Skip to Content

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers – Page 5

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers

Exam Question 401

You are migrating a custom web application to Azure. You are responsible for managing the application tools and scaling the infrastructure beneath your application. You want to use Azure App Services to get a granular insight of performance monitoring.

What should you include in the recommendation?

A. Software as a service (SaaS)
B. Platform as a service (PaaS)
C. Infrastructure as a service (IaaS)
D. Database as a service (DBaaS)

Correct Answer:

B. Platform as a service (PaaS)

Answer Description:

You should choose Platform as a service (PaaS). PaaS creates a development environment that includes the operating systems and application services. A company can use PaaS as a development environment for a given application without having to maintain the deployment platform. With Azure, you can use App Service to get tools such as Application Insights to get a granular insight of performance monitoring.

Software as a service (SaaS) allows fully functional applications provided by a third party. Typically, the software is available via subscription or pay-as-you-go. In this scenario, you are not placing the responsibility of changing or updating the application onto someone else, you are placing only the responsibility of managing the application infrastructure and scaling the infrastructure onto someone else.

Infrastructure as a service (IaaS) allows you to have pay-as-you-go services for storage, networking, and virtualization, but not application tools.

Database as a service (DBaaS) allows you to have access to a database without the need for installing software or physical hardware. The scenario has to do with migrating an application, not a database.

Objective: Describe cloud concepts

Sub-Objective: Describe cloud service types

References:

Moving your App to Azure PaaS: How to choose between PaaS and IaaS

Exam Question 402

Your company needs to protect their application and data from datacenter failures. The company plans to move to Azure. You want to ensure that applications and data are stored in availability zones.

Which of the following statements best describes availability zones?

A. A discrete market typically containing two or more regions that preserves data residency and compliance boundaries
B. A geographical area containing at least one, but potentially multiple, datacenters that are in close proximity and networked together with a low-latency network
C. A way for you to ensure your application remains online if a high-impact maintenance event is required or a hardware failure occurs
D. Physically separate locations within an Azure region

Correct Answer:

D. Physically separate locations within an Azure region

Answer Description:

Availability zones are physically separate locations within an Azure region. Each availability zone has one or more datacenters. Each datacenter is equipped with independent power, cooling, and networking. Availability zones protect your applications and data from datacenter failures.

An availability zone is not a discrete market typically containing two or more regions that preserves data residency and compliance boundaries. That describes a geography. A geography is a unique market that contains two or more regions that stores data in the regions according to the compliance boundaries of the regions.

An availability zone is not a geographical area containing at least one, but potentially multiple, datacenters that are in close proximity and networked together with a low-latency network. That describes a region. A region is a geographical area containing one or more datacenters networked together with a low-latency network and are in close proximity.

An availability zone is not a way for you to ensure that your application remains online if a high-impact maintenance event is required, or a hardware failure occurs. That can be done with an availability set. Availability sets logically group resources so that Azure can ensure that VM resources are isolated from each other when they are in an Azure datacenter. Availability sets allow your application to remain online if a hardware failure occurs or a maintenance event is required.

Objective: Describe Azure architecture and services

Sub-Objective: Describe the core architectural components of Azure

References:

Microsoft Azure > Azure global infrastructure > Azure Regions

Exam Question 403

The IT team at the Nutex Corporation is planning to use the Azure VPN Gateway to encrypt communication between the Azure cloud network and the on-premises networks. You are the security analyst who must recommend an effective solution to achieve this.

Which of the following statements about the Azure VPN Gateway are TRUE? (Choose four)

A. Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
B. A policy-based VPN gateway can be modified to a route-based VPN Gateway and vice versa.
C. Azure VPN Gateways support 16-bit ASNs.
D. BGP can be used with policy-based and route-based VPN Gateways.
E. User-defined routes must be configured in the virtual network to ensure that traffic is routed properly between the on-premises networks and the virtual network subnets.
F. Azure generates different IPsec/IKE pre-shared keys for different VPN connections created for the same virtual network.
G. A VPN gateway can be assigned a static IP address provided by Microsoft Azure support.

Correct Answer:

A. Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
C. Azure VPN Gateways support 16-bit ASNs.
E. User-defined routes must be configured in the virtual network to ensure that traffic is routed properly between the on-premises networks and the virtual network subnets.
F. Azure generates different IPsec/IKE pre-shared keys for different VPN connections created for the same virtual network.

Answer Description:

The following statements are true:

  • Azure allows you to deploy your own VPN gateways or servers in Azure, either from the Azure Marketplace or by creating your own VPN routers.
  • After you set up your own VPN gateways or servers, you must configure user-defined routes in the virtual network to ensure that traffic is routed properly between the on-premises networks and the virtual network subnets.
  • Azure generates different IPsec/IKE pre-shared keys for different VPN connections created for the same virtual network. This is done by default. However, you can use PowerShell cmdlets or the Set VPN Gateway Key REST API to configure a custom key value. The key must be in ASCII.
  • Azure VPN gateways support 16-bit ASNs.

An autonomous system (AS) is a set of Internet Protocol (IP) routing prefixes that are connected on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the Internet. A unique autonomous system number (ASN) is allocated to each AS for use in BGP routing. An ASN uniquely identifies each network on the Internet.

A policy-based VPN gateway type cannot be modified to a route-based or vice versa. The original gateway must be deleted, and the intended gateway must be created. This process could take around 60 minutes. The IP address of the original gateway and the pre-shared key (PSK) will not be deleted when the original gateway is deleted.

Policy-based VPNs send encrypted packets through IPsec tunnels based on the IPsec policies configured with the combinations of address prefixes between your on-premises network and the Azure VNet. Route-based VPNs use “routes” in the IP forwarding or routing table to direct packets into their corresponding tunnel interfaces.

Although the Azure VPN gateway parameter reads “Public IP address”, this public IP address is assigned dynamically by Azure to gateways when the gateway is created. It is not static. When Azure assigns an IP address, a public IP address object gets associated to the gateway.

You cannot request a static IP address from Microsoft. The dynamic IP address, assigned to a gateway, will change only if the gateway is deleted and re-created. The public IP address does not change across resizing, resetting, or other internal maintenance/upgrades of your gateway.

Border Gateway Protocol (BGP) cannot be used with both policy-based and route-based VPN gateways. BGP can only be used with route-based VPN gateways.

Objective: Describe Azure architecture and services

Sub-Objective: Describe Azure compute and networking services

References:

Microsoft Azure > VPN Gateway FAQs

Exam Question 404

You work as part of the Product Deployment team at the Nutex Corporation. You have a series of products to deploy on Azure. These products are targeted at audiences in different geographies. You need to understand the impact of deploying products by their geography.

Which of the following statements concerning pricing by geographies for Azure are TRUE? (Select all that apply.)

A. All Azure products are available in all Azure regions.
B. A region in Azure is a set of geographies that preserves data residency and compliance boundaries.
C. Azure services are charged the same across all geographies.
D. Azure Australia has two featured Azure Australia Central regions.

Correct Answer:

B. A region in Azure is a set of geographies that preserves data residency and compliance boundaries.
D. Azure Australia has two featured Azure Australia Central regions.

Answer Description:

The following statements are true:

  • A region in Azure is a set of geographies that preserves data residency and compliance boundaries.
  • Azure Australia has two featured Azure Australia Central regions.

A region consists of datacenters connected through a regional low-latency network and deployed within a latency-defined perimeter. Azure regions are organized into geographies typically containing two or more regions, which preserve data residency and compliance boundaries.

The two Azure Australia Central regions (Australia Central and Australia Central 2) are designed for the Australian and New Zealand governments, and critical infrastructure organizations and their suppliers. Services in the Azure Australia Central regions can be purchased in the same way as any other Azure service.

Azure services are not charged the same across all geographies. Azure charges customers based on the geographical locations in which the apps and services are deployed. Prices vary by the regions that define the geographical locations.

Azure products are available by regions; some products are not available in some regions.

Objective: Describe Azure management and governance

Sub-Objective: Describe cost management in Azure

References:

Average Price Per Azure Region

Microsoft Azure > Azure global infrastructure > Azure regions

Microsoft Azure > Azure global infrastructure > Products available by region

Microsoft Azure > Azure global infrastructure > Azure Australia Central Regions

Exam Question 405

As Metroil Corporation has grown, the increasing number of Azure subscriptions has added worldwide complexity to management needs.

Metroil needs to implement select regional policies for resource control. What is a good first step for reaching this goal?

A. Assign the co-administrator role to each regional manager.
B. Create a root management group.
C. Create a regional policy by launching the Azure Policy service in the portal.
D. Create a regional manager group and assign the co-administrator role to it.
E. Add a management group in the Azure Portal.

Correct Answer:

E. Add a management group in the Azure Portal.

Answer Description:

The policy will need to be assigned to a management group, so the group must exist first.

The policy will need to be assigned to a management group, so the group must exist first.

The scenario does not indicate an explicit need to create a regional manager group and assign the co-administrator role to it.

The focus is not on managing subscriptions but on a hierarchical way to implement policies.

A root management group will be created at the top of the hierarchy, but it is automatically created by the portal when triggered by the addition of the first management group is added by a user.

Metroil will need to create a regional policy by launching the Azure Policy service in the portal, but it will not be the first step.

The scenario does not indicate an explicit need to assign the co-administrator role to each regional manager. The focus is not on managing subscriptions but on a hierarchical way to implement policies.

The first step will be to add a management group in the Azure Portal. Management groups are containers that hold subscriptions. The subscriptions in a management group inherit the policies and conditions applied to the group. The top group is known as the root management group (“Tenant root group” is the display name) and is created automatically when the first management group is created by a user.

Objective: Describe Azure architecture and services

Sub-Objective: Describe the core architectural components of Azure

References:

Azure > Governance > Management Groups >What are Azure management groups?

Lunavi > Azure Management Groups Simplify Subscription Administration

Azure > Governance > Management Groups > Manage your resources with management groups

Exam Question 406

You have an application that needs to persist data in a container. The container needs to run on several VMs with access to the same files.

An associate suggests that you use a bind mount.

Does this solution meet your needs?

A. Yes
B. No

Correct Answer:

B. No

Answer Description:

A bind mount will not work. You should use a named volume or a SMB volume instead.

A bind mount allows you to have a place to store files on the local machine if you need to share the files with multiple containers or if you need to restart the container.

A SMB mount or named volume can have the container run on several VMs with access to the same files.

Objective: Describe Azure architecture and services

Sub-Objective: Describe Azure compute and networking services

References:

Microsoft Docs > Virtualization > Containers on Windows > Container Storage Overview

Microsoft Docs > Virtualization > Containers on Windows > Storage > Persistent Storage in Containers

Exam Question 407

You need to delete a resource group. Which statements are true? (Choose two.)

A. All resources in the resource group are deleted except for child resources.
B. When the managedBy property is set on a resource, the managing resource is deleted before the resource it manages.
C. Resources are always deleted in chronological order, from newest to oldest.
D. You can reverse a resource group deletion.
E. When the managedBy property is set on a resource, the resource being managed is deleted before the managing resource.
F. When a delete operation returns an error, Resource Manager retries the DELETE call.

Correct Answer:

B. When the managedBy property is set on a resource, the managing resource is deleted before the resource it manages.
F. When a delete operation returns an error, Resource Manager retries the DELETE call.

Answer Description:

When you delete a resource group, Resource Manager uses specific criteria to determine the order in which the resources are deleted:

  1. All nested (child) resources are deleted first.
  2. All resources that manage other resources, as indicated by the managedBy property set on the managed resource, are deleted next.
  3. The remaining resources are deleted last, but not in chronological order from newest to oldest.

Resource Manager continues to retry the DELETE call every 15 minutes when a delete operation returns an error with a 408, 428, and 5xx status.

All the child resources are deleted when a resource group is deleted.

A resource group deletion is final and not reversible.

Objective: Describe Azure architecture and services

Sub-Objective: Describe the core architectural components of Azure

References:

Microsoft Docs > Azure > Resource Manager > Management > Delete resource group and resources

Exam Question 408

You have designed a specific infrastructure in Azure with many virtual machines and virtual networks. You need to create the same configuration for the remaining three environments in the company. You have to be sure that your deployments are consistent.

What will you choose to accomplish this?

A. Custom scripts
B. Azure Resource Manager (ARM) templates
C. Chef
D. Desired State Configuration

Correct Answer:

B. Azure Resource Manager (ARM) templates

Answer Description:

You would choose Azure Resource Manager (ARM) templates. With ARM templates and their JSON templates, you can make sure that your deployments are consistent.

You would not choose the Desired State Configuration because it helps you define a state for your machines instead of writing detailed manual instructions on how to achieve that state for each machine.

You would not choose custom scripts because those are used for post-deployment configuration, software installation, or any other configuration or management task.

You would not choose Chef because it is a tool for delivering automation and desired state configurations.

Objective: Describe Azure management and governance

Sub-Objective: Describe features and tools for managing and deploying Azure resources

References:

Microsoft Azure > Resource Manager > Templates > What are ARM templates?

Exam Question 409

Match the descriptions on the left with the cloud deployments on the right.

Descriptions:

  • Allows organizations to deploy virtual machines, servers, and storage in a cloud
  • Allows organizations to run applications in a cloud
  • Allows organizations to deploy Web servers, databases, and development tools in a cloud

Cloud Deployments:

  • Platform as a Service
  • Software as a Service
  • Infrastructure as a Service

Correct Answer:

Platform as a Service: Allows organizations to deploy Web servers, databases, and development tools in a cloud

Software as a Service: Allows organizations to run applications in a cloud

Infrastructure as a Service: Allows organizations to deploy virtual machines, servers, and storage in a cloud

Answer Description:

The cloud deployments should be matched with the descriptions in the following manner:

  • Platform as a Service (PaaS) – Allows organizations to deploy Web servers, databases, and development tools in a cloud
  • Software as a Service (SaaS) – Allows organizations to run applications in a cloud
  • Infrastructure as a Service (IaaS) – Allows organizations to deploy virtual machines, servers, and storage in a cloud

Objective: Describe cloud concepts

Sub-Objective: Describe cloud computing

References:

Cloud computing

Exam Question 410

You are part of the IT team at the Nutex Corporation. Your management has triggered an initiative to reduce the costs with Azure resources.

You need to reduce storage costs for blob data. You propose using Azure Hybrid Benefit.

Which of the following are true regarding Azure Hybrid Benefit? Choose two.

A. End-of-support software versions are not eligible
B. Eligible licenses are SQL Server, and Windows Server with active Software Assurance
C. Allows you to use Azure cloud licenses with on-premises servers.
D. Eligible licenses are SQL Server, Exchange Server, and Windows Server with active Software Assurance
E. Allows you to use on-premises licenses with servers in Azure.

Correct Answer:

B. Eligible licenses are SQL Server, and Windows Server with active Software Assurance
E. Allows you to use on-premises licenses with servers in Azure.

Answer Description:

The following are correct:

  • Eligible licenses are SQL Server, Exchange Server, and Windows Server with active Software Assurance
  • Allows you to use on-premises licenses with servers in Azure.

Azure Hybrid Benefit saves you money by using existing on-premises licenses with active Software Assurance on a virtual machine in Azure. Azure Hybrid Benefit does allow you to use a cloud-based license with an on-premises server.

Windows Server and SQL Server licenses with active Software Assurance are eligible for Azure Hybrid Benefit. Exchange Server is not eligible. However, RedHat and SuSe Linux subscriptions are eligible.

End-of-support software versions are eligible for Azure Hybrid Benefit.

Objective: Describe Azure management and governance

Sub-Objective: Describe cost management in Azure

References:

Azure Hybrid Benefit FAQ | Microsoft Azure

Tags

Tags

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker