TABLE OF CONTENT
- Introduction
- Conclusion
INTRODUCTION – Exam Prep 2
In this module, you will have the opportunity to review the wide array of tools and services offered by Microsoft Azure. You will also revisit the various Azure services that help ensure your cloud resources remain safe, secure, and trusted.
Additionally, you’ll take a practice exam covering the skills measured in the core solutions, management tools on Azure, and the general security and network security features domains of the AZ-900 Microsoft Certified Azure Fundamentals exam. This comprehensive approach ensures that you are well-prepared and confident in your understanding of these essential topics.
Learning Objectives
- Assess your knowledge of general security and network security features on Microsoft Azure
- Assess your knowledge of core solutions and management tools on Microsoft Azure
PRACTICE EXAM COVERING AZURE MANAGEMENT TOOLS & SECURITY SOLUTIONS
1. Tailwind Traders have recently migrated to Azure cloud services from a Linux-based on-premises environment. The existing administrators want to continue using scripting to configure and create resources. Which of the following tools would you recommend to administrators as the easiest environment for them to use based on their current knowledge?
- Azure Portal
- Azure PowerShell
- Azure CLI (CORRECT)
- ARM Templates
Correct: Azure CLI is more beneficial to those with a Linux administration and scripting background who wish to perform one-off management or administrative actions.
2. Tradewind Traders has recently migrated to Azure cloud services and management wants to start benefiting from DevOps. DevOps is a new approach that helps to align technical teams to work towards their common goal. Which of the following provides a suite of services that address each stage of the software development lifecycle (SDL)?
- Azure DevOps Services (CORRECT)
- Azure DevTest Labs
- GitHub and GitHub Actions
Correct: Azure DevOps is a suite of services that address every stage of the Software Development Lifecycle (SDL).
3. Tailwind Traders has recently moved to Azure cloud services. Management is concerned that they may be spending too much and are also concerned about how well their new environment meets security best practices. They would like to analyze their use of the cloud against industry best practices. Which monitoring tool would you recommend using for this?
- Azure Advisor (CORRECT)
- Azure Monitor
- Azure Service Health
Correct: Azure Advisor evaluates your Azure resources and makes recommendations to help you improve reliability, security, and performance, achieve operational excellence, and reduce costs.
4. Tradewind Traders is planning to migrate to Azure cloud services and management wants to start developing AI solutions. You have been asked to research what AI features are available in Azure. Based on your research, what service can you use to build a virtual agent that can understand and reply to questions just like a human?
- Azure Bot Service (CORRECT)
- Azure Cognitive Services
- Azure Machine Learning
Correct: The Azure Bot Service and Bot Framework is a platform for creating virtual agents that understand and reply to questions just like a human.
5. Tradewind Traders has recently migrated to Azure cloud services. Management requires you to research the available monitoring solutions available to them within Azure. A specific requirement is the ability to be able to evaluate the Azure resources and make recommendations that could improve reliability, security, and performance. Which of the following would you recommend to do this?
- Azure Monitor
- Azure Service Health
- Azure Advisor (CORRECT)
Correct: Azure Advisor evaluates your Azure resources and makes recommendations to help you improve reliability, security, and performance, achieve operational excellence, and reduce costs.
6. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management is planning on implementing an Apache Spark engine for large-scale data processing. Which of the following will provide a compatible analytics platform the Apache Spark engine?
- Azure HDInsight
- Azure Data Factory
- Azure DevOps
- Azure Databricks. (CORRECT)
7. Tradewind Traders has recently migrated to Azure cloud services and management wants to start developing AI solutions. Management requires the development of an app that will include both a virtual agent that interfaces with humans through natural language and understands the content and meaning of images, video, audio. What two Azure Services do you think are most suitable for developing this app?
Select all options that apply.
- Azure Machine Learning
- Azure Cognitive Services (CORRECT)
- Azure Bot Service (CORRECT)
Correct: Azure Cognitive Services provides pre-built machine learning models that enable applications to see, hear, speak, understand, and even begin to reason.
Correct: The Azure Bot Service and Bot Framework is a platform for creating virtual agents that understand and reply to questions just like a human.
8. Tradewind Traders has recently migrated some of their data and resources to Azure cloud services, you are familiarising yourself with the various mechanisms to create resources in Azure. You have been asked to create some resources in Azure using PowerShell. You currently have a Windows 10 computer that has the Azure PowerShell module installed. Does this configuration support the creation of resources in Azure?
- Yes (CORRECT)
- No
Correct: A PowerShell script is a file that contains PowerShell cmdlets and code and needs to be run in PowerShell. The computer is running a compatible OS and the information states that it has the Azure PowerShell module installed. Therefore, this configuration will support the creation of resources in Azure.
9. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. The company is very proactive in IoT (Internet of Things) and they require a solution that will allow millions of IoT sensors to upload and store data in Azure. This solution must support very large quantities of data. Which of the following Azure resources should be deployed to support the planned solution?
Select 2 options.
- Azure Notification Hubs
- Azure Queue storage
- Azure Data Lake (CORRECT)
- Azure IoT Hub (CORRECT)
Correct: There are two storage services IoT Hub can route messages to Azure Blob Storage and Azure Data Lake Storage Gen2. Azure Data Lake Storage accounts are hierarchical namespace-enabled storage accounts built on top of blob storage. Both use blobs for their storage.
Correct: IoT Hub is a managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages. You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between Azure File Storage
10. Tradewind Traders is planning to migrate to Azure cloud services and management wants to start developing AI solutions. You have been asked to research what AI features are available with Azure with specific emphasis on Azure Cognitive Services. Which of the following features are offered by Cognitive Services?
Select all options that apply.
- The ability to add recognition and identification capabilities when analyzing pictures, videos, and other visual content. (CORRECT)
- The ability to train and evaluate predictive models using tools and programming languages familiar to data scientists.
- The ability to create virtual agents that understand and reply to questions just like a human.
- The ability to convert speech into text and text into natural-sounding speech. Translate from one language to another and enable speaker verification and recognition. (CORRECT)
Correct: Azure Cognitive Services includes speech services that can convert speech into text and text into natural-sounding speech. It can translate one language into another and enable speaker verification and recognition.
11. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management plans to automate the deployment of new servers to Azure but is concerned that this process may expose administrative credentials during the deployment. Which of the following can be used to encrypt the credentials that will be used in the automated process?
- Azure Key Vault (CORRECT)
- Azure Multi-Factor Authentication (MFA)
- Azure Security Center
- Azure Information Protection
Correct: Azure Key Vault is a cloud service that safeguards encryption keys and secrets like certificates, connection strings, and passwords.
12. Tradewind Traders is planning to migrate to Azure cloud services and management wants to start developing AI solutions. You have been asked to research what AI features are available with Azure with specific emphasis on using existing data to train and test a model and then apply that model to new data to forecast future behaviors, outcomes, and trends. Which of the following terms best describe this?
- Machine Learning (CORRECT)
- Deep Learning
Correct: Machine learning is a data science technique that uses existing data to train and test a model, then apply that model to new data to forecast future behaviors, outcomes, and trends.
13. Tradewind Traders has recently migrated some of their data and resources to Azure cloud services, Management has asked you to research what service is most appropriate to provide for the collection of events from multiple resources into a centralized repository. Based on your research which of the following solutions should you recommend?
- Azure Stream Analytics
- Azure Analysis Services
- Azure Monitor
- Azure Event Hubs (CORRECT)
14. Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks in place. Management has asked you to research the ability to filter traffic across subscriptions and virtual networks. Based on your research, which of the following will assist with this filtering?
- Azure Firewall (CORRECT)
- Azure DDoS Protection
- Network Security Group (NSG)
- Application Security Group
Correct: You can restrict traffic to multiple virtual networks in multiple subscriptions with a single Azure firewall. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.
15. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management wants to allow HTTP access from the internet to a specific virtual machine. You configure a Network Security Group. Does this meet the goal?
- Yes (CORRECT)
- No
Correct: A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. In this question, we need to add a rule to the network security group to allow the connection to the virtual machine on port 80 (HTTP).
16. Tailwind Traders has recently migrated to Azure cloud services. The development departments are currently working on a new IoT application that will be used to capture and transmit personal data back to a cloud service. Management is concerned that this personal data may be exposed in transit. Which of the following services can the company implement to ensure the highest level of security?
- Azure Sphere (CORRECT)
- IoT Central
- IoT Hub
Correct: Azure Sphere creates an end-to-end highly secure IoT solution for customers that encompasses everything from the hardware and operating system on the device to the secure method of sending messages from the device to the message hub.
17. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. The company has developed an Azure web app. They require that the settings for the app be configurable if needed from an iPhone. What are two Azure management tools that you can use from the iPhone?
Select all options that apply.
- Azure CLI (Command Line Interface)
- Azure Mobile App (CORRECT)
- Azure portal (CORRECT)
- Windows PowerShell
Correct: With Azure Mobile App you can monitor the health and status of your Azure resources. Quickly diagnose and fix issues. Run commands to manage your Azure resources. Data is secure and encrypted. Try going back and reviewing Microsoft AI Services and Solutions.
Correct: The Azure portal is a web-based portal for managing Azure. Being web-based, you can use the Azure portal on an iPhone.
18. Tradewind Traders has recently migrated to Azure cloud services. Their software development teams work on many different projects. The company wants to publish an open-source API that allows third-parties to integrate their inventories of new and used items. They also want to use the API to offer a wider variety of products directly from their e-commerce site. They will need a platform to share example code, collect feedback on the API, allow contributors to report issues, and build communities around feature requests.
Which of the following would you recommend they implement?
- Azure DevTest Labs
- Azure DevOps Services
- GitHub and GitHub Actions (CORRECT)
Correct: With GitHub, your company can publish its code, accept community contributions to improve the code examples, accept feedback, and bug reports. Because this scenario involves open-source code, GitHub is a leading candidate.
19. Tailwind Traders has recently migrated to Azure cloud services. The development departments are currently working on new IoT applications and require a managed service hosted in the cloud that acts as a central message point for bi-directional communication between their IoT application and the devices it manages.
Which of the following will provide this solution?
- Azure IoT Central
- Azure Sphere
- Azure IoT Hub (CORRECT)
Correct: You can use Azure IoT Hub to build IoT solutions with reliable and secure communications between millions of IoT devices and a cloud-hosted solution backend.
20. Tradewind Traders has recently migrated some of their data and resources to Azure cloud services, Management is concerned about external attacks against their websites, they also want you to generate reports that will provide information on attempted attacks. Which of the following should you include when implementing this solution?
- Azure Firewall
- DDoS protection (CORRECT)
- Azure Information Protection
- Network security groups (NSG)
Correct: DDoS is a type of attack that tries to exhaust application resources. Azure has two DDoS service offerings that protect from network attacks: DDoS Protection Basic and DDoS Protection Standard. DDoS Basic protection is integrated into the Azure platform by default and at no extra cost. You have the option of paying for DDoS Standard. It has several advantages over the basic service, including logging, alerting, and telemetry.
21. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management requires that users can create virtual machines by using their Android tablets. You recommend that they use the PowerShell feature in Azure Cloud Shell. Will this recommendation work?
- Yes (CORRECT)
- No
Correct: Azure Cloud Shell is a browser-based shell allowing for the management and development of Azure resources. The Cloud Shell offers a browser-accessible, pre-configured shell experience for managing Azure resources. Being browser-based, Azure Cloud Shell can be run on a browser from a tablet that runs the Android operating system.
22. Tradewind Traders has migrated its data and resources to Azure cloud services. They currently have multiple subscriptions and virtual networks in place. Management has asked you to research the ability to securely store certificates in Azure. Which of the following services should you configure to enable this feature?
- Azure Information Protection
- Azure Security Center
- Azure Key Vault (CORRECT)
- Azure Storage account
Correct: Azure Key Vault is a secure store for storing various types of sensitive information including passwords and certificates. Azure Key Vault can be used to Securely store and tightly control access to tokens, passwords, certificates, API keys, and other secrets.
23. Tradewind Traders has recently migrated to Azure cloud services. Their software development teams work on many different projects and they are required to provide project sponsors and managers with reports, progress tracking, bug reports, etc. Management now wants to ensure that individuals will only have access to information they need to do their work. Which of the following in your opinion would be the most suitable solution to meet this requirement?
- GitHub and GitHub Actions
- Azure DevTest Labs
- Azure DevOps Services (CORRECT)
Correct: Azure DevOps has a much more granular set of permissions that allow organizations to refine who can perform most operations across the entire toolset. Also, Azure DevOps is highly customizable, allowing an administrator to add custom fields to capture metadata and other information alongside each work item. By contrast, GitHub Issues uses tags as its primary means of helping a team categorize issues.
24. Tradewind Traders has recently migrated to Azure cloud services and management wants their developers to start utilizing solutions such as using shared source code repositories and tools that enable developers to perform code reviews by adding comments and questions in a web-view of the source code before it is merged into the main codebase. Which of the following solutions would be most suitable?
- Azure DevOps Services
- Azure DevTest Labs
- GitHub and GitHub Actions (CORRECT)
Correct: GitHub is one of the most popular code repositories for open-source software. GitHub provides related services for coordinating work, reporting, and discussing issues, providing documentation, and more.
25. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management plans on deploying several web servers and database servers to Azure but want to limit the types of connections that will be available between the web servers and the databases servers. Which of the following will assist in controlling the connection types?
- network security groups (NSGs) (CORRECT)
- Azure Service Bus
- Local network gateway
- Route filter
Correct: A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group.
26. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. Management now plans on deploying additional virtual machines, however, they are concerned about locking down the ports on these machines to prevent access from devices on the internet. Which of the following can be used to help protect access to the ports on these machines?
- Azure Active Directory (Azure AD) roles
- Azure Active Directory groups
- Network security groups (NSG) (CORRECT)
- Azure key vault
Correct: A network security group works like a firewall. You can attach a network security group to a virtual network and/or individual subnets within the virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. Try going back and reviewing General Security and Network Security in Microsoft Azure.
27. Tailwind Traders has recently migrated to Azure cloud services. Management requires alerts to be generated that will send notifications to the IT department whenever Azure outages occur. Which Azure monitoring tool would you recommend for this?
- Azure Service Health
- Azure Advisor (CORRECT)
- Azure Monitor
28. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. The company requires a solution that will allow for automation of the deployment of similar resources across multiple business units. Which of the following solutions should you recommend?
- Azure Resource Manager templates (CORRECT)
- Azure API Management service
- Management groups
- Virtual machine scale sets
Correct: You can use Azure Resource Manager templates to automate the creation of the Azure resources. Deploying resources through templates is known as Infrastructure as code.
29. Tradewind Traders has recently migrated some of its data and resources to Azure cloud services. As part of their future planning, management has requested information on cloud services that will provide a set of version control tools to manage the developer’s code. Which of the following will satisfy this requirement?
- Azure DevOps Repos (CORRECT)
- Azure Cosmos DB
- Azure Storage
- Azure DevTest Labs
Correct: Azure DevOps Repos is a set of version control tools that you can use to manage your code. Azure DevOps repos are a set of repositories that allow you to version control and manage your project code. It helps to work and coordinate code changes across a team.
30. Tradewind Traders is planning to migrate to Azure cloud services. Management has asked you to spend some time researching the big data and analytic solutions available in Azure. Based on your research, which of the following provides a fully managed, open-source analytics service for enterprises that makes it easier and more cost-effective to process massive amounts of data while running popular open-source frameworks?
- Azure HDInsight (CORRECT)
- Azure Data Lake Analytics
- Azure Databricks
- Azure Synapse Analytics
Correct: Azure HDInsight is a fully managed, open-source analytics service for enterprises. It is a cloud service that makes it easier, faster, and more cost-effective to process massive amounts of data. HDInsight allows you to run popular open-source frameworks and create cluster types.
CONCLUSION – Exam Prep 2
In conclusion, this module provides a thorough review of Microsoft Azure’s tools and services, focusing on security and management. By taking the practice exam, you reinforce your understanding of the core solutions and security features essential for the AZ-900 Microsoft Certified Azure Fundamentals exam, setting a solid foundation for your certification success.
Previous Module
Next Module
