Continuing from the previous article - Azure Fundamentals Knowledge Check - Part 3
91. You need to review the root cause analysis (RCA) report for a service outage that occurred last week. Where should you look for the report?
a. Azure Service Health
b. Azure Advisor
c. Azure Monitor
d. Log Analytics
92. You need to use thresholds to trigger autoscaling functionality to scale an app up or down to meet the demand. What should you include in the solution?
a. Azure Service Health
b. Azure Advisor
c. Azure Monitor
d. Log Analytics
93. Which issues require that you take action to avoid service interruptions, such as service retirements and breaking changes?
a. health advisories
b. service issues
c. application insights
d. kusto queries
94. What can you use to configure environments to automatically detect performance anomalies for live web apps?
a. Azure DevOps
b. Azure Cognitive Services
c. Azure Advisor
d. Azure Application Insights
95. What can you use to find information about planned maintenance for Azure services that are critical to your organization?
a. Azure Service Health
b. Azure Advisor
c. Azure Monitor
d. Log Analytics
Answers:
91-a After an outage, Service Health provides official incident reports called root cause analysis (RCA), which you can share with stakeholders.
92-c Azure Monitor is a platform that collects metric and logging data. This data can be used to decide the thresholds needed to trigger autoscaling.
93-a Health advisories are issues that require that you take action to avoid service interruptions, such as service retirements and breaking changes.
94-d Application Insights is a feature of Azure Monitor that allows you to monitor running applications, automatically detect performance anomalies, and use built-in analytics tools to see what users do on an app.
95-a You can drill down to the affected services, regions, and details to show how an event will affect you and what you need to do. Service Health also allows you to choose when to perform the maintenance to minimize the downtime.
96. Which scenarios are common billing use cases for resource tags?
a. Categorizing costs by department
b. Associating costs with different environments
c. Resizing underutilized VMs
d. Identifying lower cost regions
97. You plan to build a new solution in Azure that will use PaaS products. What should you use to estimate the monthly costs?
a. Total Cost of Ownership (TOC) calculator
b. Azure pricing calculator
c. Azure Advisor
d. Azure Cost Management
98. You need to associate the costs of resources to different groups within an organization without changing the location of the resources. What should you use?
a. resource tags
b. resource groups
c. subscriptions
d. administrative units
99. Your organization plans to deploy several production VMs that will have consistent resource usage throughout the year. What can you use to minimize the costs of the virtual machines without reducing the functionality of the VMs?
a. Azure Monitor alerts
b. Azure Reservations
c. spending limits
100. For which resource does Azure generate separate billing reports and invoices by default?
a. management groups
b. resource groups
c. subscriptions
d. accounts
Answers:
96-a,b You can use tags to categorize costs by department, such as human resources, marketing, or finance. Or by environment, such as test or production. Although resizing underutilized VMs and provisioning resources in lower cost regions is a good practice, but resource tags do not help with this.
97-b The Azure Pricing Calculator allows you to estimate and configure accordig to your specific requirements. You will then receive a consolidated estimated price and a detailed breakdown of the costs associated with each resource you added to your solution.
98-a Resource tags can be used to group billing data and categorize costs by runtime environment, such as billing usage for VMs running in a production environment.
99-b Azure Reservations offers discounted prices on certain Azure services. Azure Reservations can save you up to 72% compared to pay-as-you-go prices. To receive a discount, you can reserve services and resources by paying in advance. On the other hand, spending limits can suspend a subscription when the spend limit is reached.
100-c Azure generates separate billing reports and invoices for each subscription so that you can organize and manage costs.
101. Which Azure compute service can you use to deploy and manage a set of identical VMs?
a. availability sets
b. availability zones
c. Azure Container Instances
d. Azure Virtual Machine Scale Sets
102. Which Azure resources can make use of availability zones?
a. Azure SQL databases
b. Virtual Machines
c. Azure subscriptions
d. resource groups
103. Which scenario is a use case for a VPN gateway?
a. Connecting an on-premises datacenter to an Azure virtual network
b. Partitioning a virtual network's address space
c. Communicating between Azure resources
d. Filtering outbound network traffic
104. You need to allow resources on two different Azure virtual networks to communicate with each other. What should you configure?
a. A network security group (NSG)
b. A point-to-site VPN
c. Peering
d. Service endpoints
105. What can you use to connect Azure resources, such as Azure SQL databases, to an Azure virtual network?
a. ExpressRoute
b. Network security groups (NSGs)
c. Peering
d. Service endpoints
Answers:
101-d Virtual Machine Scale Sets are an Azure compute resource that you can use to deploy and manage and scale a set of identical virtual machines.
102-a,b Availability zones are primarily for VMs, managed disks, load balancers, and SQL databases.
103-a A VPN gateway is a type of virtual network gateway. Azure VPN Gateway instances are deployed to a dedicated subnet of a virtual network. You can use them to connect on-premises datacenters to virtual networks through a Site-to-Site (S2S) VPN connection.
104-c You can link virtual networks together by using virtual network peering. Peering enables resources in each virtual network to communicate with each other.
105-d Service endpoints are used to expose Azure services to a virtual network, providing communication between the two. ExpressRoute is used to connect an on-premises network to Azure. NSGs allow you to configure inbound and outbound rules for virtual networks and VMs. Peering allows you to connect virtual networks together.
106. Which services can you use to establish network connectivity between on-premises network and Azure resources?
a. ExpressRoute
b. Azure VPN Gateway
c. Azure Bastion
d. Azure Firewall
107. Which storage service should you use to store thousands of files containing texts and images ?
a. Azure Blob storage
b. Azure Queue storage
c. Azure Disk storage
d. Azure Table storage
108. Which Azure Blob storage tier stores data offline and offers the lowest storage cost and the highest costs to access data ?
a. Archive
b. Hot
c. Cool
109. Which scenarios are common use cases for Azure Blob storage ?
a. Storing data for backup and restore
b. Hosting ASPX files for a website
c. Mounting a file storage share to be accessed as a virtual drive on multiple VMs
d. Serving images or documents directly to a browser.
110. Which protocols are used to access Azure file shares ?
a. FTP
b. HTTP
c. Network File System (NFS)
d. Server Message Block (SMB)
Answers:
106-a,b ExpressRoute connections and Azure VPN Gateway are the two services that you can use to connect an on-premises network to Azure. Bastion provides a web interface to remotely administer Azure VMs by using SSH/RDP. Azure Firewall is a stateful firewall service used to protect virtual networks.
107-a Azure Blob storage is an object storage solution that you can use to store massive amounts of unstructured data, such as text or binary data.
108-a The Archive storage tier stores data offline and offers the lowest storage costs, but also the highest costs to rehydrate and access data. The Hot storage tier is optimized for storing data that is accessed frequently. Data in the Cool access tier can tolerate slightly lower availability, but still requires high durability, retrieval latency, and throughput characteristics similar to hot data.
109-a,d Low storage costs and unlimited file formats make blob storage a good location to store backups and archives. Blob storage can be reached from anywhere by using an internet connection. Azure Disk Storage provides disks for Azure VMs. Azure Files supports mounting file storage shares.
110-c,d Azure Files offers fully managed file shares in the cloud that are accessible via industry-standard SMB and NFS protocols.
111. What can you use to ensure that a user can access internal applications from approved laptops only?
a. Single Sign-on (SSO)
b. Multi-factor Authentication (MFA)
c. Hybrid Identity
d. Conditional Access
112. What can you use to allow a user to manage all the resources in a resource group?
a. Azure role-based access control (RBAC)
b. Resource tags
c. Resource locks
d. Azure Key Vault
113. To which object or level is an Azure role-based access control (RBAC) role applied?
a. resource lock
b. scope
c. resource tag
d. policy
114. Which type of strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data?
a. defense in depth
b. least privileged access
c. distributed denial-of-service (DDoS)
d. perimeter
115. Which services are provided by Azure AD? Each correct answer presents a complete solution.
a. Authentication
b. Data Encryption
c. Multi-Factor Authentication (MFA)
d. Single Sign-on (SSO)
Answers:
111-d Conditional Access is a tool that Azure AD uses to allow or deny access to resources based on identity signals, such as the device being used. SSO enables a user to sign in one time and use that credential to access multiple resources and applications from different providers. MFA is a process whereby a user is prompted during the sign-in process for an additional form of identification. Hybrid identity solutions create a common user identity for authentication and authorization to all resources, regardless of location.
112-a Azure RBAC allows you to assign a set of permissions to a user or group. Resource tags are used to locate and act on resources associated with specific workloads, environments, business units, and owners. Resource locks prevent the accidental change or deletion of a resource. Key vault is a centralized cloud service for storing application secrets in a single, central location.
113-b An Azure RBAC role is applied to a scope, which is a resource or set of resources that the access applies to.
114-a A defense in depth strategy uses a series of mechanisms to slow the advancement of an attack that aims to gain unauthorized access to data. The principle of least privilege means restricting access to information to only the level that users need to perform their work. A DDoS attack attempts to overwhelm and exhaust an application's resources. The perimeter layer is about protecting an organization's resources from network-based attacks.
115-a,d Azure AD provides services for verifying identity and access to applications and resources. SSO enables you to remember a single username and password to access multiple applications and is available in Azure AD. MFA is covered under Authentication already. Data encryption is not covered by Azure AD.
116. What can you use to ensure that users authenticate by using multi-factor authentication (MFA) when they attempt to sign in from a specific location?
a. Conditional Access
b. Azure role-based access control (RBAC)
c. Single Sign-on (SSO)
d. Administrative units
117. What are cloud-based backup services, data replication, and geo-distribution features of?
a. A disaster recovery plan
b. An elastic application configuration
c. A cost reduction plan
d. A hybrid cloud deployment
118. What is high availability in a public cloud environment dependent on?
a. The service-level agreement (SLA) that you choose
b. The vertical scalability of an app
c. Cloud-based backup retention limits
d. Capital Expenditures
119. An example of ____________ is automatically scaling an application to ensure that the application has the resources needed to meet customer demands.
a. Agility
b. High Availability
c. Geo-Distribution
d. Elasticity
120. Which type of cloud service model is typically licensed through a monthly or annual subscription?
a. Infrastructure as a service (IaaS)
b. Platform as a service (PaaS)
c. Software as a service (SaaS)
Answers:
116-a Conditional Access can use signals to determine information about authentication attempts, and then determine whether to block access or require additional verifications, such as MFA.
117-a Disaster recovery uses services, such as cloud-based backup, data replication, and geo-distribution, to keep data and code safe in the event of a disaster.
118-a Different services have different SLAs. Sometimes different tiers of the same service will offer different SLAs, which can increase or decrease the promised availability.
119-d Elasticity refers to the ability to scale resources as needed, such as during business hours, to ensure that an application can keep up with demand, and then reducing the available resources during off-peak hours. Agility refers to the ability to deploy new applications and services quickly. High availability refers tot he ability to ensure application available in multiple geographic locations that are typically close to users.
120-c SaaS is software that is centrally hosted and managed for you and your users or customers. Usually, one version of the application is used for all customers, and it is licensed through a monthly or annual subscription. PaaS and IaaS use a consumption-based model, so you only pay for what you use.