The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 431
Metroil Corporation deploys several proprietary applications. They want a cloud-based solution that will let each application run in its own “sandbox.” As their IT consultant, you suggest using Azure Container Instances (ACI).
What are some advantages to this method? (Choose three.)
A. ACI automatically scales to meet high demand
B. ACI allows fast creation of virtual machines
*C. You can access containers directly from a URL
*D. ACI can access Linux containers
*E. ACI offers role-based access control (RBAC)
Explanation
With an Azure Container Instance (ACI), you can access containers directly from a URL. You just need an IP address and an FQDN.
All connections must take place over HTTPS, using TLS to secure client connections.
An ACI is not used to create virtual machines. An ACI is an alternative to using virtual machines. Each VM has to run its own copy of an operating system. Containers can share an underlying operating system. Sharing an underlying operating system makes containers “leaner” and more portable than VMs. Applications are isolated in containers just as they would be in a VM. Containers are faster because they don’t have to boot the whole OS.
An ACI can access both Linux and Windows containers. You can bring either of these from Docker Hub, which is a private container registry. Docker offers a library of images that you can start with.
An ACI offers role-based access control (RBAC) via a set of built-in Azure roles. If you need to get more granular, you can define your own custom roles.
While you can run several container instances in a container group, an ACI does not offer automatic scaling. There is no orchestration mechanism. If you have high demand, the Azure Kubernetes Service (AKS) is a better option.
An ACI is just one of many solutions for running simple applications.
Besides traditional VMs, you could also choose the Azure Service Fabric option or Azure App Services.
Question 432
Dreamsuites Corporation’s rapid growth has exponentially increased the need for their development teams to create new environments.
Dreamsuites needs to ensure that these environments comply with Dreamsuites’ standards and requirements.
What Azure service will allow for such a repeatable set of Azure resources?
A. Azure DevTest Labs
B. Azure Cosmos DB
C. Azure Batch
*D. Azure Blueprints
E. Azure Resource Manager templates
Explanation
Azure Blueprints will meet Dreamsuites’ needs. Blueprints allow templates, access controls, and policies to be deployed as a single compliance package. The components are referred to as artifacts and can include items such as Azure Resource Manager (ARM) templates, resource groups, policy assignments, and more. Blueprints are designed for environment setup.
Azure Resource Manager templates can be a part (artifact) of an Azure Blueprint deployment, but as a standalone, they do not meet the scenario requirements. ARM templates don’t exist natively in Azure.
The Azure Cosmos DB is the backend database behind Azure Blueprints, but not the actual service required by the scenario.
Azure Batch is used to create and manage large pools of virtual machines. It does not meet the requirements of this scenario.
Azure DevTest labs allow for the quick provisioning of test environments, but this is only a subset of the standardization required in the scenario.
Unlike Azure Resource Manager templates, Azure Blueprints retain a connection between the blueprint and what was deployed from it. This allows for tracking and auditing.
Question 433
You have an important application with a lot of online transactions where the application performs many small transactions at a low latency level.
What storage account type will you suggest for this application?
A. Cool
B. Hot
C. Archive
*D. Premium block blobs
E. Standard general-purpose v2
Explanation
You would select Premium block blobs because it is ideal for sensitive applications with high throughput, such as online transactions, and is suited for workloads where an application performs many small transactions at a low latency level.
You should not choose Standard general-purpose v2. This storage account type is used for file shares, blobs, queues, and tables. It can be used for most applications, but not recommended for sensitive applications with high throughput, such as online transactions.
Hot, cool, and archive are not storage account types, but are access tiers:
- Hot – tier used for data that is frequently accessed. It is more expensive to store data here compared to the Cool and Archive tiers, but cheaper to access.
- Cool – tier used for storing less frequently accessed data, such as archived files, backups, and raw or unprocessed data. Cool is designed for data that is likely to be stored for at least 30 days. Cool storage costs less than Hot storage per GB.
- Archive –the most cost-effective tier for storing data but is typically more expensive for data retrieval than Hot and Cool tiers. Archive is designed for data that is likely to be stored for at least 180 days, and for systems or scenarios where retrieval latency can be tolerated.
Question 434
Your company has purchased an Azure subscription. The company plans to rent IT infrastructure servers, virtual machines (VMs), storage, networks, and operating systems on a pay-as-you-go basis.
Which of the following types of cloud services does this describe?
A. FaaS
B. PaaS
*C. IaaS
D. SaaS
Explanation
Infrastructure as a service (IaaS) is a category of cloud computing services that is used by many cloud providers. With IaaS, you pay for resources such as servers, virtual machines (VMs), storage, networks, and operating systems from a cloud provider on a pay-as-you-go basis. These resources are provisioned and managed over the Internet.
Platform as a service (PaaS) provides a company with an environment for developing, running, debugging, testing, patching, and deploying software applications. PaaS allows you to quickly create an application without having to worry about managing the underlying infrastructure. PaaS eliminates the need to install an operating system, web server, server patches, or other infrastructure to create applications. PaaS creates a complete deployment environment in the cloud that has tools to deliver simple cloud-based apps or sophisticated cloud-enabled enterprise applications. The tools and resources are purchased from the service provider on a pay-as-you-go basis.
Software as a service (SaaS) is software that is hosted in the cloud and managed by the cloud provider for the customer. The customer can configure the software according to their needs. SaaS allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendars, and office tools. SaaS is typically licensed through a monthly or annual subscription. Microsoft Office 365 is an example of SaaS software.
Function as a service (FaaS) uses a service-hosted remote procedure call. It uses serverless computing in the cloud to enable deployment of the functions that run-in response to events that occur in the cloud.
Question 435
Your company has to react quickly when cloud services have to rapidly allocate and deallocate resources. These resources need to be provided on demand via self-service so that vast amounts of computing resources can be provisioned in minutes. There will be no manual intervention in provisioning or deprovisioning services. Which cloud feature is needed in this scenario?
A. Elasticity
B. Fault tolerance
C. High availability
D. Disaster recovery
E. Scalability
*F. Agility
G. Economy of scale
Explanation
You would choose agility. Agility is the ability to react quickly. Cloud services can allocate and deallocate resources quickly. These are on-demand services that are provisioned in minutes. There is no manual intervention in provisioning or deprovisioning services.
You would not choose elasticity. This feature increases or decreases resources as needed, but unlike scalability, elasticity is done automatically. Elastic resources are based on the current needs and resources are added or removed dynamically to meet those needs, from the most advantageous geographic location. A distinction between scalability and elasticity is that elasticity is done automatically.
You would not choose high availability. This feature allows services to run for extended periods, with very little downtime, depending on the service.
You would not choose scalability. This feature can increase (scale-up) or decrease (scale-down) resources that are assigned to a workload. As demand increases, you can add additional resources or capabilities to manage the increase in demand (known as scaling up). Scalability does not have to be done automatically.
You would not choose fault tolerance. Fault tolerance is the ability to remain up and running in the event of a component or service that is no longer functioning. Typically, redundancy is built into cloud services architecture so that if one component fails, a backup component takes its place. This type of service is said to be tolerant of faults.
You would not choose disaster recovery. This feature allows you to recover from a cloud service outage caused by an event. Cloud services disaster recovery can happen very quickly with automation, with resources being readily available for use.
You would not choose economy of scale. The concept of economy of scale is the ability to do business cheaper and more efficiently when operating on a larger scale, in comparison to operating on a smaller scale.
Question 436
The Nutex Corporation is considering shifting a considerable part of their offices to Germany. You are tasked with providing the impact analysis on the infrastructure and services hosted on Azure.
Which of the following statements about Azure Germany are TRUE? (Choose two.)
A. Azure Germany offers all the features available with Azure Global.
B. Configuration of the features available with Azure Germany is identical to Azure Global.
*C. EU-based support staff provides technical and non-technical support to Azure Germany’s customers.
*D. Azure Germany offers a separate instance of Microsoft Azure services from within German data centers.
Explanation
Azure Germany offers a separate instance of Microsoft Azure services from within German data centers, and EU-based support staff provides technical and non-technical support to Azure Germany’s customers.
The data centers are in two cities: Frankfurt/Main and Magdeburg. The data centers connect through a private network. The German data centers ensure customer data remains in Germany. All customer data is exclusively stored in those data centers.
Due to data privacy compliance and restrictions, technical and non-technical support for Azure Germany comes from EU-based support staff. The German data trustee supervises all support that requires platform access.
Configuration of the features available with Azure Germany is not identical to Azure Global. There are configuration differences to Azure Global for features that are offered in Azure Germany, You should review your configurations and sample code to ensure that you are building and executing within the Azure Germany environment.
Certain services and features that are available with Azure Global are not available with Azure Germany.
Question 437
When using a cloud provider, which of the following aspects are the responsibility of the customer organization to secure?
A. Cloud networking
*B. Firewall configurations
C. Hardware infrastructure
D. Physical sites
Explanation
When utilizing a cloud provider within your organization, it is still your responsibility to provide secure firewall configurations. It is up to the customer to create a secure firewall configuration for their data, whether that is using a virtual firewall appliance from the cloud provider, or a firewall installed on-premises.
Cloud providers typically offer up the hardware infrastructure, the cloud networking resources, and the physical sites to store your data. Those resources are secured by the cloud provider. However, the customer may need to define for the cloud providers any special security measures that they need to take.
Question 438
Jennifer has been asked to configure the authentication and authorization for the Nutex Sales app being deployed as an Azure web app. Only Active Directory authenticated Nutex sales representatives should be using the app, and the sales management team would like a single sign-on (SSO) experience.
Which technologies will be required to accomplish the requested configuration? (Choose three.)
*A. Active Directory Domain Services
*B. Azure Active Directory
C. Microsoft Account Authentication
*D. Active Directory Federated Services
E. OAuth 2.0
Explanation
Jennifer should configure Active Directory Domain Services (AD DS) and Azure Active Directory to synchronize using Active Directory Federated Services (AD FS). AD FS allows a user Single Sign-On access to applications by using AD FS as the identity provider to Azure Active Directory as a federation partner to integrate AD DS.
While Azure web apps support authentication using a variety of authentication providers including Google, Facebook, Twitter, and Microsoft Account, a Microsoft Account will not provide the single sign-on (SSO) experience requested by management.
Although Azure Active Directory supports using the OAuth 2.0 authentication protocol, it is not a requirement to provide single sign-on.
Question 439
You were tasked with choosing the most appropriate cloud deployment solution for an enterprise workforce that consists mainly of remote employees. You chose an IaaS solution. What is the MOST likely business purpose for your cloud solution?
A. To provide a turnkey solution for email in the cloud
B. To ensure applications used by employees are updated as quickly as possible
C. To supply on-demand development, testing, delivery, and management of software applications
*D. To deploy Azure virtual machines to the company’s employees
Explanation
Regardless of the type of VMs you are deploying to the environment, it will only require the basic services provided by the Infrastructure as a Service ( IaaS) model. An IaaS solution typically provides these components for customer use:
- VMs
- Bare metal servers
- Load balancers
- Networking services
With this model, the provider manages the infrastructure, and the client installs and maintains all operating systems, middleware, and applications.
The cloud computing model that supplies an on-demand environment for developing, testing, delivering, and managing software applications is Platform as a Service (PaaS). This provides a complete software development environment, adding middleware elements to the components provided by IaaS.
The cloud computing model that provides a turn-key solution for email in the cloud and ensures the quickest application updates possible is Software as a Service (SaaS). This model lets clients use cloud-based apps over the Internet while the vendor handles all infrastructure, including updates to the applications.
Question 440
In which of the following scenarios do you NOT need to define a local network gateway? Choose two.
*A. VNet to VNet
B. site-to-site VPN
*C. ExpressRoute
D. point to site
Explanation
A local network gateway is an object that represents your local site (on-premises location) for routing purposes. In a VNet-to-VNet connection, neither end is your on-premises network. A VPN with a connection to the on-premises network is the only scenario where you need a local network gateway.
In an ExpressRoute VPN, the connection is between Microsoft services and the on-premises network, so a local gateway is also needed.
In a point-to-site VPN, a single user is coinfected to the virtual network. Since neither end is the on-premises network, no local network gateway is required.
In a site-to-site VPN, each end is on-premises; for this reason, a local network gateway required.