The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.
Question 81
Your company has an Azure subscription that contains resources in several regions.
A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
What should you create?
A. a read-only lock
* B. an Azure policy
C. a management group
D. a reservation
Explanation
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy meets this need by evaluating your resources for non-compliance with assigned policies. All data stored by Azure Policy is encrypted at rest. For example, you can have a policy to allow only a certain SKU size of virtual machines in your environment. Once this policy is implemented, new and existing resources are evaluated for compliance. With the right type of policy, existing resources can be brought into compliance.
Azure Policy offers several built-in policies that are available by default. In this question, we would use the ‘Allowed Locations’ policy to define the locations where resources can be deployed.
There are a few key differences between Azure Policy and role-based access control (RBAC). RBAC focuses on user actions at different scopes. You might be added to the contributor role for a resource group, allowing you to make changes to that resource group. Azure Policy focuses on resource properties during deployment and for already existing resources. Azure Policy controls properties such as the types or locations of resources. Unlike RBAC, Azure Policy is a default allow and explicit deny system.
Question 82
From [Azure Cloud Shell], you can track your company’s regulatory standards and regulations, such as ISO 27001.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.
A. No change is needed.
B. the Microsoft Cloud Partner Portal
* C. Compliance Manager
D. the Trust Center
Explanation
Microsoft Compliance Manager (Preview) is a free workflow-based risk assessment tool that lets you track, assign, and verify regulatory compliance activities related to Microsoft cloud services. Azure Cloud Shell, on the other hand, is an interactive, authenticated, browser-accessible shell for managing Azure resources.
Question 83
The [Microsoft Online Services Privacy Statement] explains what data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.
* A. No change is needed.
B. Microsoft Online Services Terms
C. Microsoft Online Service Level Agreement
D. Online Subscription Agreement for Microsoft Azure
Explanation
The Microsoft Privacy Statement explains what personal data Microsoft processes, how Microsoft processes the data, and the purpose of processing the data.
Question 84
You need to configure an Azure solution that meets the following requirements:
- Secures websites from attacks
- Generates reports that contain details of attempted attacks
What should you include in the solution?
A. Azure Firewall
B. a network security group (NSG)
C. Azure Information Protection
* D. DDoS protection
Explanation
DDoS is a type of attack that tries to exhaust application resources. The goal is to affect the application’s availability and its ability to handle legitimate requests. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Azure has two DDoS service offerings that provide protection from network attacks: DDoS Protection Basic and DDoS Protection Standard.
DDoS Basic protection is integrated into the Azure platform by default and at no extra cost.
You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry. DDoS Standard can generate reports that contain details of attempted attacks as required in this question.
Distributed denial of service (DDoS) attacks are some of the largest availability and security concerns facing customers that are moving their applications to the cloud. A DDoS attack attempts to exhaust an application’s resources, making the application unavailable to legitimate users. DDoS attacks can be targeted at any endpoint that is publicly reachable through the internet.
Product features:
- Always-on monitoring and automatic network attack mitigation
- Adaptive tuning based on platform insights in Azure
- Application layer protection with Azure Application Gateway Web Application Firewall
- Integration with Azure Monitor for analytics and insights
- Protection against the unforeseen costs of a DDoS attack
Question 85
You attempt to create several managed Microsoft SQL Server instances in an Azure environment and receive a message that you must increase your Azure subscription limits. What should you do to increase the limits?
A. Create a service health alert
B. Upgrade your support plan
C. Modify an Azure policy
* D. Create a new support request
Explanation
Many Azure resource have quote limits. The purpose of the quota limits is to help you control your Azure costs. However, it is common to require an increase to the default quota.
You can request a quota limit increase by opening a support request. In the support request, select ‘Service and subscription limits (quotas)’ for the Issue type, select your subscription and the service you want to increase the quota for. For this question, you would select ‘SQL Database Managed Instance’ as the quote type.
If you want to raise the limit or quota above the default limit, open an online customer support request at no charge.
Free Trial subscriptions aren’t eligible for limit or quota increases. If you have a Free Trial subscription, you can upgrade to a Pay-As-You-Go subscription. For more information, see Upgrade your Azure Free Trial subscription to a Pay-As-You-Go subscription and the Free Trial subscription FAQ.
Quotas for resources in Azure resource groups are per-region accessible by your subscription, not per-subscription as the service management quotas are. Let’s use vCPU quotas as an example. To request a quota increase with support for vCPUs, you must decide how many vCPUs you want to use in which regions. You then make a specific request for Azure resource group vCPU quotas for the amounts and regions that you want. If you need to use 30 vCPUs in West Europe to run your application there, you specifically request 30 vCPUs in West Europe. Your vCPU quota isn’t increased in any other region–only West Europe has the 30-vCPU quota.
As a result, decide what your Azure resource group quotas must be for your workload in any one region. Then request that amount in each region into which you want to deploy. For help in how to determine your current quotas for specific regions, see Troubleshoot deployment issues.
Question 86
Your company has 10 offices. You plan to generate several billing reports from the Azure portal.
Each report will contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
* A. tags
B. templates
C. locks
D. policies
Explanation
You can use resource tags to ‘label’ Azure resources. Tags are metadata elements attached to resources. Tags consist of pairs of key/value strings. In this question, we would tag each resource with a tag to identify each office. For example: Location = Office1. When all Azure resources are tagged, you can generate reports to list all resources based on the value of the tag. For example: All resources used by Office1.
Question 87
Your company plans to migrate to Azure.
The company has several departments.
All the Azure resources used by each department will be managed by a department administrator.
What are two possible techniques to segment Azure for the departments? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
* A. multiple subscriptions
B. multiple Azure Active Directory (Azure AD) directories
C. multiple regions
* D. multiple resource groups
Explanation
An Azure subscription is a container for Azure resources. It is also a boundary for permissions to resources and for billing. You are charged monthly for all resources in a subscription. A single Azure tenant (Azure Active Directory) can contain multiple Azure subscriptions.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
To enable each department administrator to manage the Azure resources used by that department, you will need to create a separate subscription per department. You can then assign each department administrator as an administrator for the subscription to enable them to manage all resources in that subscription.
Question 88
If Microsoft plans to end support for an Azure service that does NOT have a successor service, Microsoft will provide notification at least [12 months] before.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
* A. No change is needed.
B. 6 months
C. 90 days
D. 30 days
Explanation
The Modern Lifecycle Policy covers products and services that are serviced and supported continuously. For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months’ notification prior to ending support if no successor product or service is offered—excluding free services or preview releases.
Question 89
Your company has an Azure subscription that contains the following unused resources:
- 20 user accounts in Azure Active Directory (Azure AD)
- Five groups in Azure AD
- 10 public IP addresses
- 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused network interfaces.
Does this meet the goal?
A. Yes
* B. No
Explanation
You are not charged for unused network interfaces. Therefore, deleting unused network interfaces will not reduce the Azure costs for the company.
Question 90
Your company has an Azure subscription that contains the following unused resources:
- 20 user accounts in Azure Active Directory (Azure AD)
- Five groups in Azure AD
- 10 public IP addresses
- 10 network interfaces
You need to reduce the Azure costs for the company.
Solution: You remove the unused public IP addresses.
Does this meet the goal?
* A. Yes
B. No
Explanation
You are charged for public IP addresses. Therefore, deleting unused public IP addresses will reduce the Azure costs.
When creating a virtual machine using the Azure portal, the portal creates a network interface with default settings for you. If you’d rather specify all your network interface settings, you can create a network interface with custom settings and attach the network interface to a virtual machine when creating the virtual machine (using PowerShell or the Azure CLI). You can also create a network interface and add it to an existing virtual machine (using PowerShell or the Azure CLI).
To learn how to create a virtual machine with an existing network interface or to add to, or remove network interfaces from existing virtual machines, see Add or remove network interfaces. Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in.