Microsoft - AZ-900: Microsoft Azure Fundamentals
Sample Questions
Question: 533
Measured Skill: Describe Azure architecture and services (35–40%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Network security groups (NSGs) can contain multiple inbound and outbound security rules: Yes
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: Yes
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: Yes |
| B | Network security groups (NSGs) can contain multiple inbound and outbound security rules: Yes
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: Yes
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: No |
| C | Network security groups (NSGs) can contain multiple inbound and outbound security rules: Yes
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: No
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: Yes |
| D | Network security groups (NSGs) can contain multiple inbound and outbound security rules: No
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: Yes
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: No |
| E | Network security groups (NSGs) can contain multiple inbound and outbound security rules: No
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: No
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: Yes |
| F | Network security groups (NSGs) can contain multiple inbound and outbound security rules: No
A VM that performs a particular function such as running a firewall is also called a Network virtual applicance: No
A user-defined route (UDR) can only control network traffic between subnets of a single virtual network: No |
Correct answer: BExplanation:
A network security group contains one or more security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
Azure provides virtual machine (VM) images that allow you to bring the networking, security, and other functions of your favorite provider to Azure for a familiar experience—using skills your team already has. Virtual machines running these images are also called
Network virtual appliances.
You can create custom, or user-defined (static), routes in Azure to override Azure's default system routes, or to add more routes to a subnet's route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets. Each subnet can have zero or one route table associated to it.
References:
Network security groups
Network Appliances
Virtual network traffic routing
Question: 534
Measured Skill: Describe Azure architecture and services (35–40%)
Select the answer that correctly completes the sentence.
| A | The Cool access tier is optimized for data that is accessed infrequently and stored for at least 30 days. |
| B | The Cool access tier is optimized for data that is accessed rarely, is stored for at least 180 days, and has flexible latency requirements. |
| C | The Cool access tier is optimized for storing data that is accessed frequently. |
Correct answer: AExplanation:
Azure storage offers different access tiers so that you can store your blob data in the most cost-effective manner based on how it's being used. Azure Storage access tiers include:
- Hot tier - An online tier optimized for storing data that is accessed or modified frequently. The hot tier has the highest storage costs, but the lowest access costs.
- Cool tier - An online tier optimized for storing data that is infrequently accessed or modified. Data in the cool tier should be stored for a minimum of 30 days. The cool tier has lower storage costs and higher access costs compared to the hot tier.
- Cold tier - An online tier optimized for storing data that is rarely accessed or modified, but still requires fast retrieval. Data in the cold tier should be stored for a minimum of 90 days. The cold tier has lower storage costs and higher access costs compared to the cool tier.
- Archive tier - An offline tier optimized for storing data that is rarely accessed, and that has flexible latency requirements, on the order of hours. Data in the archive tier should be stored for a minimum of 180 days.
Reference: Access tiers for blob data
Question: 535
Measured Skill: Describe Azure management and governance (30–35%)
You have an Azure subscription.
You need to use Azure Cloud Shell to run a deployment script.
What should you use to access Cloud Shell?| A | Azure Resource Manager (ARM) |
| B | Microsoft Visual Studio |
| C | A Windows command prompt |
| D | A web browser |
Correct answer: DExplanation:
Azure Cloud Shell is an interactive, authenticated, browser-accessible terminal for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.
Cloud Shell runs on a temporary host provided on a per-session, per-user basis. Your Cloud Shell session times out after 20 minutes without interactive activity. Cloud Shell persists your files in your $HOME location using a 5-GB file share.
Reference: What is Azure Cloud Shell?
Question: 536
Measured Skill: Describe cloud concepts (20-25%)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: Yes
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: Yes
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: Yes |
| B | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: Yes
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: No
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: No |
| C | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: Yes
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: No
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: Yes |
| D | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: No
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: Yes
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: No |
| E | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: No
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: Yes
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: Yes |
| F | Creating and configuring a virtual network is part of the platform as a service (PaaS) cloud service model: No
In the platform as a service (PaaS) cloud service model, updating code for an Azure web app is the customer's responsibility: No
Configuring user access to a platform as a service (PaaS) cloud service model is the customer's responsibility: No |
Correct answer: EExplanation:
In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.
For all cloud deployment types, you own your data and identities. You're responsible for protecting the security of your data and identities, on-premises resources, and the cloud components you control. Cloud components you control vary by service type.
Regardless of the type of deployment, you always retain the following responsibilities:
- Data
- Endpoints
- Account
- Access management
Reference: Shared responsibility in the cloud
Question: 537
Measured Skill: Describe Azure architecture and services (35–40%)
Match the Azure compute services to the appropriate descriptions.
(To answer, drag the appropriate compute service from the column on the left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.)
| A | Azure Container Instances provides software emulation of a physical computer.
Azure App service provides operating system virtualization. |
| B | Azure App service provides software emulation of a physical computer.
Azure Container Instances provides operating system virtualization. |
| C | Azure Virtual Machine Scale Sets provides software emulation of a physical computer.
Azure Container Instances provides operating system virtualization. |
| D | Azure Functions provides software emulation of a physical computer.
Azure Virtual Machine Scale Sets provides operating system virtualization. |
| E | Azure Functions provides software emulation of a physical computer.
Azure App service provides operating system virtualization. |
| F | Azure Container Instances provides software emulation of a physical computer.
Azure Virtual Machine Scale Sets provides operating system virtualization. |
Correct answer: FExplanation:
Azure Container Instances is a great solution for any scenario that can operate in isolated containers, including simple applications, task automation, and build jobs. Containers offer significant startup benefits over virtual machines (VMs). Azure Container Instances can start containers in Azure in seconds, without the need to provision and manage VMs. Azure Container Instances guarantees your application is as isolated in a container as it would be in a VM.
Azure Virtual Machine Scale Sets let you create and manage a group of load balanced Virtual Machines. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.
References:
What is Azure Container Instances?
What are Virtual Machine Scale Sets?