When you need to delegate permissions to several Azure virtual machines simultaneously you must?

The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification.

When you need to delegate permissions to several Azure virtual machines simultaneously you must?

AZ-900 Question 111

Exam Question

Azure Cosmos DB is an example of a [platform as a service (PaaS)] offering.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed.” If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. infrastructure as a service (IaaS) C. serverless

D. software as a service (SaaS)

Correct Answer

A. No change is needed

Explanation

Azure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider.

Reference

Azure > Cosmos DB > Security in Azure Cosmos DB – overview

AZ-900 Question 112

Exam Question

An Azure region [contains one or more data centers that are connected by using a low-latency network.]
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. Is found in each country where Microsoft has a subsidiary office C. Can be found in every country in Europe and the Americas only

D. Contains one or more data centers that are connected by using a high-latency network

Correct Answer

A. No change is needed

Explanation

Understand Azure global infrastructure:

  • A region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network. With more global regions than any other cloud provider, Azure gives customers the flexibility to deploy applications where they need to. Azure is generally available in 46 regions around the world, with plans announced for 8 additional regions.
  • A geography is a discrete market, typically containing two or more regions, that preserves data residency and compliance boundaries. Geographies allow customers with specific data-residency and compliance needs to keep their data and applications close. Geographies are fault-tolerant to withstand complete region failure through their connection to our dedicated high-capacity networking infrastructure.
  • Availability Zones are physically separate locations within an Azure region. Each Availability Zone is made up of one or more datacenters equipped with independent power, cooling, and networking. Availability Zones allow customers to run mission-critical applications with high availability and low-latency replication.

Reference

Azure regions

AZ-900 Question 113

Exam Question

You plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must [be deployed to a separate virtual network.]

Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. run a different operating system than the other virtual machines C. be deployed to a separate resource group

D. have two network interfaces

Correct Answer

A. No change is needed.

Explanation

To ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network. Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

VNet concepts:

  • Address space: When creating a VNet, you must specify a custom private IP address space using public and private (RFC 1918) addresses. Azure assigns resources in a virtual network a private IP address from the address space that you assign. For example, if you deploy a VM in a VNet with address space, 10.0.0.0/16, the VM will be assigned a private IP like 10.0.0.4.
  • Subnets: Subnets enable you to segment the virtual network into one or more sub-networks and allocate a portion of the virtual network’s address space to each subnet. You can then deploy Azure resources in a specific subnet. Just like in a traditional network, subnets allow you to segment your VNet address space into segments that are appropriate for the organization’s internal network. This also improves address allocation efficiency. You can secure resources within subnets using Network Security Groups. For more information, see Security groups.
  • Regions: VNet is scoped to a single region/location; however, multiple virtual networks from different regions can be connected together using Virtual Network Peering.
  • Subscription: VNet is scoped to a subscription. You can implement multiple virtual networks within each Azure subscription and Azure region.

Reference

Microsoft Docs > What is Azure Virtual Network?
Microsoft Docs > Virtual Network Documentation

AZ-900 Question 114

Exam Question

When you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines [to the same Azure region.]
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. by using the same Azure Resource Manager template C. to the same resource group

D. to the same availability zone

Correct Answer

C. to the same resource group.

Explanation

A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier. With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group. Access management for cloud resources is a critical function for any organization that is using the cloud. Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to.

Here are some examples of what you can do with RBAC:

  • Allow one user to manage virtual machines in a subscription and another user to manage virtual networks.
  • Allow a DBA group to manage SQL databases in a subscription
  • Allow a user to manage all resources in a resource group, such as virtual machines, websites, and subnets
  • Allow an application to access all resources in a resource group

Reference

Microsoft Docs > Manage access to Azure resources using RBAC and the Azure portal
Microsoft Docs > What is role-based access control (RBAC) for Azure resources?

AZ-900 Question 115

Exam Question

Data that is stored in the Archive access tier of an Azure Storage account [can be accessed at any time by using azcopy.exe.]
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed. B. can only be read by using Azure Backup C. must be restored before the data can be accessed

D. must be rehydrated before the data can be accessed

Correct Answer

D. must be rehydrated before the data can be accessed

Explanation

Azure storage offers different access tiers: hot, cool and archive.

The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve.

While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or modified. To read or download a blob in archive, you must first rehydrate it to an online tier.

Example usage scenarios for the archive access tier include:

  • Long-term backup, secondary backup, and archival datasets
  • Original (raw) data that must be preserved, even after it has been processed into final usable form.
  • Compliance and archival data that needs to be stored for a long time and is hardly ever accessed.

Reference

Azure > Storage > Blobs > Hot, Cool, and Archive access tiers for blob data > Archive access tier

AZ-900 Question 116

Exam Question

If a resource group named RG1 has a delete lock, [only a member of the global administrators group] can delete RG1.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. the delete lock must be removed before an administrator C. an Azure policy must be modified before an administrator

D. an Azure tag must be added before an administrator

Correct Answer

B. the delete lock must be removed before an administrator

Explanation

Lock resources to prevent unexpected changes! As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively. CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource.

ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role.

Reference

ITOps Talk Blog > How to Lock Azure Resources to Prevent Modification or Deletion
Microsoft Docs > Lock resources

AZ-900 Question 117

Exam Question

You have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure Policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 [is deleted automatically.]

Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. is moved automatically to another resource group C. continues to function normally

D. is now a read-only object

Correct Answer

C. continues to function normally

AZ-900 Question 118

Exam Question

[Authorization] is the process of verifying a user’s credentials.
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. Authentication C. Federation

D. Ticketing

Correct Answer

B. Authentication

Explanation

Authentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. Users are usually identified with a user ID, and authentication is accomplished when the user provides a credential, for example a password, that matches with that user ID. Most users are most familiar with using a password, which, as a piece of information that should be known only to the user, is called a knowledge authentication factor. Authorization is a security mechanism used to determine user/client privileges or access levels related to system resources, including computer programs, files, services, data and application features. Authorization is normally preceded by authentication for user identity verification. System administrators (SA) are typically assigned permission levels covering all system and user resources.

During authorization, a system verifies an authenticated user’s access rules and either grants or refuses resource access.

Reference

Microsoft Docs > Authentication and authorization in Azure App Service

AZ-900 Question 119

Exam Question

You have several virtual machines in an Azure subscription. You create a new subscription. [The virtual machines cannot be moved to the new subscription.]

Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed B. The virtual machines can be moved to the new subscription C. The virtual machines can be moved to the new subscription only if they are all in the same resource group

D. The virtual machines can be moved to the new subscription only if they run Windows Server 2016.

Correct Answer

B. The virtual machines can be moved to the new subscription.

Explanation

You can move a VM and its associated resources to a different subscription by using the Azure portal. Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move. Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move.

New resource IDs are created as part of the move. After the VM has been moved, you will need to update your tools and scripts to use the new resource IDs.

Reference

Microsoft Docs > Move a Windows VM to another Azure subscription or resource group

AZ-900 Question 120

Exam Question

You deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will [refund your bank account.]
Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct.

A. No change is needed. B. migrate the resource to another subscription C. credit your account

D. send you a coupon code that you can redeem for Azure credits

Correct Answer

C. credit your account

Explanation

If we do not achieve and maintain the Service Levels for each Service as described in this SLA, then you may be eligible for a credit towards a portion of your monthly service fees. We will not modify the terms of your SLA during the initial term of your subscription; however, if you renew your subscription, the version of this SLA that is current at the time of renewal will apply throughout your renewal term. We will provide at least 90 days’ notice for adverse material changes to this SLA.

Reference

Azure App Service > SLA for App Service