Microsoft - AZ-900: Microsoft Azure Fundamentals
Sample Questions
Question: 489
Measured Skill: Describe Azure management and governance (30–35%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Identity Protection.
Does this meet the goal?Correct answer: AExplanation:
Identity Protection allows organizations to accomplish three key tasks:
- Automate the detection and remediation of identity-based risks.
- Investigate risks using data in the portal.
- Export risk detection data to other tools.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
To protect your users, you can configure risk-based policies in Azure Active Directory (Azure AD) that automatically respond to risky behaviors. Azure AD Identity Protection policies can automatically block a sign-in attempt or require additional action, such as require a password change or prompt for Azure AD Multi-Factor Authentication.
References:
What is Identity Protection?
Enable user risk policy for password change
Question: 490
Measured Skill: Describe Azure management and governance (30–35%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Privileged Identity Management.
Does this meet the goal?Correct answer: BExplanation:
Azure AD Privileged Identity Management is not suitable to enforce password changes on risky sign-ins. We should use Azure AD Identity Protection instead.
Identity Protection allows organizations to accomplish three key tasks:
- Automate the detection and remediation of identity-based risks.
- Investigate risks using data in the portal.
- Export risk detection data to other tools.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
To protect your users, you can configure risk-based policies in Azure Active Directory (Azure AD) that automatically respond to risky behaviors. Azure AD Identity Protection policies can automatically block a sign-in attempt or require additional action, such as require a password change or prompt for Azure AD Multi-Factor Authentication.
References:
What is Identity Protection?
Enable user risk policy for password change
Question: 491
Measured Skill: Describe Azure management and governance (30–35%)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. Determine whether the solution meets the stated goals.
Your company has an Azure Active Directory (Azure AD) environment. Users occasionally connect to Azure AD via the Internet.
You have been tasked with making sure that users who connect to Azure AD via the internet from an unidentified IP address, are automatically encouraged to change passwords.
Solution: You configure the use of Azure AD Password Protection.
Does this meet the goal?Correct answer: BExplanation:
Azure AD Password Protection is not suitable to enforce password changes on risky sign-ins. We should use Azure AD Identity Protection instead.
Identity Protection allows organizations to accomplish three key tasks:
- Automate the detection and remediation of identity-based risks.
- Investigate risks using data in the portal.
- Export risk detection data to other tools.
Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory.
To protect your users, you can configure risk-based policies in Azure Active Directory (Azure AD) that automatically respond to risky behaviors. Azure AD Identity Protection policies can automatically block a sign-in attempt or require additional action, such as require a password change or prompt for Azure AD Multi-Factor Authentication.
References:
What is Identity Protection?
Enable user risk policy for password change
Question: 492
Measured Skill: Describe Azure architecture and services (35–40%)
Select the answer that correctly completes the sentence.
| A | An Azure DevOps pipeline runs application code in Azure without requiring a server. |
| B | An Azure Resource Manager template runs application code in Azure without requiring a server. |
| C | Azure Application Gateway runs application code in Azure without requiring a server. |
| D | Azure Functions runs application code in Azure without requiring a server. |
Correct answer: DExplanation:
Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.
You focus on the code that matters most to you, in the most productive language for you, and Azure Functions handles the rest.
We often build systems to react to a series of critical events. Whether you're building a web API, responding to database changes, processing IoT data streams, or even managing message queues - every application needs a way to run some code as these events occur.
To meet this need, Azure Functions provides "compute on-demand" in two significant ways.
First, Azure Functions allows you to implement your system's logic into readily available blocks of code. These code blocks are called "functions". Different functions can run anytime you need to respond to critical events.
Second, as requests increase, Azure Functions meets the demand with as many resources and function instances as necessary - but only while needed. As requests fall, any extra resources and application instances drop off automatically.
Where do all the compute resources come from? Azure Functions provides as many or as few compute resources as needed to meet your application's demand.
Providing compute resources on-demand is the essence of serverless computing in Azure Functions.
Reference: Introduction to Azure Functions
Question: 493
Measured Skill: Describe Azure architecture and services (35–40%)
Match the Azure storage services to the appropriate descriptions.
(To answer, drag the appropriate storage service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.)
| A | P1: Azure Blob storage
P2: Azure Queue storage
P3: Azure Disk storage |
| B | P1: Azure Disk storage
P2: Azure Files
P3: Azure Blob storage |
| C | P1: Azure Files
P2: Azure Disk storage
P3: Azure Queue storage |
| D | P1: Azure Files
P2: Azure Queue storage
P3: Azure Blob storage |
| E | P1: Azure Queue storage
P2: Azure Files
P3: Azure Blob storage |
| F | P1: Azure Queue storage
P2: Azure Blob storage
P3: Azure Files |
Correct answer: EExplanation:
The Azure Storage platform includes the following data services:
- Azure Blobs: A massively scalable object store for text and binary data. Also includes support for big data analytics through Data Lake Storage Gen2.
- Azure Files: Managed file shares for cloud or on-premises deployments.
- Azure Elastic SAN (preview): A fully integrated solution that simplifies deploying, scaling, managing, and configuring a SAN in Azure.
- Azure Queues: A messaging store for reliable messaging between application components.
- Azure Tables: A NoSQL store for schemaless storage of structured data.
- Azure managed Disks: Block-level storage volumes for Azure VMs.
Azure Blob Storage is Microsoft's object storage solution for the cloud. Blob Storage is optimized for storing massive amounts of unstructured data. Unstructured data is data that doesn't adhere to a particular data model or definition, such as text or binary data.
Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it's being used. Azure Storage access tiers include:
- Hot tier - An online tier optimized for storing data that is accessed or modified frequently. The hot tier has the highest storage costs, but the lowest access costs.
- Cool tier - An online tier optimized for storing data that is infrequently accessed or modified. Data in the cool tier should be stored for a minimum of 30 days. The cool tier has lower storage costs and higher access costs compared to the hot tier.
- Archive tier - An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the archive tier should be stored for a minimum of 180 days.
Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol, Network File System (NFS) protocol, and Azure Files REST API. Azure file shares can be mounted concurrently by cloud or on-premises deployments. SMB Azure file shares are accessible from Windows, Linux, and macOS clients. NFS Azure file shares are accessible from Linux clients. Additionally, SMB Azure file shares can be cached on Windows servers with Azure File Sync for fast access near where the data is being used.
Azure Queue Storage is a service for storing large numbers of messages. You access messages from anywhere in the world via authenticated calls using HTTP or HTTPS. A queue message can be up to 64 KB in size. A queue may contain millions of messages, up to the total capacity limit of a storage account. Queues are commonly used to create a backlog of work to process asynchronously.
References:
Introduction to Azure Blob Storage
What is Azure Files?
What is Azure Queue Storage?
Azure Disk Storage