Skip to Content

AZ-900 Microsoft Azure Fundamentals Exam Questions and Answers – Page 6 Part 1

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

Question 501

Your company has several virtual machines that run on both a Hyper-V server and a VMware vCenter Server. The on-premises servers in the Finance department and Marketing department will be migrated to Azure using Azure Migrate. An on-premises VM called the collector appliance will discover information about the on-premises VMs to help the migration process along. The collector appliance will be a VM on the vCenter Server.

After an initial readiness test of the Azure Migrate assessment, the readiness status of your VMs in the Azure readiness view displays the VM named VM055 using a blue color.

What is the reason for VM055’s status?

A. the VM is in a saved state
B. the VM is running on wrong VMware vCenter version
C. the VM is running on a Hyper-V server
*D. the VM is offline

Explanation

The VM is offline, because VMs with readiness unknown status are normally offline VMs and are displayed using a blue color during readiness testing.

You should not select the VM is running on a Hyper-V server, because VMs running on Hyper-V servers can also be a part of your Azure Migrate assessment. For that reason, you can use the Azure Site Recovery Deployment Planner or partner tools.

You should not select the VM in a saved state, because a VM in this state will be shown as ready for Azure, conditionally ready for Azure, or not ready for Azure, but not as readiness unknown.

You should not select the VM is running on the wrong VMWare vCenter version. If this were the case, then you would have problems with all virtual machines on that VMWare vCenter and with one only one VM. Besides, the vCenter Server is running version 6.5. VMware VMs that are managed by vCenter Server (version 5.5, 6.0, 6.5 or 6.7) can be used with Azure Migrate.

Question 502

Are Azure data centers in China operated by Microsoft and governed by Microsoft’s service level agreement (SLA)?

A. Yes
*B. No

Explanation

No. In China, Azure is not operated by Microsoft, but by 21Vianet. 21Vianet is a separate cloud service from Azure and is located in China. 21Vianet is operated by Shanghai Blue Cloud Technology Co, Ltd. If you choose to use Azure services in China, you must sign an Online Service Premium Agreement (OSPA) with 21Vianet.

Azure China does not have all the features that you may normally expect with Azure. Compliance and data protection laws may also be different in China.

Question 503

Which Azure tool is a cloud-based solution that enables organizations to discover, classify, and protect documents and emails by applying labels to content?

A. Azure Functions
B. Azure Cosmos DB
*C. Azure Information Protection (AIP)
D. Azure Key Vault
E. Credential Manager

Explanation

Azure Information Protection (AIP) is a cloud-based solution that is part of the Microsoft Information Protection (MIP) solution. It uses labels to classify assets and apply tags.

All other choices are incorrect.

Azure Key Vault is an encrypted solution for storing organizational; secrets such as passwords and encryption keys.

Azure Functions allows you to write serverless code in your language of preference to handle events at scale, with minimal overhead and cost. It is not required to create custom domain names.

Azure Cosmos DB is a NoSQL database that can be used when developing apps. It does not make use of AI possible.

Credential Manager is an applet in Control Panel on a Windows devices that allows you to view and delete logon information for websites, connected application and networks.

Question 504

You are the administrator of the Nutex Corporation. You use Azure DNS for three zones named nutex.com, testnutex.com, and devnutex.com. You have added a record to an existing record set in Azure DNS for the zone named testnutex.com.

Which Azure DNS component can you use to manage the overwriting behavior for that Azure DNS record set?

*A. Etag
B. Apex
C. Metadata
D. DNSSec

Explanation

You should use Etag because Etag checks are used to ensure concurrent changes are not overwritten. You can use the optional -Overwrite switch of the Add-AzureDnsRecordConfig cmdlet to suppress these checks.

You should not use apex because an apex record is a DNS record at the root (or apex) of a DNS zone. In the root DNS zone nutex.com, an apex record also has the fully qualified name of the naked domain nutex.com. The relative name ‘@’ is used to represent apex records.

You should not use metadata because the metadata of an Azure DNS record set can be used to associate application-specific data with each record set, as key-value pairs. The following example uses metadata to create key-value pairs: ‘dept=finance’ and ‘environment=production’.

You should not use DNSSec because Azure DNS does not support DNSSec. DNSSec is used to sign DNS zones.

Question 505

Which of the following are examples of SaaS? (Choose two.)

A. Microsoft Azure
B. Google Compute Engine
*C. Salesforce
*D. Google Apps
E. Amazon Web Services Elastic Beanstalk

Explanation

Google Apps and Salesforce are examples of Software as a Service (SaaS). With SaaS, the customer uses software for a fee from a cloud provider. Google Apps and Salesforce run in the cloud and do not require software installed on the client. Other examples of SaaS are web-based mail services, such as Hotmail or Yahoo Mail.

Microsoft Azure and Amazon Web Service Elastic Beanstalk are example of Platform as a Service (PaaS). PaaS is a cloud category that a customer uses to create their own applications and manage those applications.

Google Compute Engine is an example of Infrastructure as a Service (IaaS). IaaS is a cloud category that provides customers with network infrastructure, physical computing resources, data partitioning, scaling, security, and backup.

Question 506

You’ve been appointed as an Azure Administrator at the Nutex Corporation. The Nutex Corporation has recently appointed two Helpdesk Administrators.

You are asked to add their accounts to the Azure AD and grant them the role and privileges of a Helpdesk Administrator.

What four steps should you perform in the Azure portal?

Place the appropriate four steps in the correct order.

Unordered Choices:

  • Click Azure Active Directory > Groups > New group.
  • Log in to the Azure portal.
  • Specify the role of a Helpdesk Administrator on the User page.
  • Create a group named Helpdesk Administrator on the Group page.
  • Add the user accounts to the Helpdesk Administrator group.
  • Click Azure Active Directory > Users > New user.
  • Create the user account on the User page.

Answer: Correct Order:

  1. Log in to the Azure portal.
  2. Click Azure Active Directory > Users > New user.
  3. Create the user account on the User page.
  4. Specify the role of a Helpdesk Administrator on the User page.

Explanation

You should choose the following:

What four steps should you perform in the Azure portal?

For an Azure AD user to manage Azure AD resources, the user must be assigned an appropriate role, based on the actions the user needs permission to perform.

You must perform the following steps to grant the users the role of a Helpdesk Administrator:

  1. Log in to the Azure portal
  2. Click Azure Active Directory > Users > New user.
  3. Create a new account on the User page by specifying the name, username, and password.
  4. Select the Directory Role as a Helpdesk Administrator on the New User.

Groups in Azure AD are a mere collection of users with similar non-RBAC privileges. So, creating a new group by the name of Helpdesk Administrator and assigning the new employees to the group does not assign them the privileges of the Helpdesk Administrator.

Question 507

Which of the following statements are NOT true?

A. DCv2 VMs can help protect the confidentiality and integrity of your data
B. E series VMs are suited to relational database servers,
*C. Storage costs cease to accrue when you stop the VM
D. Two VMs using the B2S size may NOT generate the same monthly costs

Explanation

When you stop a VM, you stop paying for the operation of the VM, but you still must pay for storage costs. When a VM is deallocated, the VM is removed from the hypervisor but is still available in the control plane). Virtual machines in the Stopped and Deallocated states do not incur compute charges. Although you are not paying compute charges, you still pay for storage costs for the OS and any disks attached to the VM and are billed for allocated cores.

DCv2 VMs can help protect the confidentiality and integrity of your data. These VMs enable customers to build secure enclave-based applications to protect their code and data while it’s in use.

Two VMs using the B2S size may NOT generate the same monthly costs because they may be using different disk configurations, resulting in different VM costs.

Question 508

You need to install an Azure Data Box Edge device from Microsoft to ensure that data is transferred securely to the cloud after it is preprocessed by removing Personally Identifiable Information (PII).

What should you do?

Choose the appropriate steps and place them in the correct order.

Unordered Choices:

  • Add and connect to shares on your Data Box Edge device
  • Install Azure Data Box Edge device
  • Assign the IP address of 192.168.100.5/24 on the computer connect to the Azure Data Box Edge device
  • Activate the Azure Data Box Edge device
  • Assign the IP address of 10.10.10.10/24 on the computer connect to the Azure Data Box Edge
  • Configure a compute role on your Azure Data Box Edge device
  • Create and configure the Data Box Edge resource
  • Create an IoT Hub resource

Answer: Correct Order:

  1. Create and configure the Data Box Edge resource
  2. Install Azure Data Box Edge device
  3. Assign the IP address of 192.168.100.5/24 on the computer connect to the Azure Data Box Edge device
  4. Activate the Azure Data Box Edge device
  5. Add and connect to shares on your Data Box Edge device
  6. Create an IoT Hub resource
  7. Configure a compute role on your Azure Data Box Edge device

Explanation

You should choose the following steps:

  1. Create and configure the Data Box Edge resource
  2. Install Azure Data Box Edge
  3. Assign the IP address of 192.168.100.5/24 on the computer connect to the Azure Data Box Edge device
  4. Activate the Azure Data Box Edge device
  5. Add and connect to shares on your Data Box Edge device
  6. Create an IoT Hub resource
  7. Configure a compute role on your Azure Data Box Edge device

Azure Data Box Edge allows you to process data in a secure fashion, such as removing Personally Identifiable Information (PII) and sending it over the network.

First, you need to create a Data Box Edge resource before you install a Data Box Edge physical device. You will then have to unpack the device and install the rack and associated cables.

To complete the device setup, connect to the local web UI. You will assign the IP address of 192.168.100.5/24 on the computer connecting to the Azure Data Box Edge device.

Next, connect your computer to PORT1 on the Data Box Edge physical device. You will then activate the physical device.

After activation, you will add and connect to shares on the Data Box Edge device. Once the shares are added, then the Data Box Edge device can transfer data to Azure.

You will then have to configure compute by creating an IoT Hub resource. Once the Edge compute rule is set up on the Edge device, an IoT device and an IoT Edge device are created.

You cannot assign the IP address of 10.10.10.10/24 on the computer that connects to the Azure Data Box Edge. You need an adapter on the computer that connects to the Azure Data Box Edge to have an IP address of 192.168.100.5/24.

Question 509

The Nutex Corporation wants you to get detailed reports for costs incurred to host and deliver apps on Azure. You want to create reports that provide insights into various factors that affect Azure costs.

Which of the following factors affect Azure costs? (Choose four.)

A. The amount of time you spend on the Azure portal
B. The number of reports that you download from the Azure portal
*C. Egress data
*D. The location where the product/service is hosted geographically
*E. The resource types required by Azure Special services such as ExpressRoute
*F. Ingress data

Explanation

The following factors affect Azure costs:

  • Ingress data
  • Egress data
  • The location where the product/service is hosted geographically
  • Special services, such as ExpressRoute
  • The resource types required by Azure services

Ingress data is not always charged. The charges depend on the plan you use for Azure services. Ingress to Azure datacenters from on-premises environments is not charged, whereas ingress data from VPNs is charged.

Azure charges customers based on the geographical locations in which the apps and services are deployed. Prices vary by the regions that define the geographical locations.

Egress data is always charged. The charges depend on whether the egress data is for regular services, or VPN connectivity, or features such as ExpressRoute. The charges also depend on the regions that egressed data.

Special services such as ExpressRoute incur additional costs because ExpressRoute lets customers extend their on-premises networks into the Microsoft cloud over a private connection facilitated by their connectivity provider.

The services you purchase or products you deploy have specific resource types depending on the category of service or the product. The unit charges for resource types vary by category.

The amount of time you spend on the Azure portal does not affect Azure costs. Microsoft does not charge you for using the Azure portal.

The number of reports that you download from the Azure portal does not affect Azure costs. Downloading reports is not charged, and you can download unlimited reports.

Question 510

You’ve been appointed as an Azure Administrator at the Nutex Corporation. The Nutex Corporation has adopted Azure recently and purchased some subscriptions.

The management is concerned about external threats directed at the subscriptions. The management wants you to use Azure Advisor to harden the subscriptions.

What steps should you perform in the Azure portal to use Azure Advisor to harden the subscriptions?

Choose the appropriate choices from the left and place them in the correct order on the right.

Unordered Choices:

  • Sort the recommendations in the descending order of the SECURE SCORE IMPACT
  • Click Advisor in the left pane or click All Services > Advisor (under MONITORING + MANAGEMENT).
  • Click Resource Security Hygiene.
  • Log in to the Azure portal.
  • Click Policy & Compliance.
  • Click the Performance tab.
  • Click Threat protection.
  • Click the Security tab.

Answer: Correct Order:

  1. Log in to the Azure portal.
  2. Click Advisor in the left pane or click All Services > Advisor (under MONITORING + MANAGEMENT).
  3. Click the Security tab.
  4. Click Threat protection.
  5. Sort the recommendations in the descending order of the SECURE SCORE IMPACT

Explanation

Azure Advisor is a personalized cloud consultant that helps follow best practices to optimize Azure deployments. You must perform the following sequence of steps to use Azure Advisor and harden subscriptions:

Log in to the Azure portal.

To access Azure Advisor, Click Advisor in the left pane or click All Services > Advisor (under MONITORING + MANAGEMENT).

Azure Advisor gives recommendations in the following areas: High Availability, Security, Performance, and Cost. Since you want to harden subscriptions, click the Security tab, and then Threat protection. The Performance tab will show recommendations to improve performance, not to harden security.

Azure Advisor uses the Azure Security Center scans to periodically analyze the security state of the Azure deployment and identify potential security vulnerabilities. Some of what the Security Center scans include resources for vulnerabilities and resources for attacks. In this case, as a higher priority and to be proactive, we analyze Threat protection.

Security Center also provides you with recommendations on how to remove the vulnerabilities and threats. In this case, first sort the recommendations to see them in the descending order and tackle the ones with higher Secure Score Impact. Secure Score Impact is a score generated by Security Center using the security recommendations and applying advanced algorithms to determine how crucial each recommendation is.

Each recommendation provides you with a short description, the remediation steps to implement the recommendation, resources that need remediation, and the Secure Score Impact, which is the amount that your secure score will go up if you implement this recommendation. So, click the top-most recommendation.

Implement the steps in the recommendation.

You should not choose Policy & Compliance. This is an option in the Security Center overview that helps you find least compliant subscriptions. This option can show compliance but does not show vulnerabilities.

You should not choose Resource Security Hygiene. This is an option in the Security Center overview that can be used to create an interactive network map of resources such as VMs, subnets, VNets, etc. across multiple subscriptions, but does not show vulnerabilities.