Differences

This shows you the differences between two versions of the page.

--- azure_az-900_summary [2024/12/07 17:53] – [Describe monitoring tools in Azure] oso
+++ azure_az-900_summary [2025/01/19 23:22] (current) – oso
@@ Line 9: / Line 9: @@
   *     Compute
-  *
   *     Networking
-  *
   *     Storage
@@ Line 19: / Line 17: @@
   *     Infrastructure management
-  *
   *     Database management
-  *
   *     Software development
@@ Line 42: / Line 38: @@
   * **Describe the shared responsibility model:** Cloud providers secure infrastructure; users secure data, OS, and apps based on service type.
-  * **Define cloud models, including public, private, and hybrid:** Public: shared infra; Private: exclusive infra; Hybrid: mix of both for flexibility.
+  * **Define cloud models, including public, private, and hybrid:**
+      * **Public:** shared infra.
+      * **Private:** exclusive infra.
+      * **Hybrid:** mix of both for flexibility.
   * **Identify appropriate use cases for each cloud model:**
-      * **Public:** scalable apps;
+      * **Public:** scalable apps.
-      * **Private:** sensitive data;
+      * **Private:** sensitive data.
       * **Hybrid:** compliance or diverse workloads.
   * **Describe the consumption-based model:** Pay only for what you use; no upfront costs or overprovisioning.
-  * **Compare cloud pricing models:** Pay-as-you-go: flexible; Reserved Instances: cheaper for fixed terms; Spot Instances: low-cost unused capacity.
+  * **Compare cloud pricing models:**
+      * **Pay-as-you-go**: flexible.
+      * **Reserved Instances:** cheaper for fixed terms.
+      * **Spot Instances:** low-cost unused capacity.
   * **Describe serverless:** Cloud runs code automatically, scaling as needed; no server management.
@@ Line 326: / Line 328: @@
     * Azure Monitor Alerts: Creates notifications or automated actions based on performance or log conditions.
     * Application Insights: Monitors application performance, availability, and usage with telemetry and diagnostics.
+----
+==== Summary ====
+**A: Handling Subscription Limits in Azure**
+  * Contact Azure Support for resource limit increases (e.g., vCPU).
+  * Avoid creating multiple subscriptions to resolve limit issues.
+**B: Azure Subscription Types**
+  * **Azure for Students**: Free credits and 12 months of free services.
+  * **Pay-As-You-Go**: Pay only for used resources; no upfront costs.
+  * **Free Trial**: Limited-time free access to Azure resources; one per account.
+**C: Management Group Limitations**
+  * Single parent per management group or subscription.
+  * Max six levels in hierarchy.
+  * Limited total number of management groups.
+**D: Using Management Groups in Azure**
+  * Apply policies and governance across subscriptions.
+  * Restrictions in a management group affect resource creation in subscriptions.
+**E: Understanding Containers**
+  * Containers are self-contained packages with everything an app needs to run.
+  * Deployable across various environments.
+  * Must match the host OS (Linux/Windows).
+**F: Azure Container Options**
+  * **Azure Container Instances (ACI)**: Easy setup with minimal configuration.
+  * **Azure Kubernetes Service (AKS)**: Advanced container orchestration.
+  * DNS label or image changes require re-creating the instance.
+**G: Azure Functions and Microservices**
+  * **Azure Functions**: Run based on microservices architecture; pay per execution time.
+  * **App Service Plan**: Logical container for running VMs.
+**H: Load Balancing in Azure**
+  * **Azure Scale Sets**: Layer 4 traffic with load balancers; Layer 7 traffic with Application Gateway.
+  * **Azure App Services**: Staging environments, SSL, custom domains, and CLI tools.
+**I: Memory-Optimized Virtual Machines (VMs)**
+  * High memory-to-CPU ratio.
+  * Best for in-memory analytics, relational databases, and memory-intensive workloads.
+**J: Azure App Service Tiers**
+  * **Standard Tier**: 99.95% uptime, 50 GB storage, unlimited apps.
+  * Six tiers tailored to specific workloads and performance needs.
+**K: Azure Container Registry (ACR)**
+  * Stores and manages container images for ACI and AKS.
+  * Ensures secure image access using Azure identity and security features.
+**L: Monitoring and Insights Tools**
+  * **Azure Monitor**: Performance and operational insights.
+  * **Azure Advisor**: Recommendations to optimize Azure resources.
+  * **Azure Sentinel**: Cloud-native security and incident management.
+**M: Scaling and Storage in AKS**
+  * **Cluster Autoscaler**: Adjusts nodes based on demand.
+  * Persistent storage with support for static and dynamic volumes.
+**N: Azure Virtual Desktop Load Balancing**
+  * **Breadth Mode**: Users distributed sequentially across VMs for performance.
+  * **Depth Mode**: Assign users to one VM at a time to reduce costs.
+  * Automatic provisioning of VMs during high demand.
+**O: Global Scalability and Disaster Recovery**
+  * **Global Scalability**: Enables worldwide service delivery by dynamically increasing resources like computing power, bandwidth, and storage based on demand.
+  * **Disaster Recovery**: Redundant sites can become operational within hours of disruptions like power outages or natural disasters. Regular data replication across multiple data centers ensures availability even if one location fails.
+**P: Azure Hybrid Cloud and Connectivity Options**
+  * **Hybrid Cloud Connectivity**:
+    * **Azure Hybrid Cloud**: Links on-premises networks with Azure Cloud.
+    * **Virtual Network** and **Express Routes**: Facilitate secure hybrid connections.
+  * **Application Integration Tools**:
+    * **Service Bus**: Transfers messages between applications.
+    * **Custom Connectors and External Databases**: Enable seamless integration.
+**Q: Azure Stack and Private Cloud Deployment**
+  * **Azure Stack**:
+    * A comprehensive solution for hybrid cloud deployment, combining software and validated hardware.
+    * Allows running Azure services on-premises, simplifying the transition to cloud environments.
+  * **Private Cloud**:
+    * Can be hosted on-premises or in a third-party data center.
+    * Infrastructure is dedicated to a single organization, offering high levels of privacy and security.
+**R: Core Cloud Features**
+  * **Reliability**: Logical placement of resources ensures consistent application performance during peak traffic.
+  * **High Availability**: Maintains a 99.999% uptime through redundancy and proactive management.
+  * **Manageability**: Alerts and application insights aid in monitoring and optimizing resource performance.
+**S: Scaling in Cloud Environments**
+  * **Horizontal Scaling (Scaling Out)**: Adds more VMs with identical configurations to share increased workloads.
+  * **Vertical Scaling (Scaling Up)**: Migrates applications to more robust VMs with enhanced features like SSDs or increased memory.
+  * **Elasticity**: Automatic scaling based on metrics like CPU and memory usage adapts dynamically to workload changes.
+**T: Cloud Models and Security Levels**
+  * **Private Cloud**: Fully dedicated infrastructure, offering the highest security.
+  * **Public Cloud**: Shared multi-tenant environment with robust but less exclusive security.
+  * **Hybrid Cloud**: Combines elements of both, balancing flexibility and control.
+  * **Government Cloud**: Exclusive environments like Azure USA and Azure China, tailored for governmental use with maximum security.
+**U: Cloud Service Models**
+  * **IaaS**: Requires installing and configuring software like PHP and database connections.
+  * **PaaS**: Simplifies deployment by managing the infrastructure for you.
+  * **SaaS**: Fully managed software ready for immediate use, ideal for reducing IT overhead.
+  * **XaaS**: Extends to any service, providing customizable bare-bone solutions for specific needs.
+**V: Agility in Cloud Development**
+  * **Cloud Agility**: Facilitates rapid development, testing, and deployment of applications.
+  * **Benefits**: Accelerates response to market changes and customer demands, enhancing organizational competitiveness.
+**W: Azure Availability Strategies**
+  * **Availability Zones**: Provide redundancy within an Azure region by distributing resources across multiple data centers.
+  * **Availability Sets**: Place VMs in different server racks within the same data center for fault tolerance.
+  * **Zone-Redundant Services**: Use features like Zone-Redundant Storage (ZRS) for enhanced reliability.
+**X: Data Replication and Regional Pairs**
+  * **Regional Pairs**: Two regions within the same geography are updated sequentially to ensure uninterrupted availability.
+  * **Multi-Region Replication**: Safeguards data by duplicating it across regions, offering resilience against localized disasters.
+**Y: Cost Management with Resource Groups**
+  * **Resource Groups**: Organize resources with shared lifecycles for easier management.
+  * **Cost Allocation**: Assign expenses to departments by structuring resource groups (e.g., Sales, IT Support).
+**Z: Azure Subscription Limits**
+  * **Defined Quotas**: Establish maximum allowances for resources like storage accounts (250 per region), VMs (25,000 per region), and resource groups (980 globally).
+  * **Purpose**: Facilitates efficient management and prevents resource overutilization.
+----
+===== AZ-900 Practice Quiz (https://insidethemicrosoftcloud.com/az900/) =====
+**To transition a large capital expenditure (CapEx) to an operational expenditure (OpEx), Contoso's CIO has suggested to the board that the organization move their virtual machine (IaaS) workloads to Azure. The CFO argues that this will result in unpredictable OpEx spending. In this case, what pricing option is available to reduce costs and making predicting future spending easier?**
+  * <wrap hi>**Azure Reservations**</wrap>
+  * Pay-as-you-go (PAYG)
+  * Azure VM Scale Sets
+  * Azure in CSP
+**Tailspin Toys, a small startup, is choosing their initial services architecture. They choose to rely on Office 365 and Microsoft Azure for all services. Which of the following best describes the cloud model they have chosen?**
+  * Private Cloud
+  * <wrap hi>**Public Cloud**</wrap>
+  * Hybrid Cloud
+  * Government Cloud
+**Which of the following statements are true of a Software as a Service solution?**
+  * You are responsible for maintaining the solution infrastructure
+  * You are responsible for deploying updates to the solution
+  * You are responsible for solution availability and scalability
+  * <wrap hi>**You are responsible for configuring the solution features**</wrap>
+**Contoso is planning to move to Azure, but currently hosts business applications in a shared virtualization infrastructure on-premises, utilizing Hyper-V. This is an example of which cloud computing model?**
+  * Hybrid Cloud
+  * <wrap hi>**Private Cloud**</wrap>
+  * Public Cloud
+  * Government Cloud
+**Azure SQL Database and an on-premises SQL cluster represent a(n) .... expense and a(n) .... expense, respectively.**
+  * Capital, Capital
+  * Capital, Operational
+  * Operational, Operational
+  * <wrap hi>**Operational, Capital**</wrap>
+**In Azure, you are charged only for what you use. This is known as a**
+  * Fixed-price model
+  * <wrap hi>**Consumption based model**</wrap>
+**Contoso runs several business applications in Azure VMs. Which cloud computing model best categorizes Azure VMs?**
+  * Software  as a service (SaaS)
+  * Platform  as a service (PaaS)
+  * <wrap hi>**Infrastructure  as a service (IaaS)**</wrap>
+  * Function as a service (FaaS)
+**Azure App Service, Azure SQL Database, and Cosmos DB are examples of which category of cloud computing service?**
+  * Function as a Service (FaaS)
+  * Software as a Service (SaaS)
+  * <wrap hi>**Platform as a Service (PaaS)**</wrap>
+  * Infrastructure as a Service (IaaS)
+**You need to provide additional capacity than what is currently available in your on-premises datacenter. The solution must minimize capital expense (CapEx) and operational expense (OpEx). Which solution should you recommend?**
+  * Migration to public cloud
+  * A private cloud
+  * <wrap hi>**A hybrid cloud**</wrap>
+  * Additional on-premises servers
+**Office 365, Azure VMs, and Event Grid represent, ......, ......, and ......, respectively.**
+  * 1)SaaS 2) PaaS 3) IaaS
+  * 1) PaaS 2) IaaS 3) SaaS
+  * <wrap hi>**1) SaaS 2) IaaS 3) PaaS**</wrap>
+**Contoso host databases for customer-facing web applications in Azure MySQL Database. Which cloud computing model best categorizes this service?**
+  * Software  as a service (SaaS)
+  * <wrap hi>**Platform  as a service (PaaS)**</wrap>
+  * infrastructure  as a service (IaaS)
+  * Function as a service (FaaS)
+**Contoso hosts a legacy CRM application that runs on an Azure VM scale set. The application runs at a steady state of around 30% resource utilization. However, during month end closing activities, the application spikes to 90% resource utilization for extended periods during the last week of the month. Azure allows Contoso IT to meet these spikes in resource demand at the push of a button, paying for the additional capacity only when needed. This is an example of:**
+  * Scalability
+  * <wrap hi>**Elasticity**</wrap>
+  * Fault Tolerance
+  * High Availability
+**Contoso plans to migrate their existing on-premises SQL VMs to Azure. Which expenditure model does this implement?**
+  * Capital (CAPEX)
+  * <wrap hi>**Operational (OPEX)**</wrap>
+  * Subscription
+  * Elastic
+**A financial analysis of migration of on-premises files to Azure Storage at Contoso showed that storing 2TB of archived data in Azure would be less expensive than hosting this data on-premises. The report also showed unit cost in Azure would decrease even further as the data archive grows. This is an example of cloud**
+  * Elasticity
+  * <wrap hi>**Economies of scale**</wrap>
+  * Scalability
+  * High Availability
+**The Contoso Corp Financial Services team needs to automate several business processes. They need to create workflows in a low-code environment with a visual interface. The service must have built-in connectivity to their existing platforms, like SalesForce and SAP. The members working on the project are only lightly technical (citizen developers). Which Microsoft service will best fit their use case?**
+  * <wrap hi>**Power Automate**</wrap>
+  * Logic Apps
+  * Azure Automation
+  * Azure Functions
+**Kelly, who works in IT Operations, wants to automate a task using a script she wrote. She wants to do this with a minimum of expense and maintenance effort. She selected Azure Functions to host the job, instead of Azure Virtual Machines (IaaS). Does this service meet the solution criteria?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso has a line-of-business application that requires access to a file share. You need to host this share in Azure with a minimum of cost and administration effort. Which service would best fulfill this requirement?**
+  * <wrap hi>**Azure Files**</wrap>
+  * Azure Blob Storage
+  * Azure VMs
+  * VM Scale Sets
+**Contoso IT needs to ensure deployments of like Azure resources are the same for every deployment. Which of the following could be used to automate resource deployment?**
+  * Azure API Management
+  * Management Groups
+  * <wrap hi>**Azure Resource Manager (ARM) templates**</wrap>
+  * Azure Synapse
+**You are testing new software in an Azure VM. When you are done testing, you shut down the VM, which shows a state of "Stopped" in the Azure portal. Will you incur additional costs while the VM is in this state?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**You are deploying multiple instances of a custom Contoso web application. The application instances share a common management lifecycle, but will be located in different Azure regions. Can you deploy resources across multiple Azure regions in a single resource group?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**You are responsible for recommending infrastructure architectures for applications at Contoso. Which solution would you recommend for on-demand execution of automated tasks in Python for minimum of expense?**
+  * Azure Monitor
+  * Azure Cloud Shell
+  * Azure Automation
+  * <wrap hi>**Azure Functions**</wrap>
+**Which Azure service would you use to correlate events from multiple Azure resources in a central repository? (choose the best answer)**
+  * Azure Data Lake
+  * <wrap hi>**Azure Log Analytics**</wrap>
+  * Azure Event Grid
+  * Azure Event Hub
+**An ...... protects against datacenter-level failures.**
+  * Availability Set
+  * <wrap hi>**Availability Zone**</wrap>
+  * VM scale set
+  * Azure VM
+**Contoso has messages from a variety of sources (many Azure services) that need to be need to be relayed to an application. Which Azure service would be best suited to the task?**
+  * Azure Functions
+  * <wrap hi>**Azure Event Grid**</wrap>
+  * Azure IoT Hub
+  * Azure Service Bus
+**You can monitor health and availability of your Azure Kubernetes Service (AKS) cluster with:**
+  * <wrap hi>**Azure Monitor**</wrap>
+  * Azure App Insights
+  * Microsoft Sentinel
+  * Microsoft Defender for Cloud
+**Which storage tier in Azure Storage delivers the highest cost of data storage?**
+  * <wrap hi>**Hot**</wrap>
+  * Cool
+  * Cold
+  * Archive
+**To retire some aging on-premises servers, Contoso is planning to move several SQL databases to Azure SQL Database. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Sally suggests using the Azure Pricing Calculator to estimate costs prior to migration. Does Sally's solution meet the solution criteria?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Which storage tier in Azure Storage delivers the lowest cost of data storage?**
+  * Hot
+  * Cool
+  * Cold
+  * <wrap hi>**Archive**</wrap>
+**You have a mobile application that exchanges large numbers of messages with customer devices. Which type of Azure storage is optimized for storing large numbers of messages, accessible from anywhere via authenticated HTTP or HTTPS calls?**
+  * Blob Storage
+  * <wrap hi>**Queue Storage**</wrap>
+  * Table Storage
+  * File Storage
+**Contoso's Security team wants to apply policy-based configuration across deployments in multiple Azure subscriptions. Which of the following can help achieve this requirement?**
+  * Resource Groups
+  * <wrap hi>**Management Groups**</wrap>
+  * Role Based Access Control (RBAC)
+  * Access Policies
+**Contoso plans to implement a hybrid cloud architecture utilizing Azure. They need to connect on-premises application resources. The solution should minimize latency and maximize security. Which option should they choose?**
+  * Point-to-Site VPN
+  * Site-to-Site VPN
+  * <wrap hi>**ExpressRoute**</wrap>
+  * Azure Application Gateway
+**As part of a hybrid cloud deployment at Contoso, you need to connect Contoso's on-premises datacenter to Azure. The solution you choose should minimize expense during the low-scale pilot deployment. Which option will you choose?**
+  * Point-to-Site VPN
+  * <wrap hi>**Site-to-Site VPN**</wrap>
+  * ExpressRoute
+  * Azure Application Gateway
+**For regulatory compliance, you need to ensure Contoso's corporate web apps use TLS 1.2 for encryption. Does Azure App Service support enforcing this specific requirement?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso wants to migrate a legacy application to Azure that requires an file share accessible on a UNC path. You need to provide an SMB file share and secure access. The solution should minimize administrative effort. Which service will you use?**
+  * OneDrive
+  * SharePoint
+  * Azure VM with a file share
+  * <wrap hi>**Azure Files**</wrap>
+**Storage for Azure VMs is hosted in which Azure Storage type?**
+  * File
+  * Table
+  * <wrap hi>**Disk**</wrap>
+  * Blob
+**Contoso IT wants to configure separate Azure subscriptions for different environments (production, development, test) and products. Can they associate multiple Azure subscriptions to the same Entra ID tenant?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso Financial Services regularly creates documents containing sensitive customer data, including personally identifiable information. You need to ensure access is restricted to finance personnel, regardless of where the document travels. Which service should you use to classify and protect these documents?**
+  * Microsoft Defender for Cloud Apps
+  * Microsoft Defender for Endpoint
+  * <wrap hi>**Microsoft Purview**</wrap>
+  * Entra ID Conditional Access
+**An Azure ...... is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.**
+  * Availability Zone
+  * <wrap hi>**Region**</wrap>
+  * Geography
+  * Datacenter
+**Which Azure storage redundancy option does Microsoft recommend for maximum redundancy and recoverability?**
+  * Locally Redundant Storage (LRS)
+  * Geo-Redundant Storage (GRS)
+  * Zone Redundant Storage (ZRS)
+  * <wrap hi>**Geo Zone Redundant Storage (GZRS)**</wrap>
+**An ...... protects against VM failures due to failures in updates, power, or network connectivity.**
+  * <wrap hi>**Availability Set**</wrap>
+  * Availability Zone
+  * VM scale set
+  * Azure VM
+**You need to manage your Azure VMs using the Azure portal. Which URL would you use to manage the Azure VMs?**
+  * https://portal.azurewebsites.net
+  * https://portal.microsoft.com
+  * https://portal.azure.microsoft.com
+  * <wrap hi>**https://portal.azure.com**</wrap>
+**Contoso IT wants to develop modern application components using a serverless architecture. Which Azure service is best for hosting code as part of a services infrastructure?**
+  * Azure Logic Apps
+  * <wrap hi>**Azure Functions**</wrap>
+  * Azure Service Bus
+  * Azure Automation
+**You can monitor health and performance of microservices applications running on Azure Kubernetes Service (AKS) with:**
+  * Azure Monitor
+  * <wrap hi>**Azure App Insights**</wrap>
+  * Azure Sentinel
+  * Microsoft Defender for Cloud
+**You need to store unstructured data, such as images, video files, social media posts on Azure Storage. Which type of Azure Storage is optimized for storage of large amounts of unstructured data?**
+  * Table Storage
+  * Queue Storage
+  * Disk Storage
+  * <wrap hi>**Blob Storage**</wrap>
+**Contoso IT has deployed a group of Azure VMs for hosting production. They want best practices recommendations for high availability of their VM resources. Will the Azure Advisor tool provide recommendations for these existing resources?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**The Contoso IT Operations team needs to monitor their customer-facing web apps for performance anomalies. Which Azure service will best fulfill this need?**
+  * Azure WebJobs
+  * <wrap hi>**Azure Application Insights**</wrap>
+  * Azure Automation
+  * Azure Sentinel
+**You need to automate responses to some alerts from Azure Monitor. Which service supports automating responses and corrective actions in this scenario?**
+  * Power Automate
+  * Azure Logic Apps
+  * Azure Web Jobs
+  * <wrap hi>**Azure Automation**</wrap>
+**The Contoso IT Operations team needs to aggregate events from a large number of resources hosted in Azure for correlation, alerting, and reporting. Which Azure service would you use to centrally collect, store, and act on events?**
+  * Azure App Insights
+  * <wrap hi>**Azure Monitor**</wrap>
+  * Azure Data Lake
+  * Azure Event Hub
+**You need to alert on service failures in your Azure services, such as web app instances hosted in App Service, and Azure VMs that stop running for any reason. Which tool should you use?**
+  * Azure App Insights
+  * Azure Log Analytics
+  * <wrap hi>**Azure Monitor**</wrap>
+  * Microsoft Defender for Cloud
+**You can find recommendations for security best practices security configuration for Azure Kubernetes Service (AKS) with:**
+  * Azure Monitor
+  * Azure App Insights
+  * Microsoft Sentinel
+  * <wrap hi>**Microsoft Defender for Cloud**</wrap>
+**Azure VMs in different virtual networks can communicate by default**
+  * TRUE
+  * <wrap hi>**FALSE**</wrap>
+**Which Microsoft solution provides support for passwordless authentication on Windows 10 and 11 systems?**
+  * Entra ID Conditional Access
+  * Microsoft Authenticator
+  * <wrap hi>**Windows Hello for Business**</wrap>
+  * Microsoft Purview
+**You have deployed an Azure VM hosting a line-of-business web application. You need to provide access to the application over the Internet via HTTP/S. You add a security rule to the Network Security Group (NSG) to allow inbound traffic from the Internet. Does this solution meet the requirement?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso IT has deployed multiple Azure VM across 15 virtual networks. How can you most securely limit inbound traffic and protect these VMs from unwanted inbound requests? (choose the best answer)**
+  * Create a network security group (NSG)
+  * <wrap hi>**Deploy an Azure Firewall**</wrap>
+  * Deploy an Azure Load Balancer
+  * Deploy a  virtual network gateway
+**You need to define and enforce corporate standards for new and existing Azure resource deployments in all of Contoso's Azure subscriptions. What should you use to meet this objective?**
+  * <wrap hi>**Azure Policy**</wrap>
+  * Microsoft Defender for Cloud
+  * Microsoft Sentinel
+  * Azure Advisor
+**Tailspin Toys relies heavily on Entra ID for cloud identity. They want to more effectively protect their identities from external threats. Which service should they choose?**
+  * <wrap hi>**Azure Identity Protection**</wrap>
+  * Microsoft Defender for Endpoint
+  * Azure DDoS
+  * Microsoft Information Protection
+**In a Site-to-Site VPN, the.... is the cross-premises gateway that connects your Azure Virtual Network with your on-premises VPN appliances**
+  * Azure Application Gateway
+  * <wrap hi>**Azure Virtual Network Gateway**</wrap>
+  * Local Network Gateway
+  * Private Endpoint
+**You need to prevent accidental deletion of Azure resources in your subscription. Which feature will meet this requirement? (choose the best answer)**
+  * RBAC
+  * <wrap hi>**Resource Locks**</wrap>
+  * Security groups
+  * Azure policies
+**You are responsible for creating Azure resources at Contoso using ARM templates. You need to ensure Azure resources are only created in approved regions. What should you use to enforce this requirement**
+  * Azure locks
+  * <wrap hi>**Azure Policy**</wrap>
+  * Azure Blueprint
+  * Microsoft Defender for Cloud
+**Contoso IT assigns permissions at the resource group level for all resources deployed to Azure. Will resources in the resource group inherit permissions assigned to the resource group?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso has implemented a hybrid, synchronized identity model, consisting of on-premises Active Directory and Entra ID. They want to more effectively protect their on-premises identities from external threats. Which service should they choose?**
+  * Azure Identity Protection
+  * <wrap hi>**Microsoft Defender for Endpoint**</wrap>
+  * Azure DDoS
+  * Microsoft Information Protection
+**You need to implement multi-factor authentication for your Entra ID users. However, you only want to prompt for an additional authentication factor when users are not in a trusted location on an unmanaged device. Which feature should you implement? (choose the best answer)**
+  * Microsoft Purview
+  * Identity Protection
+  * <wrap hi>**Conditional Access**</wrap>
+  * Privileged Identity Management
+**The Contoso Security team has implemented a new security policy. When users connect from an outside corporate offices, they must be prompted for MFA. Which feature will you implement?**
+  * Entra ID Privileged Identity Management
+  * One Time Passwords (OTP)
+  * Entra ID Identity Protection
+  * <wrap hi>**Entra ID Conditional Access**</wrap>
+**You need to support OATH tokens (one-time password) as a second authentication factor for Entra ID. What Microsoft solution enables use of OATH tokens for Entra ID and other identity providers?**
+  * Entra ID Identity Protection
+  * <wrap hi>**Microsoft Authenticator**</wrap>
+  * Conditional Access
+  * Entra ID Multi-Factor Authentication
+**The Contoso Legal Department has asked Contoso IT to verify whether the Contoso's Azure environment meets regulatory requirements. Which service should you use to answer this question?**
+  * Azure Advisor
+  * <wrap hi>**Microsoft Defender for Cloud**</wrap>
+  * Microsoft Purview
+  * Azure Policy
+**What are the three foundational principles of Zero Trust?**
+  * <wrap hi>**1) Verify explicitly 2) Use least privilege access 3) Assume breach**</wrap>
+  * 1) Verify explicitly 2) Use defense in depth 3) Assume breach
+  * 1) Verify explicitly 2) Trust but verify 3) Assume breach
+  * 1) Verify explicitly 2) Use least privilege access 3) Trust must be earned
+**Contoso Electronics is a global retailer. The Contoso Cloud Architecture team needs to simplify deployments of new environments in Azure, including Azure Resource Manager (ARM) templates , role-based access, and policies.
+Which Azure service enables delivery of templates for repeatable deployment and configuration of new subscriptions and environments? (choose the best answer)**
+  * Azure Policy initiatives
+  * Azure Policy
+  * ARM templates
+  * <wrap hi>**Azure Blueprints**</wrap>
+**Your company is planning to host services in Azure. You want to leverage identities in Entra ID, but still need to support on-premises identities in Active Directory. Can you support single sign-on (SSO) and multi-factor authentication for both on-premises and cloud with Entra ID?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**You need to configure access to Office 365 resources for users at Contoso. To group users for assignment of permissions, which of the following options would you use?**
+  * Microsoft 365 group
+  * Resource group
+  * <wrap hi>**Security group**</wrap>
+  * Management group
+**Implementing Azure MFA (multi-factor authentication) will ensure we know who the user is who they claim to be. This is an example of:**
+  * Authorization
+  * <wrap hi>**Authentication**</wrap>
+  * Integrity
+  * Confidentiality
+**You need to ensure on-premises file shares and Azure Files remain in sync in both directions, regardless of where the file was changed. Which tool or service would you choose? (choose the best answer)**
+  * AzCopy
+  * Azure Storage Explorer
+  * <wrap hi>**Azure File Sync**</wrap>
+  * Azure Data Box
+**Contoso's Security team wants to implement selective use of multi-factor authentication (MFA) based on multiple factors related to the authentication request, such as device health and sign-in risk. Which service should they implement?**
+  * Conditional Access
+  * <wrap hi>**Identity Protection**</wrap>
+  * Multi-Factor Authentication (MFA)
+  * Windows Hello for Business
+**Contoso has deployed resources across multiple Azure regions for multiple business units. They have a requirement to generate cost and chargeback reporting to track the Azure costs to be charged back to each business unit. Which Azure feature should they use to simplify this task?**
+  * <wrap hi>**Tags**</wrap>
+  * Resource Locks
+  * Resource Groups
+  * Management Groups
+**You need to identify and enforce Contoso's corporate standards across new and existing Azure deployments. Which service would you choose to achieve this requirement? (choose the best answer)**
+  * Azure Blueprints
+  * <wrap hi>**Azure Policy**</wrap>
+  * Azure Resource Manager (ARM) templates
+  * Azure Automation
+**Using role based access control (RBAC) in Azure, we can determine which resources and services a user has access to. This is an example of:**
+  * <wrap hi>**Authorization**</wrap>
+  * Authentication
+  * Integrity
+  * Confidentiality
+**Azure China and Azure Government are examples of:**
+  * Private clouds
+  * <wrap hi>**Sovereign regions**</wrap>
+  * Azure geographies
+  * Management groups
+**You need to ensure no one (including administrators) can create additional resources in a Azure resource group. What will you do to achieve this objective?**
+  * Azure Policy
+  * Role based access control (RBAC)
+  * <wrap hi>**Resource locks**</wrap>
+  * Microsoft Defender for Cloud
+**Which of the following describes authentication?**
+  * Determines which resources you can access
+  * Defines the services and regions you can access
+  * <wrap hi>**Validates that a user is who they claim to be**</wrap>
+  * Establishes your resource access
+**You need to track resource consumption by application and department for cost tracking and chargeback. Which of the following will enable this capability.**
+  * Azure Monitor
+  * <wrap hi>**Tags**</wrap>
+  * Azure
+  * Management Groups
+**You need to automate movement of multiple files to a storage account. What command line tool can you use to script copying blobs or files to or from your storage account? (choose the best answer)**
+  * Azure File Sync
+  * Azure Storage Explorer
+  * <wrap hi>**AzCopy**</wrap>
+  * Azure Data Box
+**Which Azure storage redundancy option would you select for development workloads where minimizing expense is the highest priority?**
+  * Zone Redundant Storage (ZRS)
+  * Geo-Redundant Storage (GRS)
+  * Geo-Zone Redundant Storage (GZRS)
+  * <wrap hi>**Locally Redundant Storage (LRS)**</wrap>
+**Contoso needs Azure capacity to support spikes in request traffic to their load-balanced web farm during the holiday shopping season. A consultant recommends deploying the website to a virtual machine scale set in Azure. Will this meet the requirement?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Which type of Azure storage stores NoSQL data in Azure, including a schemaless key/attribute store?**
+  * Queue Storage
+  * <wrap hi>**Table Storage**</wrap>
+  * Blob Storage
+  * File Storage
+**You need to identify deviations from Microsoft security best practices in your Azure cloud infrastructure. Which service should you use?**
+  * Azure Advisor
+  * <wrap hi>**Microsoft Defender for Cloud**</wrap>
+  * Azure Monitor
+  * Azure Key Vault
+**Contoso IT is planning to migrate all on-premises data to Azure. The Legal Department has asked for verification that Azure complies with Contoso's regulatory obligations, such as HIPAA and PCI DSS. Which Azure service can be used to monitor for regulatory compliance?**
+  * Azure App Insights
+  * Azure Advisor
+  * Azure Monitor
+  * <wrap hi>**Microsoft Defender for Cloud**</wrap>
+**You need to calculate the estimated cost of a set of Azure resources before you deploy them. Which service or tool will you use?**
+  * Azure Advisor
+  * <wrap hi>**Azure Pricing Calculator**</wrap>
+  * Azure Cost Management
+  * Azure TCO Calculator
+**As part of a migration of on-premises VM workloads to Azure VMs, Contoso wants to minimize costs. Since the VMs will be running in Azure for an extended period of time (years), what option should they consider to reduce hosting costs?**
+  * Azure Cost Management
+  * <wrap hi>**Azure Reservations**</wrap>
+  * Azure Advisor
+  * VM Scale Sets
+**A ...... is a virtual network gateway that sends encrypted traffic between an Azure VNET and an on-premises location over the Internet**
+  * App gateway
+  * Web proxy
+  * <wrap hi>**VPN gateway**</wrap>
+  * Private endpoint
+**Contoso IT Operations has been tasked with providing recommendations on how to reducing cost of running Azure VMs. Which service should they use to gather recommendations?**
+  * Microsoft Defender for Cloud
+  * <wrap hi>**Azure Advisor**</wrap>
+  * Azure Monitor
+  * Azure App Insights
+**Contoso is planning to move several on-premises services to Azure PaaS and IaaS solutions. The CIO has asked for a tool to estimate the cost of hosting these resources in Azure. Tom suggests Azure Cost Management to estimate costs prior to migration. Does Tom's solution meet the solution criteria?**
+  * YES
+  * <wrap hi>**NO**</wrap>
+**To manage service lifecycle with more granularity, Contoso cloud architects have designed a model that involves a large number of resource groups. Will Contoso incur additional costs for the resources groups?**
+  * YES
+  * <wrap hi>**NO**</wrap>
+**You plan to deploy several Azure VMs. The applications running on these VMs should remain available if a single Azure datacenter fails. You opt to deploy VMs to multiple availability zones. Does your solution meet the solution criteria?**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Contoso IT has deployed a group of VMs in Azure. They want to identify recommendations on how to reduce the cost of running these VMs. Which tool should they use? (choose the best answer)**
+  * Azure Price Calculator
+  * <wrap hi>**Azure Advisor**</wrap>
+  * Azure Cost Management
+  * Microsoft Defender for Cloud
+**Azure App Service supports which of the following application type(s)?**
+  * Web apps
+  * Mobile apps
+  * API apps
+  * <wrap hi>**All the above**</wrap>
+**Which virtual machine configuration supports a more resilient, highly available environment by staggering VM updates and ensuring varied power and network connectivity?**
+  * Virtual machine scale sets
+  * <wrap hi>**Virtual machine availability sets**</wrap>
+  * virtual cluster
+  * Azure Virtual Desktop
+**Tailspin Toys uses a pay-as-you-go (PAYG) subscription in Azure. PAYG generally provides lowest cost over time, but least flexibility in terms of shifting consumption to new services.**
+  * TRUE
+  * <wrap hi>**FALSE**</wrap>
+**Azure Container Instances enable running containers without host servers to manage.**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Azure Container Instances enable elastic bursting  for Azure Kubernetes Service**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Azure VMs in different subnets in the same virtual network can communicate by default**
+  * <wrap hi>**YES**</wrap>
+  * NO
+**Azure DDoS, which protects your Azure resources against distributed denial of services attacks, includes both a Basic and Standard tiers.**
+  * <wrap hi>**YES**</wrap>
+  * NO