The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 771
To complete the sentence, select the appropriate option in the answer area.
Your company implements __________ to automatically add a watermark to Microsoft Word documents that contain credit card information.
Answer Area:
A. Azure policies
B. DDoS protection
*C. Azure Information Protection
D. Azure Active Directory (Azure AD) Identity Protection
Explanation
Azure Information Protection is used to automatically add a watermark to Microsoft Word documents that contain credit card information.
You use Azure Information Protection labels to apply classification to documents and emails. When you do this, the classification is identifiable regardless of where the data is stored or with whom it’s shared. The labels can include visual markings such as a header, footer, or watermark.
Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations. In this question, we would configure a label to be automatically applied to Microsoft Word documents that contain credit card information. The label would then add the watermark to the documents.
Question 772
What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
A. the Knowledge Center website
B. the Advisor blade from the Azure portal
*C. Compliance Manager from the Service Trust Portal
D. the Solutions blade from the Azure portal
Explanation
Compliance Manager in the Service Trust Portal is a workflow-based risk assessment tool that helps you track, assign, and verify your organization’s regulatory compliance activities related to Microsoft Cloud services, such as Microsoft 365, Dynamics 365, and Azure.
Question 773
What can Azure Information Protection encrypt?
A. network traffic
*B. documents and email messages
C. an Azure Storage account
D. an Azure SQL database
Explanation
Azure Information Protection can encrypt documents and emails.
Azure Information Protection is a cloud-based solution that helps an organization to classify and optionally, protect its documents and emails by applying labels. Labels can be applied automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.
The protection technology uses Azure Rights Management (often abbreviated to Azure RMS). This technology is integrated with other Microsoft cloud services and applications, such as Office 365 and Azure Active Directory.
This protection technology uses encryption, identity, and authorization policies. Similarly to the labels that are applied, protection that is applied by using Rights Management stays with the documents and emails, independently of the location — inside or outside your organization, networks, file servers, and applications.
Question 774
Which Azure service can you use as a security information and event management (SIEM) solution?
A. Azure Analysis Services
*B. Azure Sentinel
C. Azure Information Protection
D. Azure Cognitive Services
Question 775
Which Azure service should you use to store certificates?
A. Azure Security Center
B. an Azure Storage account
*C. Azure Key Vault
D. Azure Information Protection
Explanation
Azure Key Vault is a secure store for storage various types of sensitive information including passwords and certificates.
Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
Secrets and keys are safeguarded by Azure, using industry-standard algorithms, key lengths, and hardware security modules (HSMs). The HSMs used are Federal Information Processing Standards (FIPS) 140–2 Level 2 validated.
Access to a key vault requires proper authentication and authorization before a caller (user or application) can get access. Authentication establishes the identity of the caller, while authorization determines the operations that they are allowed to perform.
Question 776
Which service provides network traffic filtering across multiple Azure subscriptions and virtual networks?
*A. Azure Firewall
B. an application security group
C. Azure DDoS protection
D. a network security group (NSG)
Explanation
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
Question 777
To complete the sentence, select the appropriate option in the answer area.
From __________ you can view which user turned off a specific virtual machine during the last 14 days.
Answer Area:
A. Azure Access Control IAM
B. Azure Event Hubs
*C. Azure Activity Log
D. Azure Service Health
Explanation
You would use the Azure Activity Log, not Access Control to view which user turned off a specific virtual machine during the last 14 days.
Activity logs are kept for 90 days. You can query for any range of dates, as long as the starting date isn’t more than 90 days in the past.
In this question, we would create a filter to display shutdown operations on the virtual machine in the last 14 days.
Question 778
Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
*A. network security groups (NSGs)
B. Azure Service Bus
C. a local network gateway
D. a route filter
Explanation
A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can also attach a network security group to a network interface assigned to a virtual machine. You can use multiple network security groups within a virtual network to restrict traffic between resources such as virtual machines and subnets.
You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
Question 779
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure Traffic Manager profile.
Does this meet the goal?
A. Yes
*B. No
Explanation
Azure Traffic Manager is a DNS-based load balancing solution. It is not used to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
To ensure that a virtual machine named VM1 is accessible from the Internet over HTTP, you need to modify a network security group or Azure Firewall.
In this question, we need to add a rule to a network security group or Azure Firewall to allow the connection to the virtual machine on port 80 (HTTP).
Question 780
Your Azure environment contains multiple Azure virtual machines.
You need to ensure that a virtual machine named VM1 is accessible from the Internet over HTTP.
Solution: You modify an Azure firewall.
Does this meet the goal?
*A. Yes
B. No
Explanation
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
In this question, we need to add a rule to Azure Firewall to allow the connection to the virtual machine on port 80 (HTTP).