure service that can inspect the Azure resources and services and notify the Azure Administration team about issues.

Which of the following features are available with Azure Service Health? (Select all that apply.)

*A. Custom alerts to notify about service incidents, planned maintenance, and health advisories.
*B. Integration with ServiceNow using a webhook.
*C. Personalized dashboard to report service health and issues.
*D. Get root cause analysis and downloadable explanations for ongoing service health issues.
E. Archive service health event history indefinitely.

Explanation

The following features are available with Azure Service Health:

  • Custom alerts to notify about service incidents, planned maintenance, and health advisories.
  • Service health alerts can be configured (on the Azure portal) using a combination of the class of service health notification (service issues, planned maintenance, health advisories), subscription affected, the service(s) affected, and the region(s) affected. These alerts can be sent to receivers by SMS, email, and webhooks and apps deployed on Azure.
  • Get root cause analysis and downloadable explanations for ongoing service health issues. You can get downloadable explanations for ongoing service health issues.
  • Personalized dashboard to report service health and issues. To get your Service Health dashboard, select the Service Health tile on the Azure portal. The Service issues view illuminates any existing problems with Azure services. This view shows information on when the issue began and what services and regions are impacted. Customers can also read about the most recent updates to understand what Azure is doing to resolve the issues.
  • The Potential impact tab allows you to see the specific list of resources that are impacted by the issue. A CSV list of these resources can be downloaded. Share the link for the issue to use in a third-party issue/incident management system. You can download a PDF and sometimes CSV files to share with people without access to the Azure portal.
  • Integration with ServiceNow using a webhook.
  • Get alerts from ServiceNow through the existing notification infrastructure (when Azure service experiences issues). Every time an Azure Service Health alert fires, it calls a webhook through ServiceNow’s Scripted REST API.
  • Personalized dashboard to report service health and issues.
  • Service Health provides a customizable dashboard that tracks the health of Azure services in the regions where they are used. Events tracked include ongoing service issues, upcoming planned maintenance, or relevant health advisories.

Service Health cannot archive event history indefinitely. When events become inactive, they remain in the health history for up to 90 days, including a preliminary root cause, mitigation, and next steps for resolving the issue.

Question 487

You plan to deploy an Azure cloud with the following divisions:

Two divisions in North America, one located in Atlanta, GA, and the other in Montreal, Québec.
Two divisions in Europe, one located in London and the other in Paris.
Each division will have its own administrator. Each division administrator can manage the Azure resources used by their respective division.

How many Azure Active Directory (Azure AD) directories will this solution require?

*A. 1
B. 3
C. 4
D. 2

Explanation

While it is possible to create separate Azure Active Directory (Azure AD) directories for each division, there is no need for all that extra administrative effort. A single Azure AD can support the creation of multiple Azure administrative domains. A domain can be created for each division. The central administrator could:

  • Create an administrative unit for each division.
  • Populate the administrative unit with only students and staff within the division.
  • Create a role with administrative permissions over only Azure AD users in each administrative unit.
  • Add the division IT team to the role, along with its scope.

Question 488

Which cloud service model will allow an organization to use resources outside of its cloud if there is a spike in demand for an application or resource?

A. Public cloud
B. Community cloud
C. Private cloud
*D. Hybrid cloud

Explanation

A hybrid cloud combines the best of a public cloud and a private cloud so you can take advantage of both. A hybrid cloud has the following advantages:

  • You can take advantage of cloud bursting. With cloud bursting, if there is a spike in demand for an application or resource, the organization goes to the public cloud to use additional computing resources.
  • You can use a hybrid cloud to ease transitioning to the cloud by phasing in workloads over stages.

All the other choices are incorrect.

A community cloud is a cloud model that is a collaborative effort between multiple organizations that is managed and secured commonly by the organizations participating in that community. Typically, a community cloud is used with organizations that are working on joint projects or applications that require a cloud to manage and execute the projects or applications regardless of the solution rented.

A public cloud is owned, managed, and supported by the vendor alone. Examples of public clouds are Amazon Web Services, Microsoft 365, and Microsoft Azure. A public cloud provides the following advantages:

  • Hardware and software are provided by the cloud provider so there is no need to purchase either.
  • The customer only pays for the services that they consume.
  • Scalability is almost unlimited because on-demand resources are available when you need it.
  • The reliability of the cloud is guaranteed and provides cost-effective reliability.
  • A private cloud has computing resources exclusively owned, managed, and used by a single organization.

A private cloud has the following advantages:

  • A private cloud is more secure than a public cloud because cloud resources are not shared with others.
  • Private clouds provide scalability and efficiency.

Question 489

You have been asked to consolidate on-premises line of business applications that support the marketing department to a new Azure subscription. All supporting PDFs and graphics files that the line of business applications relies on are stored in an on-premises shared drive. Part of this project includes creating a one-time copy of these files and sending it to Azure blob storage over the internet.

Which solution meets this requirement with the least amount of administrative effort?

*A. Azure Storage Explorer
B. Python
C. SQL Server Integration Services
D. Shared Access Signature

Explanation

Azure Storage Explorer is a free cross-platform tool that can be used to manage and configure Azure storage data. The software makes it very simple to connect to a blob container and upload files from the local file system. This solution will allow you to copy on-premises files to Azure blob storage using the least amount of administrative effort.

Python can be used to develop an application that can upload or download files from blob storage. To use a Python application, code needs to be created or cloned from a Git repository and a storage connection string configured. This solution would not use the least amount of administrative effort.

SQL Server Integration Services feature allows the user to copy or move data between on-premises and Azure. SQL Server 2014 standard and above must be installed to use the SQL Server Integration Service features. This solution may be able to move data but requires more administrative effort than Azure Storage Explorer to copy on-premises files to Azure blob storage.

The Shared Access Signature feature can be used to grant permissions contents of a storage account without sharing the account key. This solution does not meet the requirements to copy on-premises files to Azure blob storage.

Question 490

The Nutex Corporation wants to work with the US government for some Azure services. You must explain the capabilities of Azure Government to management.

Which of the following statements about Azure Government are TRUE? (Choose three.)

A. Hybrid Identity exists only on the cloud after the on-premises directory and cloud directory are synchronized.
*B. The Azure Pipelines service is not available with the Azure Government offering.
*C. Azure Government uses the same underlying technologies as global Azure.
*D. Azure Government Marketplace contains only Bring Your Own License (BYOL) and Pay-As-You-Go (PayGo) images of products.
E. Azure Government uses does not use physically isolated data centers located strategically around the globe.

Explanation

The following statements are true:

  • Azure Government uses the same underlying technologies as global Azure.
  • Azure Government Marketplace contains only Bring Your Own License (BYOL) and Pay-As-You-Go (PayGo) images of products.
  • The Azure Pipelines service is not available with the Azure Government offering

Azure Government uses the same underlying technologies as global Azure, such as infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS). Azure Government includes auto scaling, Geo-Synchronous data replication, storage, data management, identity management, and network, among other services.

The Azure Government Marketplace connects government agencies with independent software vendors (ISVs) that are offering their solutions in Azure Government. Azure Marketplace is different to the Azure Government Marketplace in the following ways:

  • Only Bring Your Own License (BYOL) and Pay-As-You-Go (PayGo) images are available in Azure Government Marketplace.
  • A different set of images is available in Azure Government Marketplace.

Azure Pipelines is not available as part of Azure Government. Azure Pipelines is used by teams to configure continuous deployment for applications hosted in Azure subscriptions.

Azure Government use physically isolated data centers located strategically around the globe. U.S. government agencies or their partners interested in cloud services that meet government security and compliance requirements can use Azure Government. Azure Government delivers a dedicated cloud enabling government agencies and their partners to transform mission-critical workloads to the cloud. Azure Government services handle data that is subject to certain government regulations and requirements, such as FedRAMP, NIST 800.171 (DIB), ITAR, IRS 1075, DoD L4, and CJIS.

Hybrid entities do not exist only on the cloud after the on-premises directory and cloud directory are synchronized. Three identity models can be used with Azure Government. They are On-premises (the Active Directory environments that most customers use today), Cloud identities (those that originate, are managed, and exist only in Azure AD), and Hybrid identities (those that originate as on-premises identities but become hybrid through directory synchronization to Azure AD).