Continuing from the previous article - Azure Fundamentals Knowledge Check - Part 2
61. Which of the following is true about Shared Responsibility in the cloud?
a. The customer always retains responsibility for the data.
b. The responsibility for the management of accounts is transferred to the cloud provider
c. The responsibility for the operating system in PaaS is retained by the customer
62. Your company wants to deploy a serverless solution that meets the following requirements:
- Execution is triggered through an HTTP request
- You pay only for the time that your code runs
- You do not have to manage the application infrastructure
Which Azure service should you use?
a. Azure Virtual Machine
b. Azure Functions
c. Azure SQL Database
d. Azure Database for PostgreSQL
63. Which of the following is true about IaaS ?
a. Azure IaaS provides and manages container orchestrators
b. Resources can be allocated on a pay-as-you-go basis, whenever needed.
c. You are responsible for managing applications and middleware while Azure manages OS
64. Your company wants to use hardware managed by cloud provider to run a customized database. Which cloud model is most suitable here?*
a. IaaS
b. PaaS
c. SaaS*
65. Your company wants to use a calendar app managed by cloud provider to schedule appointments and meetings. Which cloud model is most suitable here?
a. IaaS
b. PaaS
c. SaaS
Answers:
61-a The customer always retains responsibility for the data. The responsibility for the management of accounts is also retained by the customer, so option (b) is false. Overall, the customer is always responsible for the data, end-user devices, accounts, and access management. The cloud is always responsible for the underlying physical infrastructure.
In case of PaaS, the responsibility for the OS is not retained by the customer, hence option (b) is false.
62-b You should use Azure Functions. This is a serverless platform that lets you execute your code when needed and pay for the actual runtime only, without worrying about configuration or management of the underlying physical and application infrastructure. Azure functions can be triggered by various event types, including HTTP requests.
Azure VM does not support serverless feature so option (a) is incorrect. Azure Database for Postgre SQL is a cloud database, it cannot host or run code via HTTP requests, it does not have serverless feature, and you are billed hourly - so option (d) is incorrect. Azure SQL Database has serverless feature, but it still cannot run your code ondemand via HTTP requests, so option (c) is also incorrect.
63-b Azure IaaS allows resources to be allocated on a pay-as-you-go basis. However, IaaS does not provide and manage container orchestrators so option (a) is incorrect (that service is provided in PaaS). Similarly IaaS does not manage the OS, that is the responsibility of customer, so option (c) is incorrect.
64-a IaaS model allows provider-managed hardware on which customer can run a customized database.
65-c SaaS model allows provider-managed ready-to-use apps which customer can use on pay-as-you-use basis.
66. Your company wants to use Business Intelligence services managed by cloud provider to analyze marketing trends. Which cloud model is most suitable here?
a. IaaS
b. PaaS
c. SaaS
67. Your company suffers a catastrophic web outage due to a misconfigured driver on a database server. You need to find a cloud solution that allows the highly customized web application to run without requiring management of operating system settings or services. However, the company's web developers must be able to maintain customizations. What should you do to meet these requirements?
a. Migrate the web app to serverless compute
b. Move the web app to a SaaS provider
c. Deploy the web app functionality using PaaS
d. Relocate the web app to an IaaS provider
68. Your company is deploying a critical business application on two VMs. The deployment needs to support:
- Highly available access
- Separate fault and update zones
- Minimal latency between instances
Most users who need to access the application are in the Azure East US 2 region. Which configuration should the company use to deploy the solution?
a. Separate resource groups in the same region
b. Separate Availability sets
c. Separate availability zones
d. Separate regions in a regional pair
69. Which of the following statements are true about resource groups
a. Locking a resource group as read-only locks all resources contained in the group
b. A resource group can contain resources from the same region as the resource group only
c. You can add a resource to or remove a resource from a resource group as long as the resource group is not locked
d. Resources can interact with other resources in a different resource group
70. A company wants to expand its cloud presence by deploying additional resources to Azure. The company plans to use templates based on existing resources to automate the deployment process. Ensuring consistent deployment is critical. What should the company use?
a. Azure Resource manager
b. Microsoft Defender for Cloud
c. Azure Resource Groups
d. Azure Monitor
Answers:
66-b PaaS model provides tools for development, testing and analytics. In our case, the customer can use the Business Intelligence tools to analyze marketing trends.
67-c You should deploy the web app using PaaS, as it provides a platform for developers to build, run, and manage applications without the need for infrastructure management. The customer need not worry about managing the underlying hardware or operating system.
68-c The company should use separate availability zones. Availability zones are deployed in separate datacenters, so interruptions in one availability zone do not impact the other availability zones. Each availability zone is a separate fault and update zone and has very low latency with other availability zones in the region.
The company should not use separate availability sets. Availability sets are separate deployments in the same datacenter. Any interruption in that datacenter may bring both systems down.
Similarly, the company should not use separate resource groups, as that does nothing to meet the requirements. Resource groups are just logical grouping of resources for management purposes. Since both VMs are supporting the same application, it is recommended to have both be part of the same resource group.
The company should not use separate regions in a regional pair, as having VMs in different regions increases the latency.
A common solution would be to deploy the application across two or three availability zones and also configure replication with a regional pair. This provides high-availability and a higher level of support for disaster recovery.
69-a,c,d are True. Locking a resource group as read-only locks all resources contained in the group. You can apply locks to a resource group or subscription to prevent deletion or make contained resources read-only. You can also apply locks directly to a resource.
A resource group can contain resources from any region, not just the region in which the resource group is located.
You can add a resource to or remove a resource from a resource group, except when the resource group is locked. You can also move resources between resource groups. A resource can reside in only one resource group at a time. Deleting a resource group will delete all resources contained in that group.
Resources can interact with other resources in a different resource group. The resource group creates a logical resource grouping primarily for management purposes and does not impact access between resources.
70-a The company should use Azure Resource Manager to automate resource deployments using templates. Azure Resource Manager integrates with Azure portal, PowerShell, CLI, and REST API to perform deployment and management tasks. It gives you an easy way to deploy multiple resource instances or reliably redeploy resources. Using templates helps to ensure consistency.
The company should not use Azure Resource Groups. Resource groups provide a way to manage resources as a set. You will need to use Azure Resource Manager to deploy resources as part of a group, as deployment functionality is not built into resource groups directly.
The company should not use Microsoft Defender for Cloud, as it is designed to help prevent attacks against resources, it is not meant for resource deployment.
Similarly, the company should not use Azure Monitor, as it is designed to collect, analyze, and act on telemetry data - it does not provide deployment tools.
71. Which of the following are true about regions?
a. Regions are always paired with other regions
b. Regions represent physical datacenters
c. Regions contain one or more datacenters
d. Regions specify the location of resources
e. Regions can span countries
72. Which of the following descriptions of containers are accurate?
a. A container can run on Windows or Linux
b. A container requires you to manually install dependencies
c. A container can be accessed over the internet by IP address or domain name
d. A container requires you to configure the host virtual machine
e. A container represents a single app and its dependencies
f. A container can scale out as needed
73. What is the purpose of a resource group?
a. It specifies the subscriptions that are allowed to create Azure resources
b. It defines initiatives that allow you to control the type of resources that can be deployed
c. It serves as a container for Azure resources like VMs and web apps
d. It is a collection of user and group accounts
74. Your company wants its dev and QA departments to manage App Services, its IT and dev departments to manage VMs, and its IT department to manage SQL database instances. These departments should manage the corresponding resources in both the prod and dev environments.
Which resource group organization should you use here?
a. Create a resource group for each department
b. Create a resource group for each resource type
c. Create a resource group for each environment
75. Your company wants its development department to manage its own VMs and storage accounts, and its sales team to manage its own Machine Learning (ML) models.
Which resource group organization should you use here?
a. Create a resource group for each department
b. Create a resource group for each resource type
c. Create a resource group for each environment
Answers:
71-a,c,d Regions are always paired with other regions. The paired region is always in the same geography, such as the US, but it is always the farthest from the original region, at least 300 miles away. This allows for replication in a way such that civil unrest, large-scale power outages or natural disasters have minimal impact on Azure services
Regions do not represent physical datacenters. They represent an area within a geographical area.
Regions contain one or more datacenters. They represent an area within a geographical area, such as East US or West US
Regions specify the location of resources. Although you cannot choose the exact datacenter for a deployed resource, you can choose its region. Azure then determines the physical data center where the resource is provisioned.
Regions cannot span countries. They are tied to a single country or geographical area.
72-a,c,e,f A container can run on Windows or Linux. You specify the OS when you create the container group. With Azure Container instances, a container group is a group of containers that all run on the same host VM. This means that the group itself is tied to an OS. So all containers in the container group share the same OS.
A container does not require you to manually install dependencies. A container represents a single app and its dependencies. The dependencies are installed automatically.
A container can be accessed over the internet by IP address or domain name. With Azure Container Instances, you can specify the DNS name label, allowing your container to be reachable at [dnsnamelabel].[region].azurecontainer.io.
A container does not require you to configure the host VM. Azure manages the host VM.
A container represents a single app and its dependencies. This allows you to package, deploy, and manage the container as a unit.
A container can scale out as needed. You do not need to use custom scaling rules as you do with App Services.
73-c A resource group serves as a container for Azure resources like VMs and web apps.
It does not define initiatives that allow you to control the type of resources that can be deployed. Azure Policy performs this function.
It is not a collection of user and group accounts. That is managed by Active Directory.
It does not specify the subscriptions that are allowed to create Azure resources. A subscription is essentially a billing unit.
74-b You should create a resource group for each resource type. For example, you can 3 resource groups that are named appservice-rg, vm-rg, and sql-rg to contain App Services instances, VMs, and SQL Database instances, respectively. You can then apply role-based access control (RBAC) permissions to ensure that only specific users can access the resource groups. For example, only users in the dev and QA departments can access resources in the appservice-rg group.
My input --> This decision is made because the same AppService is to be used by Dev and QA. The same VMs to be used by Dev and IT, and SQL Database to be used by IT. This can be represented as:
AppService: Dev, QA
VM: Dev, IT
SQL Database: IT
So the grouping should naturally be based on the resource type
75-a You should create a resource group for each department. For example, you can create a resource group named development-rg that contains VMs and storage accounts, and then apply role-based access control (RBAC) permissions to ensure that only users in the development department can access this resource group.
My input --> This decision is made because the each department is required to manage its own set of resources, hence the grouping is based on the department.
Dev: VM and Storage Acct
Sales: ML models
76. Your company wants its IT department to manage SQL Server VMs that are in the prod env. It also wants to allow its development department to manage SQL Server VMs in the development env.
Which resource group organization should you use here?
a. Create a resource group for each department
b. Create a resource group for each resource type
c. Create a resource group for each environment
77. You deploy two Azure VMs running Windows Server 2016, and a third VM running Ubuntu Linux. All three VMs and their resources are added to the same resource group. The VMs and the resource group are located in the same Azure region. The test plan directs that you need to delete the resource group once the initial test cycle is completed. What is the result of this action?
a. Only resources metadata is deleted and access to the VMs is disabled
b. Only resources metadata is deleted and the VMs are shut down
c. All of the VMs contained in the resource group are deleted
d. Only resource metadata is deleted with no impact on the VMs
78. You work for a small college. The college has no more than 250 active students. You consider moving the college's infra to the cloud. You want to evaluate Azure VMs for 18 months. Which subscription should you use?
a. Enterprise
b. Free
c. Pay-as-you-go
d. Student
79. You work for a small college. The college has no more than 250 active students. You consider moving the college's infra to the cloud. You want to purchase Azure VMs and software licenses under one agreement. Which subscription should you use?
a. Enterprise
b. Free
c. Pay-as-you-go
d. Student
80. You work for a small college. The college has no more than 250 active students. You consider moving the college's infra to the cloud. You want to evaluate Azure App Services for 6 months. Which subscription should you use?
a. Enterprise
b. Free
c. Pay-as-you-go
d. Student
Answers:
76-c You should create a resource group for each env. For example, you can create
two resource groups that are named development-rg and production-rg. The dev env VMs are placed in development-rg group, and the production env VMs are placed in production-rg group. You can apply RBAC permissions to ensure that only users in the development department can access the development-rg and only users in the IT department can access the production-rg group.
77-c When a resource group is deleted, all of the resources contained in that resource group are also deleted, including VMs as well as metadata.
78-c Pay as you go (student subscription is only available for students and for non-business purposes)
79-a Enterprise, since you intend to purchase VMs
80-b Free
81. Which two factors affect Azure costs?
a. Availability zone selection
b. Resource usage
c. resource location
d. date and time of use
82. What can you use to ensure that new and existing Azure resources stay in compliance with corporate standards?
a. Azure Policy
b. Resource locks
c. Resource tags
d. Azure Advisor
83. Your company wants a solution for Azure VM deployments. The solution must enforce company standards on the VMs. What should you include in the recommendation?
a. Azure Cost Management
b. Azure Lock
c. Azure Policy
d. Azure Blueprints
84. You need to identify which Azure services are compliant with ISO 27001 Information Security Managment Standards. Where should you go to locate the information?
a. Microsoft Trust Center
b. Microsoft Privacy Statement
c. The Data Protection Addendum of Microsoft
d. Microsoft Online Services Terms
85. What can you use to restrict the deployment of a VM to a specific location?
a. Azure AD
b. resource locks
c. Azure Policy
d. resource groups
Answers:
81-b,c Azure costs are determined by the usage of Azure resources. Since different regions can have different associated prices, resource location also plays a role in the overall costs.
82-a Azure Policy is a service in Azure that enables you to create, assign, and manage policies that control or audit resources. These policies enforce different rules across all resource configurations so that the configurations stay compliant with corporate standards.
83-c Azure policies will allow you to enforce company standards on new virtual machines when combined with Azure VM Image Builder and Azure Compute Gallery. By using Azure Policy and role-based access control (RBAC) assignments, enterprises can enforce standards on Azure resources. But on virtual machines, these mechanisms only affect the control plane or the route to the VM.
84-a The Trust Center showcases the Microsoft principles for maintaining data integrity in the cloud and how Microsoft implements and supports security, privacy, compliance, and transparency in all Microsoft cloud products and services.
85-c Azure Policy can help to create a policy for allowed regions, which enables you to restrict the deployment of VMs to a specific location.
86. What can you use to describe the resources you want to provision in a declarative JSON format?
a. Azure Powershell
b. Azure CLI
c. Azure Resource Manager (ARM) templates
d. Azure Repos
87. Which tool is accessible via Azure Cloud Shell and allows you to write Bash scripts to manage an Azure environment?
a. Azure Powershell
b. Azure Resource Manager (ARM) templates
c. Azure Repos
d. Azure CLI
88. Which tools can you use to create a new Azure VM from a mobile device that runs Android?
a. the Azure portal
b. SSH
c. Remote Desktop
d. Powershell in Azure Cloud Shell
89. What can you use to manage resources, such as VMs, across multiple cloud platforms and on-premises environments?
a. Azure Arc
b. Azure CLI
c. Azure Monitor
d. Azure Powershell
90. You have a team of Linux administrators that need to manage the resources in Azure. The team wants to use the Bash shell to perform the administration. What should you recommend?
a. Azure Blueprint
b. Azure CLI
c. Azure Powershell
d. Azure Resource Manager (ARM) template
Answers:
86-c By using ARM templates, you can describe the resources you want to use in a declarative JSON format.
87-d Azure CLI is an executable program with which a user can execute commands in Bash that call the Azure REST API.
88-a,d The Azure portal can run on any browser in Android devices. When you visit the portal, you will see the cloud Shell, which users can use to access Bash and Powershell from within Cloud Shell. Another option (not mentioned in the question) is to use the Azure mobile app.
89-a Azure Arc is a set of technologies that helps manage your cloud environment, whether it's a public cloud solely on Azure, a private cloud in your datacenter, a hybrid configuration, or even a multi-cloud environment. It simplifies governance and management by delivering a consistent multi-cloud and on-premises management platform.
90-b Azure CLI allows you to use the Bash shell to perform administrative tasks. Bash is used in Linux environments, so a Linux administrator will probably be more comfortable performing command-line administration from Azure CLI.