Show
The latest Microsoft AZ-900 Azure Fundamentals certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-900 Azure Fundamentals exam and earn Microsoft AZ-900 Azure Fundamentals certification. AZ-900 Question 111Exam QuestionAzure Cosmos DB is an example of a [platform as a service (PaaS)] offering. A. No change is needed B. infrastructure as a service (IaaS) C. serverless D. software as a service (SaaS) Correct AnswerA. No change is needed ExplanationAzure Cosmos DB is an example of a platform as a service (PaaS) cloud database provider. ReferenceAzure > Cosmos DB > Security in Azure Cosmos DB – overview AZ-900 Question 112Exam QuestionAn Azure region [contains one or more data centers that are connected by using a low-latency network.] A. No change is needed B. Is found in each country where Microsoft has a subsidiary office C. Can be found in every country in Europe and the Americas only D. Contains one or more data centers that are connected by using a high-latency network Correct AnswerA. No change is needed ExplanationUnderstand Azure global infrastructure:
ReferenceAzure regions AZ-900 Question 113Exam QuestionYou plan to deploy 20 virtual machines to an Azure environment. To ensure that a virtual machine named VM1 cannot connect to the other virtual machines, VM1 must [be deployed to a separate virtual network.] Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. run a different operating system than the other virtual machines C. be deployed to a separate resource group D. have two network interfaces Correct AnswerA. No change is needed. ExplanationTo ensure that a virtual machine cannot connect to the other virtual machines, the virtual machine must be deployed to a separate virtual network. Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation. VNet concepts:
ReferenceMicrosoft Docs > What is Azure Virtual Network? AZ-900 Question 114Exam QuestionWhen you need to delegate permissions to several Azure virtual machines simultaneously, you must deploy the Azure virtual machines [to the same Azure region.] A. No change is needed B. by using the same Azure Resource Manager template C. to the same resource group D. to the same availability zone Correct AnswerC. to the same resource group. ExplanationA resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier. With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group. Access management for cloud resources is a critical function for any organization that is using the cloud. Role-based access control (RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. Here are some examples of what you can do with RBAC:
ReferenceMicrosoft Docs > Manage access to Azure resources using RBAC and the Azure portal AZ-900 Question 115Exam QuestionData that is stored in the Archive access tier of an Azure Storage account [can be accessed at any time by using azcopy.exe.] A. No change is needed. B. can only be read by using Azure Backup C. must be restored before the data can be accessed D. must be rehydrated before the data can be accessed Correct AnswerD. must be rehydrated before the data can be accessed ExplanationAzure storage offers different access tiers: hot, cool and archive. The archive access tier has the lowest storage cost. But it has higher data retrieval costs compared to the hot and cool tiers. Data in the archive tier can take several hours to retrieve. While a blob is in archive storage, the blob data is offline and can’t be read, overwritten, or modified. To read or download a blob in archive, you must first rehydrate it to an online tier. Example usage scenarios for the archive access tier include:
ReferenceAzure > Storage > Blobs > Hot, Cool, and Archive access tiers for blob data > Archive access tier AZ-900 Question 116Exam QuestionIf a resource group named RG1 has a delete lock, [only a member of the global administrators group] can delete RG1. A. No change is needed B. the delete lock must be removed before an administrator C. an Azure policy must be modified before an administrator D. an Azure tag must be added before an administrator Correct AnswerB. the delete lock must be removed before an administrator ExplanationLock resources to prevent unexpected changes! As an administrator, you may need to lock a subscription, resource group, or resource to prevent other users in your organization from accidentally deleting or modifying critical resources. You can set the lock level to CanNotDelete or ReadOnly. In the portal, the locks are called Delete and Read-only respectively. CanNotDelete means authorized users can still read and modify a resource, but they can’t delete the resource. ReadOnly means authorized users can read a resource, but they can’t delete or update the resource. Applying this lock is similar to restricting all authorized users to the permissions granted by the Reader role. ReferenceITOps Talk Blog > How to Lock Azure Resources to Prevent Modification or Deletion AZ-900 Question 117Exam QuestionYou have an Azure virtual network named VNET1 in a resource group named RG1. You assign an Azure Policy definition of Not Allowed Resource Type and specify that virtual networks are not an allowed resource type in RG1. VNET1 [is deleted automatically.] Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. is moved automatically to another resource group C. continues to function normally D. is now a read-only object Correct AnswerC. continues to function normally AZ-900 Question 118Exam Question[Authorization] is the process of verifying a user’s credentials. A. No change is needed B. Authentication C. Federation D. Ticketing Correct AnswerB. Authentication ExplanationAuthentication is the process of determining whether someone or something is, in fact, who or what it declares itself to be. Authentication technology provides access control for systems by checking to see if a user’s credentials match the credentials in a database of authorized users or in a data authentication server. Users are usually identified with a user ID, and authentication is accomplished when the user provides a credential, for example a password, that matches with that user ID. Most users are most familiar with using a password, which, as a piece of information that should be known only to the user, is called a knowledge authentication factor. Authorization is a security mechanism used to determine user/client privileges or access levels related to system resources, including computer programs, files, services, data and application features. Authorization is normally preceded by authentication for user identity verification. System administrators (SA) are typically assigned permission levels covering all system and user resources. During authorization, a system verifies an authenticated user’s access rules and either grants or refuses resource access. ReferenceMicrosoft Docs > Authentication and authorization in Azure App Service AZ-900 Question 119Exam QuestionYou have several virtual machines in an Azure subscription. You create a new subscription. [The virtual machines cannot be moved to the new subscription.] Instructions: Review the underlined text. If it makes the statement correct, select “No change is needed”. If the statement is incorrect, select the answer choice that makes the statement correct. A. No change is needed B. The virtual machines can be moved to the new subscription C. The virtual machines can be moved to the new subscription only if they are all in the same resource group D. The virtual machines can be moved to the new subscription only if they run Windows Server 2016. Correct AnswerB. The virtual machines can be moved to the new subscription. ExplanationYou can move a VM and its associated resources to a different subscription by using the Azure portal. Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move. Moving between subscriptions can be handy if you originally created a VM in a personal subscription and now want to move it to your company’s subscription to continue your work. You do not need to start the VM in order to move it and it should continue to run during the move. New resource IDs are created as part of the move. After the VM has been moved, you will need to update your tools and scripts to use the new resource IDs. ReferenceMicrosoft Docs > Move a Windows VM to another Azure subscription or resource group AZ-900 Question 120Exam QuestionYou deploy an Azure resource. The resource becomes unavailable for an extended period due to a service outage. Microsoft will [refund your bank account.] A. No change is needed. B. migrate the resource to another subscription C. credit your account D. send you a coupon code that you can redeem for Azure credits Correct AnswerC. credit your account ExplanationIf we do not achieve and maintain the Service Levels for each Service as described in this SLA, then you may be eligible for a credit towards a portion of your monthly service fees. We will not modify the terms of your SLA during the initial term of your subscription; however, if you renew your subscription, the version of this SLA that is current at the time of renewal will apply throughout your renewal term. We will provide at least 90 days’ notice for adverse material changes to this SLA. ReferenceAzure App Service > SLA for App Service |