Question 12
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: No -
Azure resources deployed to a single resource group can be located in different regions. The resource group only contains metadata about the resources it contains.
When creating a resource group, you need to provide a location for that resource group. You may be wondering, "Why does a resource group need a location?
And, if the resources can have different locations than the resource group, why does the resource group location matter at all?" The resource group stores metadata about the resources. When you specify a location for the resource group, you're specifying where that metadata is stored. For compliance reasons, you may need to ensure that your data is stored in a particular region.
Box 2: No -
Tags for Resources are not inherited by default from their Resource Group
Box 3: Yes -
A resource group can be used to scope access control for administrative actions. By default, permissions set at the resource level are inherited by the resources in the resource group.
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-overview
Question 15
HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer :
Explanation:
Box 1: No -
Azure Advisor provides you with a consistent, consolidated view of recommendations for all your Azure resources. It integrates with Azure Security Center to bring you security recommendations. You can get security recommendations from the Security tab on the Advisor dashboard. Examples of recommendations include restricting access to virtual machines by configuring Network Security Groups, enabling storage encryption, installing vulnerability assessment solutions.
However, Azure Advisor does not provide recommendations on how to improve the security of an Azure AD environment.
Box 2: Yes -
Advisor helps you optimize and reduce your overall Azure spend by identifying idle and underutilized resources. You can get cost recommendations from the Cost tab on the Advisor dashboard.
Box 3: No.
Azure Advisor does not provide recommendations on how to configure network settings on Azure virtual machines.
References:
https://docs.microsoft.com/en-us/azure/advisor/advisor-security-recommendations https://docs.microsoft.com/en-us/azure/advisor/advisor-cost-recommendations
Explanation:
One of the major changes that you will face when you move from on-premises cloud to the public cloud is the switch from capital expenditure (buying hardware) to operating expenditure (paying for service as you use it).
Box 1: No -
With the pay-as-go model, you pay for services as you use them. This is Opex (Operational Expenditure), not CapEx (Captial Expenditure). CapEx is where you pay for something upfront. For example, buying a new physical server.
Box 2: No -
A reserved instance is where you pay upfront for the use of a virtual machine for a period of time (1 or 3 years). This can save you money as you receive a discount on the cost of a VM if you pay upfront for a reserved instance. However, as this is an upfront payment, it will be classed as CapEx, not OpEx.
Box 3: Yes -
Deploying your own datacenter is an example of CapEx. This is because you need to purchase all the infrastructure upfront before you can use it.
References:
https://docs.microsoft.com/en-us/azure/architecture/cloud-adoption/appendix/azure-scaffold
Question 27 ( Understand Cloud Concepts )
A team of developers at your company plans to deploy, and then remove, 50 virtual machines each week. All the virtual machines are configured by using Azure
Resource Manager templates.
You need to recommend which Azure service will minimize the administrative effort required to deploy and remove the virtual machines.
What should you recommend?
- A. Azure Reserved Virtual Machine (VM) Instances
- B. Azure DevTest Labs
- C. Azure virtual machine scale sets
- D. Microsoft Managed Desktop
Answer : B
Explanation:
DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates.
By using DevTest Labs, you can test the latest versions of your applications by doing the following tasks:
-> Quickly provision Windows and Linux environments by using reusable templates and artifacts.
-> Easily integrate your deployment pipeline with DevTest Labs to provision on-demand environments.
-> Scale up your load testing by provisioning multiple test agents and create pre-provisioned environments for training and demos.
Reference:
https://docs.microsoft.com/en-us/azure/lab-services/devtest-lab-overview
Explanation:
Box 1: No -
You cannot add physical servers to the public cloud. You can only deploy virtual servers in the public cloud. You can extend a private cloud by deploying virtual servers in a public cloud. This would create a hybrid cloud.
Box 2: Yes -
A hybrid cloud is a combination of a private cloud and public cloud. Therefore, to create a hybrid cloud, you must deploy resources to a public cloud.
Box 3: No.
It is not true that a private cloud must be disconnected from the Internet. Private clouds can be and most commonly are connected to the Internet. "Private cloud" means that the physical servers are managed by you. It does not mean that it is disconnected from the Internet.
References:
https://azure.microsoft.com/en-gb/overview/what-are-private-public-hybrid-clouds/
Explanation:
Box 1: No -
An Azure AD tenant can have multiple subscriptions but an Azure subscription can only be associated with one Azure AD tenant.
Box 2: Yes -
Box 3: No -
If your subscription expires, you lose access to all the other resources associated with the subscription. However, the Azure AD directory remains in Azure. You can associate and manage the directory using a different Azure subscription.
References:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
Question 47 ( Understand Core Azure Services )
You plan to store 20 TB of data in Azure. The data will be accessed infrequently and visualized by using Microsoft Power BI.
You need to recommend a storage solution for the data.
Which two solutions should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. Azure Data Lake
- B. Azure Cosmos DB
- C. Azure SQL Data Warehouse
- D. Azure SQL Database
- E. Azure Database for PostgreSQL
Answer :AC
Explanation:
You can use Power BI to analyze and visualize data stored in Azure Data Lake and Azure SQL Data Warehouse.
Azure Data Lake includes all of the capabilities required to make it easy for developers, data scientists and analysts to store data of any size and shape and at any speed, and do all types of processing and analytics across platforms and languages. It removes the complexities of ingesting and storing all your data while making it faster to get up and running with batch, streaming and interactive analytics. It also integrates seamlessly with operational stores and data warehouses so that you can extend current data applications.
References:
https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-power-bi https://azure.microsoft.com/en-gb/solutions/data-lake/ https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-power-bi
Question 50 ( Understand Core Azure Services )
HOTSPOT -
You plan to extend your company"™s network to Azure. The network contains a VPN appliance that uses an IP address of 131.107.200.1.
You need to create an Azure resource that defines the VPN appliance in Azure.
Which Azure resource should you create? To answer, select the appropriate resource in the answer area.
Hot Area:
Answer :
Explanation:
A Local Network Gateway is an object in Azure that represents your on-premise VPN device. A Virtual Network Gateway is the VPN object at the Azure end of the
VPN. A "˜connection"™ is what connects the Local Network Gateway an the Virtual Network Gateway to bring up the VPN.
The local network gateway typically refers to your on-premises location. You give the site a name by which Azure can refer to it, then specify the IP address of the on-premises VPN device to which you will create a connection. You also specify the IP address prefixes that will be routed through the VPN gateway to the VPN device. The address prefixes you specify are the prefixes located on your on-premises network. If your on-premises network changes or you need to change the public IP address for the VPN device, you can easily update the values later.
References:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal
HOTSPOT -
You create a resource group named RG1 in Azure Resource Manager.
You need to prevent the deletion of the resources in RG1.
Which setting should you use? To answer, select the appropriate setting in the answer area.
There are two types of resource locks. one, Readonly lock that allows to check resources but do not allow any changes. Two, Delete lock that allows to change resources except delete. This is to protect resources from accidental/unwanted deletes. so it requires Delete lock at the resource group level. If the Delet lock is at subscription level then that inherits to RG under the subscription. To answer question it's Delete Lock
QUESTION 34 To what should an application connect to retrieve security tokens?
A. an Azure Storage account
B. Azure Active Directory (Azure AD)
C. a certificate store
D. an Azure key vault
Correct Answer: B
The answer B is correct, because it asks what "an application should connect to". An Application cannot connect to a Key Vault.
QUESTION 33 Your company plans to deploy several web servers and several database servers to Azure.
You need to recommend an Azure solution to limit the types of connections from the web servers to the database servers.
What should you include in the recommendation?
A. network security groups (NSGs)
B. Azure Service Bus
C. a local network gateway
D. a route filter
Correct Answer: A
QUESTION 29
Which two types of customers are eligible to use Azure Government to develop a cloud solution? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. a Canadian government contractor
B. a European government contractor
C. a United States government entity
D. a United States government contractor
E. a European government entity
Correct Answer: CD
Section: Understand Security, Privacy, Compliance and Trust Explanation
Explanation/Reference:
References: https://docs.microsoft.com/en-us/learn/modules/intro-to-azure-government/2-what-is-azure-government
QUESTION 25
Which Azure service should you use to correlate events from multiple resources into a centralized repository?
A. Azure Event Hubs
B. Azure Analysis Services
C. Azure Monitor
D. Azure Log Analytics
Correct Answer: D
QUESTION 20 This question requires that you evaluate the underlined text to determine
if it is correct.
Azure policies provide a common platform for deploying objects to a cloud infrastructure and for implementing consistency across the Azure environment.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.
A. No change is needed
B. Resource groups provide
C. Azure Resource Manager provides
D. Management groups provide
Correct Answer: C
Section: Understand Core Azure Services
QUESTION 22 Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
A. Azure Resource Manager templates
B. virtual machine scale sets
C. the Azure API Management service
D. management groups
Correct Answer: A
Question 125
You need to view a list of planned maintenance events that can affect the availability of an Azure subscription.
Which blade should you use from the Azure portal?
Answers
What should you use to evaluate whether your company's Azure environment meets regulatory requirements?
- A.the Knowledge Center website
- B.the Advisor blade from the Azure portal
- C.Compliance Manager from the Security Trust Portal
- D.the Security Center blade from the Azure portal
Correct Answer:D
This question requires that you evaluate the underlined text to determine if it is correct.
Your company implements Azure policies to automatically add a watermark to Microsoft Word documents that contain credit card information.
Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct.
- A. No change is needed.
- B. DDoS protection
- C. Azure Information Protection
- D. Azure Active Directory (Azure AD) Identity Protection
Correct Answer: C
References:
https://docs.microsoft.com/en-us/azure/information-protection/infoprotect-quick-start-tutorial
This question requires that you evaluate the underlined text to determine if it is correct.
You have an Azure virtual network named VNET1 in a resource group named RG1.
You assign an Azure policy specifying that virtual networks are not an allowed resource type in RG1. VNET1 is deleted automatically.
Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct.
- A. No change is needed
- B. is moved automatically to another resource group
- C. continues to function normally
- D. is now a read-only object
Correct Answer: A
References:
https://docs.microsoft.com/en-us/azure/governance/policy/overview
Your company has an Azure environment that contains resources in several regions.
A company policy states that administrators must only be allowed to create additional Azure resources in a region in the country where their office is located.
You need to create the Azure resource that must be used to meet the policy requirement.
What should you create?
- A. a read-only lock
- B. an Azure policy
- C. a management group
- D. a reservation
You need to configure an Azure solution that meets the following requirements:
✑ Secures websites from attacks
✑ Generates reports that contain details of attempted attacks
What should you include in the solution?
- A.Azure Firewall
- B.a network security group (NSG)
- C.Azure Information Protection
- D.DDoS protection
Correct Answer:D
Your company plans to migrate all on-premises data to Azure. You need to identify whether Azure complies with the company's regional requirements.
What should you use?
- A. the Knowledge Center
- B. Azure Marketplace
- C. the Azure portal
- D. the Trust Center
Correct Answer: D
Is now called Microsoft Trust Center - https://www.microsoft.com/en-us/trust-center/compliance/regional-country-compliance
Your company has 10 offices. You plan to generate several billing reports from the Azure portal. Each report will contain the Azure resource utilization of each office.
Which Azure Resource Manager feature should you use before you generate the reports?
- A. tags
- B. templates
- C. locks
- D. policies
Correct Answer: A
After you apply tags, you can retrieve all the resources in your subscription with that tag name and value. Tags enable you to retrieve related resources from different resource groups. This approach is helpful when you need to organize resources for billing or management.
This question requires that you evaluate the underlined text to determine if it is correct.
You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will automatically refund your bank account.
Instructions: Review the underlined text. If it makes the statement correct, select "No change is needed". If the statement is incorrect, select the answer choice that makes the statement correct.
- A.No change is needed.
- B.automatically migrate the resource to another subscription
- C.automatically credit your account
- D.send you a coupon code that you can redeem for Azure credits
Correct Answer:C
Your company plans to migrate to Azure. The company has several departments. All the Azure resources used by each department will be managed by a department administrator.
You need to recommend an Azure deployment that provides the ability to segment Azure for the departments. The solution must minimize administrative effort.
What should you include in the recommendation?
- A. multiple subscriptions
- B. multiple Azure Active Directory (Azure AD) directories
- C. multiple regions
- D. multiple resource groups
Correct Answer: A
nswer: 
References:
https://docs.microsoft.com/en-us/azure/azure-resource-manager/manage-resource-groups-portal https://azure.microsoft.com/en-us/pricing/details/bandwidth/
QUESTION 18
Your company plans to deploy several custom applications to Azure. The applications will provide invoicing services to the customers of the company. Each application will have several prerequisite applications and services installed.
You need to recommend a cloud deployment solution for all the applications.
What should you recommend?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Infrastructure as a Service (laaS)
Correct Answer: C
People, do not be fooled. The customs applications mentioned here required prerequisite applications and services. The answer would be we what azure22 said if it was not for those. The answer is 100% IAAS. Given answer IAAS is correct. From the question keyword is that you will require to install your prerequisite applications and services for the custom application to work. This is not an idea of PAAS.
QUESTION 22
This question requires that you evaluate the underlined text to determine if it is correct.
When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines to the same Azure region.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed
B. by using the same Azure Resource Manager template
C. to the same resource group
D. to the same availability zone
Correct Answer: C
QUESTION 26
You need to identify the type of failure for which an Azure Availability Zone can be used to protect access to Azure services. What should you identify?
A. a physical server failure
B. an Azure region failure
C. a storage failure
D. an Azure data center failure
Correct Answer: D
QUESTION 27
You have a virtual machine named VM1 that runs Windows Server 2016. VM1 is in the East US Azure region.
Which Azure service should you use from the Azure portal to view service failure notifications that can affect the availability of VM1?
A. Azure Service Fabric
B. Azure Monitor
C. Azure virtual machines
D. Azure Advisor
Correct Answer: C
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
In the Azure virtual machines page in the Azure portal, there is a named Maintenance Status. This column will display service issues that could affect your virtual
machine. A service failure is rare but host server maintenance that could affect your virtual machines is more common.
Azure periodically updates its platform to improve the reliability, performance, and security of the host infrastructure for virtual machines. The purpose of these
updates ranges from patching software components in the hosting environment to upgrading networking components or decommissioning hardware.
QUESTION 29
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
An Azure administrator plans to run a PowerShell script that creates Azure resources.
You need to recommend which computer configuration to use to run the script.
Solution: Run the script from a computer that runs Chrome OS and uses Azure Cloud Shell.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Explanation/Reference:
Explanation:
A PowerShell script is a file that contains PowerShell cmdlets and code. A PowerShell script needs to be run in PowerShell.
With the Azure Cloud Shell, you can run PowerShell cmdlets and scripts in a Web browser. You log in to the Azure Portal and select the Azure Cloud Shell option.
This will open a PowerShell session in the Web browser. The Azure Cloud Shell has the necessary Azure PowerShell module installed.
Note: to run a PowerShell script in the Azure Cloud Shell, you need to change to the directory where the PowerShell script is stored.
QUESTION 32
You have an Azure environment that contains multiple Azure virtual machines.
You plan to implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines.
You need to recommend which Azure resources must be created for the planned solution.
Which two Azure resources should you include in the recommendation? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a virtual network gateway
B. a load balancer
C. an application gateway
D. a virtual network
E. a gateway subnet
Correct Answer: AE
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
To implement a solution that enables the client computers on your on-premises network to communicate to the Azure virtual machines, you need to configure a
VPN (Virtual Private Network) to connect the on-premises network to the Azure virtual network.
The Azure VPN device is known as a Virtual Network Gateway. The virtual network gateway needs to be located in a dedicated subnet in the Azure virtual network. This dedicated subnet is known as a gateway subnet and must be named ‘GatewaySubnet’.
Note: a virtual network (answer D) is also required. However, as we already have virtual machines deployed in a Azure, we can assume that the virtual network is already in place.
QUESTION 38
This question requires that you evaluate the underlined text to determine if it is correct.
Data that is stored in the Archive access tier of an Azure Storage account can be accessed at any time by using azcopy.exe.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed.
B. can only be read by using Azure Backup
C. must be restored before the data can be accessed
D. must be rehydrated before the data can be accessed
Correct Answer: D
Explanation/Reference:
Explanation:
Azure storage offers different access tiers: hot, cool and archive.
The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take
several hours to retrieve.
While a blob is in archive storage, the blob data is offline and can't be read, overwritten, or modified. To read or download a blob in archive, you must first
rehydrate it to an online tier.
Example usage scenarios for the archive access tier include:
Long-term backup, secondary backup, and archival datasets
Original (raw) data that must be preserved, even after it has been processed into final usable form.
Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.
QUESTION 40
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1.
az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From a computer that runs Windows 10, install Azure CLI. From PowerShell, sign in to Azure and then run the command.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.
References:
https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest
QUESTION 41
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1.
az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From a computer that runs Windows 10, install Azure CLI. From a command prompt, sign in to Azure and then run the command.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
The command can be run from PowerShell or the command prompt if you have the Azure CLI installed.
QUESTION 44
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription named Subscription1. You sign in to the Azure portal and create a resource group named RG1.
From Azure documentation, you have the following command that creates a virtual machine named VM1.
az vm create --resource-group RG1 --name VM1 --image UbuntuLTS --generate-ssh-keys
You need to create VM1 in Subscription1 by using the command.
Solution: From the Azure portal, launch Azure Cloud Shell and select Bash. Run the command in Cloud Shell.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
The command can be run in the Azure Cloud Shell.
The Azure Cloud Shell is a free interactive shell. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to
https:// shell.azure.com/bash.
QUESTION 45
Your company has several business units.
Each business unit requires 20 different Azure resources for daily operation. All the business units require the same type of Azure resources.
You need to recommend a solution to automate the creation of the Azure resources.
What should you include in the recommendations?
A. Azure Resource Manager templates
B. virtual machine scale sets
C. the Azure API Management service
D. management groups
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resource through templates is known as
‘Infrastructure as code’.
To implement infrastructure as code for your Azure solutions, use Azure Resource Manager templates. The template is a JavaScript Object Notation (JSON) file
that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without
having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.
QUESTION 49
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure environment. You need to create a new Azure virtual machine from a tablet that runs the Android operating system.
Solution: You use the Azure portal.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
The Azure portal is a web-based, unified console that provides an alternative to command-line tools. With the Azure portal, you can manage your Azure
subscription using a graphical user interface. You can build, manage, and monitor everything from simple web apps to complex cloud deployments. Create custom
dashboards for an organized view of resources. Configure accessibility options for an optimal experience.
Being web-based, the Azure portal can be run on a browser from a tablet that runs the Android operating system.
QUESTION 50
This question requires that you evaluate the underlined text to determine if it is correct.
Azure Databricks is an Apache Spark-based analytics service.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed.
B. Azure Data Factory
C. Azure DevOps
D. Azure HDInsight
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
Azure Databricks is an Apache Spark-based analytics platform. The platform consists of several components including ‘MLib’. Mlib is a Machine Learning library
consisting of common learning algorithms and utilities, including classification, regression, clustering, collaborative filtering, dimensionality reduction, as well as
underlying optimization primitives.
QUESTION 51
Which Azure service provides a set of version control tools to manage code?
A. Azure Repos
B. Azure DevTest Labs
C. Azure Storage
D. Azure Cosmos DB
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
Azure Repos is a set of version control tools that you can use to manage your code.
B: Azure DevTest Labs creates labs consisting of pre-configured bases or Azure Resource Manager templates. These have all the necessary tools and software that you can use to create environments.
D: Azure Cosmos DB is Microsoft's globally distributed, multi-model database service.
QUESTION 52
This question requires that you evaluate the underlined text to determine if it is correct.
Azure Site Recovery provides fault tolerance for virtual machines.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed.
B. disaster recovery
C. elasticity
D. high availability
Correct Answer: A
Section: Understand Core Azure Services
Explanation
Explanation/Reference:
Explanation:
Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads
running on physical and virtual machines (VMs) from a primary site to a secondary location.
QUESTION 56
This question requires that you evaluate the underlined text to determine if it is correct.
Azure Key Vault is used to store secrets for Azure Active Directory (Azure AD) user accounts.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed
B. Azure Active Directory (Azure AD) administrative accounts
C. Personally Identifiable Information (PII)
D. server applications
Correct Answer: D
Section: Understand Security, Privacy, Compliance and Trust
Explanation
Explanation/Reference:
Explanation:
Centralizing storage of application secrets in Azure Key Vault allows you to control their distribution. Key Vault greatly reduces the chances that secrets may be
accidentally leaked. When using Key Vault, application developers no longer need to store security information in their application. Not having to store security
information in applications eliminates the need to make this information part of the code. For example, an application may need to connect to a database. Instead
of storing the connection string in the app's code, you can store it securely in Key Vault.
QUESTION 71
Which service provides network traffic filtering across multiple Azure subscriptions and virtual networks?
A. Azure Firewall
B. an application security group
C. Azure DDoS protection
D. a network security group (NSG)
Correct Answer: A
Section: Understand Security, Privacy, Compliance and Trust
Explanation
Explanation/Reference:
Explanation:
You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with
built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static
public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
QUESTION 73
You have a resource group named RG1.
You plan to create virtual networks and app services in RG1.
You need to prevent the creation of virtual machines only in RG1.
What should you use?
A. a lock
B. an Azure role
C. a tag
D. an Azure policy
Correct Answer: D
Explanation/Reference:
Explanation:
Azure policies can be used to define requirements for resource properties during deployment and for already existing resources. Azure Policy controls properties
such as the types or locations of resources.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so
those resources stay compliant with your corporate standards and service level agreements.
In this question, we would create a Azure policy assigned to the resource group that denies the creation of virtual machines in the resource group.
You could place a read-only lock on the resource group. However, that would prevent the creation of any resources in the resource group, not virtual machines
only. Therefore, an Azure Policy is a better solution.
QUESTION 75
What should you use to evaluate whether your company’s Azure environment meets regulatory requirements?
A. the Knowledge Center website
B. the Advisor blade from the Azure portal
C. Compliance Manager from the Security Trust Portal
D. the Security Center blade from the Azure portal
Correct Answer: D
Section: Understand Security, Privacy, Compliance and Trust
Explanation
Explanation/Reference:
Explanation:
The Security Center blade from the Azure portal includes the ‘regulatory compliance dashboard’.
The regulatory compliance dashboard provides insight into your compliance posture for a set of supported standards and regulations, based on continuous
assessments of your Azure environment.
In the Azure Security Center regulatory compliance blade, you can get an overview of key portions of your compliance posture with respect to a set of supported
standards. Currently supported standards are Azure CIS, PCI DSS 3.2, ISO 27001, and SOC TSP.
In the dashboard, you will find your overall compliance score, and the number of passing versus failing assessments with each standard. You can now focus your
attention on the gaps in compliance for a standard or regulation that is important to you.
QUESTION 78
This question requires that you evaluate the underlined text to determine if it is correct.
You have an Azure virtual network named VNET1 in a resource group named RG1.
You assign an Azure Policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 is deleted
automatically.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed
B. is moved automatically to another resource group
C. continues to function normally
D. is now a read-only object
Correct Answer: C
Section: Understand Security, Privacy, Compliance and Trust
Explanation
Explanation/Reference:
Explanation:
The VNet will be marked as ‘Non-compliant’ when the policy is assigned. However, it will not be deleted and will continue to function normally.
Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so
those resources stay compliant with your corporate standards and service level agreements.
If there are any existing resources that aren't compliant with a new policy assignment, they appear under Non-compliant resources.
QUESTION 81
This question requires that you evaluate the underlined text to determine if it is correct.
The Microsoft Online Services Privacy Statement explains what data Microsoft processes, how Microsoft processes the data, and the purpose of processing the
data.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed.
B. Microsoft Online Services Terms
C. Microsoft Online Service Level Agreement
D. Online Subscription Agreement for Microsoft Azure
Correct Answer: A
Section: Understand Security, Privacy, Compliance and Trust
QUESTION 93
In which Azure support plans can you open a new support request?
A. Premier and Professional Direct only
B. Premier, Professional Direct, and Standard only
C. Premier, Professional Direct, Standard, and Developer only
D. Premier, Professional Direct, Standard, Developer, and Basic
Correct Answer: C
Section: Understand Azure Pricing and Support
Explanation
Explanation/Reference:
Explanation:
You can open support cases in the following plans: Premier, Professional Direct, Standard, and Developer only.
You cannot open support cases in the Basic support plan.
QUESTION 101
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might
meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to purchase an Azure subscription.
The company’s support policy states that the Azure environment must provide an option to access support engineers by phone or email.
You need to recommend which support plan meets the support policy requirement.
Solution: Recommend a Standard support plan.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Section: Understand Azure Pricing and Support
Explanation
Explanation/Reference:
Explanation:
The Standard, Professional Direct, and Premier support plans have technical support for engineers via email and phone.
QUESTION 105
This question requires that you evaluate the underlined text to determine if it is correct.
Your Azure trial account expired last week. You are now unable to create additional Azure Active Directory (Azure AD) user accounts.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that
makes the statement correct.
A. No change is needed
B. start an existing Azure virtual machine
C. access your data stored in Azure
D. access the Azure portal
Correct Answer: B
Section: Understand Azure Pricing and Support
Explanation
Explanation/Reference:
Explanation:
A stopped (deallocated) VM is offline and not mounted on an Azure host server. Starting a VM mounts the VM on a host server before the VM starts. As soon as
the VM is mounted, it becomes chargeable. For this reason, you are unable to start a VM after a trial has expired.
Incorrect Answers:
A: You are not charged for Azure Active Directory user accounts so you can continue to create accounts.
C: You can access data that is already stored in Azure.
D: You can access the Azure Portal. You can also reactivate and upgrade the expired subscription in the portal.
QUESTION 108
Which statement accurately describes the Modern Lifecycle Policy for Azure services?
A. Microsoft provides mainstream support for a service for five years.
B. Microsoft provides a minimum of 12 months’ notice before ending support for a service.
C. After a service is made generally available, Microsoft provides support for the service for a minimum of four years.
D. When a service is retired, you can purchase extended support for the service for up to five years.
Correct Answer: B
Section: Understand Azure Pricing and Support
Explanation
Explanation/Reference:
Explanation:
For products governed by the Modern Lifecycle Policy, Microsoft will provide a minimum of 12 months' notification prior to ending support if no successor product
or service is offered—excluding free services or preview
