Skip Navigation Links

Microsoft - AZ-900: Microsoft Azure Fundamentals

Sample Questions

Question: 181
Measured Skill: Describe security, privacy, compliance, and trust (25-30%)

A company wants to make use of Azure for deployment of various solutions. They want to ensure that suspicious attacks and threats to resources in their Azure account are prevented.

Which of the following helps prevent such attacks by using built-in sensors in Azure?

AAzure AD Identity Protection
B Azure DDoS attacks
C Azure privileged identity management
D Azure Advanced Threat protection

Correct answer: A


The company wants to protect its Azure account from attacks. The solution must use built-in sensors.

Identity Protection is a tool that allows organizations to accomplish three key tasks:

  • Automate the detection and remediation of identity-based risks.
  • Investigate risks using data in the portal.
  • Export risk detection data to third-party utilities for further analysis.

Identity Protection uses the learnings Microsoft has acquired from their position in organizations with Azure AD, the consumer space with Microsoft Accounts, and in gaming with Xbox to protect your users. Microsoft analyses 6.5 trillion signals per day to identify and protect customers from threats.

Note: Azure ATP monitors your domain controllers by capturing and parsing network traffic and leveraging Windows events directly from your domain controllers, then analyzes the data for attacks and threats.

Reference: What is Identity Protection?

Question: 182
Measured Skill: Describe security, privacy, compliance, and trust (25-30%)

A company is planning on deploying a web server and database server as shown in the architecture diagram below.

You have to ensure that traffic restrictions are in place so that the database server can only communicate with the web server.

Which of the following would you recommend for implementing these restrictions?

ANetwork security groups (NSGs)
B Azure Service Bus
C A local network gateway
D A Virtual Private Gateway

Correct answer: A


You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Reference: Network security groups

Question: 183
Measured Skill: Describe Azure pricing Service Level Agreements, and Lifecycles (20-25%)

A company wants to make use of an Azure service in private preview. Are Azure services in private preview available to all customers?

B No

Correct answer: B


There are two types of previews, private and public. The private preview is only available to certain Azure customers for evaluation purposes. The public preview is available to all Azure customers.

To preview Azure features, navigate to the URL

. This webpage lists all of the Azure features that are currently in preview and available for evaluation. The features are listed in chronological order, newest feature at the top. Click on the link for a feature to learn more about that feature and how to use it.

Preview features that are specific to the Azure portal can be found by navigating to the portal preview features webpage.

Question: 184
Measured Skill: Describe Azure pricing Service Level Agreements, and Lifecycles (20-25%)

A company has multiple subscriptions. They want to create resources in different subscriptions. Is it possible to create resources in different subscriptions?

B No

Correct answer: A


The Azure account is a global unique entity that gets you access to Azure services and your Azure subscriptions. You can create multiple subscriptions in your Azure account to create separation e.g. for billing or management purposes. In your subscription(s) you can manage resources in resources groups. Azure subscription can have a trust relationship with an Azure Active Directory (Azure AD) instance.

Reference: Associate or add an Azure subscription to your Azure Active Directory tenant

Question: 185
Measured Skill: Describe core Azure services (30-35%)

An IT Engineer needs to create a Virtual Machine in Azure. Currently the IT Engineer has a Windows desktop and has installed the Azure Command Line interface.

From which of the following could the IT engineer use the Azure Command Line Interface.

(Each correct answer presents a complete solution. Choose two.)

B File and Print Explorer
C Command Prompt
D Control Panel

Correct answer: A, C


The Azure command-line interface (Azure CLI) is a set of commands used to create and manage Azure resources. The Azure CLI is available across Azure services and is designed to get you working quickly with Azure, with an emphasis on automation.

Azure CLI capabilities make it easy to work with different programing languages and software environments. For example, Azure CLI:

  • Is available to install in Windows, macOS, and Linux environments.

  • Can also be run in Docker and Azure Cloud Shell.

  • Offers command-line flexibility when managing an Azure solution.

  • Supports long-running operations.

  • Has the ability to use one subscription for all commands, or vary subscriptions per command.

  • Allows for querying of command-line results with query output returned in your format of choice.

  • Has the flexibility to work with multiple clouds.

  • Provides configurable settings for logging, data collection, and default argument values.

  • Is deployed with Resource Manager deployment templates.

For Windows, the Azure CLI is installed via a MSI, which gives you access to the CLI through the Windows Command Prompt (CMD) or PowerShell. When installing for Windows Subsystem for Linux (WSL), packages are available for your Linux distribution.

Reference: Install Azure CLI on Windows

Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test

© Copyright 2014 - 2020 by