










Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A detailed overview of various azure services, including azure cosmos db, azure database for mysql, azure sql database, azure database for postgresql, azure synapse analytics, azure functions, azure app service, azure container instances, azure expressroute, azure machine learning, azure cognitive services, azure bot service, azure service health, azure cli, azure powershell, azure resource manager templates, azure logic apps, azure iot hub, azure iot central, azure sphere, azure security center, azure sentinel, azure key vault, azure firewall, azure policy, and more. It covers the key features, use cases, and differences between these services, helping readers understand the azure ecosystem and make informed decisions when choosing the right azure services for their needs. The document also touches on topics like cost optimization, security, and devops, providing a comprehensive understanding of the azure platform.
Typology: Exams
1 / 18
This page cannot be seen from the preview
Don't miss anything!











Your team is interested in writing Graph-based applications that take advantage of the Gremlin API. Which option would be ideal for that scenario? A. Azure Cosmos DB B. Azure SQL Database C. Azure Databricks D. Azure Database for PostreSQL - A. Azure Cosmos DB It supports SQL, MongoDB, Cassandra, Tables, and Gremlin APIs. Tailwind Traders uses the LAMP stack for several of its websites. Which option would be ideal for migration? A. Azure Cosmos DB B. Azure Database for MySQL C. Azure SQL Database D. Azure Database for PostgreSQL - B. Azure Database for MySQL Azure Database for MySQL is the logical choice for existing LAMP stack applications. Tailwind Traders has millions of log entries that it wants to analyze. Which option would be ideal for analysis? A. Azure Cosmos DB B. Azure SQL Database C. Azure Database for PostgreSQL D. Azure Synapse Analytics - D. Azure Synapse Analytics Azure Synapse Analytics is the logical choice for analyzing large volumes of data. Which of the following statements is true? A. With Operating Expenses (OpEx), you are responsible for purchasing and maintaining your computing resources. B. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use. C. With Capital Expenses (CapEx), you are only responsible for the computing resources that you use. - B. With Operating Expenses (OpEx), you are only responsible for the computing resources that you use. Which of the following options isn't a type of cloud computing? A. Distributed cloud B. Hybrid cloud C. Private cloud D. Public cloud - A. Distributed cloud A distributed cloud isn't a valid type of cloud computing.
Which of the following can be used to manage governance across multiple Azure subscriptions? A. Azure initiatives B. Management groups C. Resource groups - Management groups That's correct. Management groups facilitate the hierarchical ordering of Azure resources into collections, at a level of scope above subscriptions. Distinct governance conditions can be applied to each management group, with Azure Policy and Azure role-based access controls, to manage Azure subscriptions effectively. The resources and subscriptions assigned to a management group automatically inherit the conditions applied to the management group. Which of the following is a logical unit of Azure services that links to an Azure account? A. Azure subscription B. Management group C. Resource group - Azure subscription That's correct. An Azure subscription is a logical unit of Azure services that links to an Azure account. Which of the following features doesn't apply to resource groups? A. Resources can be in only one resource group. B. Role-based access control can be applied to the resource group. C. Resource groups can be nested. - C. Resource groups can be nested. Which of the following statements is a valid statement about an Azure subscription? A. Using Azure doesn't require a subscription. B. An Azure subscription is a logical unit of Azure services. C. You can't have more than one subscription. - B. An Azure subscription is a logical unit of Azure services. That's correct. A subscription is a set of Azure services bundled together for tracking and billing purposes. Virtual Machines virtualize A. ________, while containers virtualize B. ___________. - A. Hardware B. Operating System Which Azure compute resource can be deployed to manage a set of identical virtual machines? A. Virtual machine availability sets B. Virtual machine availability zones C. Virtual machine scale sets - C. Virtual machine scale sets That's correct. Virtual machine scale sets let you deploy and manage a set of identical virtual machines.
Tailwind Traders wants to use Azure ExpressRoute to connect its on-premises network to the Microsoft cloud. Which of the following choices isn't an ExpressRoute model that Tailwind Traders can use? A. Any-to-any connection B. Site-to-site virtual private network C. Point-to-point Ethernet connection D. CloudExchange colocation - Site-to-site virtual private network B. A site-to-site virtual private network isn't an ExpressRoute model. Which of the following options can you use to link virtual networks? A. Network address translation B. Multi-chassis link aggregation C. Dynamic Host Configuration Protocol D. Virtual network peering - D. Virtual network peering Virtual network peering can be used to link virtual networks. Which of the following options isn't a benefit of ExpressRoute? A. Redundant connectivity B. Consistent network throughput C. Encrypted network communication D. Access to Microsoft cloud services - Encrypted network communication Correct. ExpressRoute does provide private connectivity, but it isn't encrypted. You need to predict future behavior based on previous actions. Which product option should you select as a candidate? Azure Machine Learning Azure Bot Service Azure Cognitive Services - Azure Machine Learning Azure Machine Learning enables you to build models to predict the likelihood of a future result. It should not be eliminated as a candidate. ou need to create a human-computer interface that uses natural language to answer customer questions. Which product option should you select as a candidate? Azure Machine Learning Azure Cognitive Services Azure Bot Service - Azure Bot Service Azure Bot Service creates virtual agent solutions that utilize natural language. It should not be eliminated as a candidate. ou need to identify the content of product images to automatically create alt tags for images formatted properly. Which product option is the best candidate? Azure Machine Learning Azure Cognitive Services Azure Bot Service - Azure Cognitive Services Azure Cognitive Services includes Vision services that can identify the content of an image. Azure Cognitive Services is the best candidate.
Azure Repos - a centralized source-code repository where software development, DevOps engineering, and documentation professionals can publish their code for review and collaboration. Azure Boards - an agile project management suite that includes Kanban boards, reporting, and tracking ideas and work from high-level epics to work items and issues. Azure Pipelines - CI/CD pipeline automation tool. Azure Artifacts - a repository for hosting artifacts, such as compiled source code, which can be fed into testing or deployment pipeline steps. Azure Test Plans - an automated test tool that can be used in a CI/CD pipeline to ensure quality before a software release. Which of the following choices would not be used to automate a CI/CD process? Azure Pipelines GitHub Actions Azure Boards - Azure Boards Azure Boards is an agile project-management tool. It would not be used to automate a CI/CD process. Which service could help you manage the VMs that your developers and testers need to ensure that your new app works across various operating systems? Azure DevTest Labs Azure Test Labs Azure Repos - Azure DevTest Labs Azure DevTest Labs is used to manage VMs for testing, including configuration, provisioning, and automatic de-provisioning. Which service lacks features to assign individual developers tasks to work on? Azure Boards GitHub Azure Pipelines - Azure Pipelines Azure Pipelines is a CI/CD tool for building an automated toolchain. It lacks features to assign tasks for individual developers to work on. However, it can automate other tools to assign tasks to users. Azure Advisor - analyzes the configuration and usage of your resources and provides suggestions on how to optimize for reliability, security, performance, costs, and operations based on experts' best practices. Azure Service Health - monitor services or usage for Azure
ARM templates Azure PowerShell The Azure portal The Azure CLI - The Azure portal The Azure portal is a great place for newcomers to learn about Azure and set up their first resources. What is the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively? ARM templates Azure PowerShell The Azure portal The Azure CLI - ARM templates ARM templates are the best infrastructure-as-code option for quickly and reliably setting up your entire cloud infrastructure declaratively. Azure Portal - a web-based user interface, you can access virtually every feature of Azure. The Azure portal provides a friendly, graphical UI to view all the services you're using, create new services, configure your services, and view reports. Azure Mobile App - The Azure mobile app provides iOS and Android access to your Azure resources when you're away from your computer. With it, you can: Monitor the health and status of your Azure resources. Check for alerts, quickly diagnose and fix issues, and restart a web app or virtual machine (VM). Run the Azure CLI or Azure PowerShell commands to manage your Azure resources. Azure Powershell - Azure PowerShell is a shell with which developers and DevOps and IT professionals can execute commands called cmdlets (pronounced command-lets). These commands call the Azure Rest API to perform every possible management task in Azure. Cmdlets can be executed independently or combined into a script file and executed together to orchestrate: The routine setup, teardown, and maintenance of a single resource or multiple connected resources. The deployment of an entire infrastructure, which might contain dozens or hundreds of resources, from imperative code. Capturing the commands in a script makes the process repeatable and automatable. Azure PowerShell is available for Windows, Linux, and Mac, and you can access it in a web browser via Azure Cloud Shell. Azure CLI - The Azure CLI command-line interface is an executable program with which a developer, DevOps professional, or IT professional can execute commands in Bash. The commands call the Azure Rest API to perform every possible management task in Azure. You can run the commands independently or combined into a script and executed together for the routine setup, teardown, and maintenance of a single resource or an entire environment.
In many respects, the Azure CLI is almost identical to Azure PowerShell in what you can do with it. Both run on Windows, Linux, and Mac, and can be accessed in a web browser via Cloud Shell. The primary difference is the syntax you use. If you're already proficient in PowerShell or Bash, you can use the tool you prefer. Azure Resource Manager Templates - By using Azure Resource Manager templates (ARM templates), you can describe the resources you want to use in a declarative JSON format. The benefit is that the entire ARM template is verified before any code is executed to ensure that the resources will be created and connected correctly. The template then orchestrates the creation of those resources in parallel. That is, if you need 50 instances of the same resource, all 50 instances are created at the same time. Azure Functions - can host a single method or function by using a popular programming language in the cloud that runs in response to an event. The Azure Functions solution is ideal when you're concerned only with the code that's running your service and not the underlying platform or infrastructure. Azure Logic Apps - a low-code/no-code development platform hosted as a cloud service. What is the difference between Azure Functions and Azure Logic Apps? - You can call Azure Functions from Azure Logic Apps, and vice versa. The primary difference between the two services is their intent. Azure Functions is a serverless compute service, and Azure Logic Apps is intended to be a serverless orchestration service. Additionally, the two services are priced differently. Azure Functions pricing is based on the number of executions and the running time of each execution. Logic Apps pricing is based on the number of executions and the type of connectors that it utilizes. You need to process messages from a queue, parse them by using some existing imperative logic written in Java, and then send them to a third-party API. Which serverless option should you choose? Azure Functions Azure Logic Apps - Azure Functions Azure Functions is the correct choice because you can use existing Java code with minimal modification. You want to orchestrate a workflow by using APIs from several well-known services. Which is the best option for this scenario? Azure Functions Azure Logic Apps - Azure Logic Apps Azure Logic Apps makes it easy to create a workflow across well-known services with less effort than writing code and manually orchestrating all the steps yourself.
Azure Security Center - a monitoring service that provides visibility of your security posture across all of your services, both on Azure and on-premises Azure Sentinel - Microsoft's cloud-based SIEM system which can: Collect cloud data at scale Detect previously undetected threats Investigate threats with artificial intelligence Respond to incidents rapidly Azure Key Vault - a centralized cloud service for storing an application's secrets in a single, central location. Azure Dedicated Host - provides dedicated physical servers to host your Azure VMs for Windows and Linux How can Tailwind Traders enforce having only certain applications run on its VMs? A. Connect your VMs to Azure Sentinel. B. Create an application control rule in Azure Security Center. C. Periodically run a script that lists the running processes on each VM. The IT manager can then shut down any applications that shouldn't be running. - B. Create an application control rule in Azure Security Center. With Azure Security Center, you can define a list of allowed applications to ensure that only applications you allow can run. Azure Security Center can also detect and block malware from being installed on your VMs. What's the easiest way for Tailwind Traders to combine security data from all of its monitoring tools into a single report that it can take action on? A. Collect security data in Azure Sentinel. B. Build a custom tool that collects security data and displays a report through a web application. C. Look through each security log daily and email a summary to your team. - A. Collect security data in Azure Sentinel. Azure Sentinel is Microsoft's cloud-based SIEM. A SIEM aggregates security data from many different sources to provide additional capabilities for threat detection and responding to threats. Which is the best way for Tailwind Traders to safely store its certificates so that they're accessible to cloud VMs? A. Place the certificates on a network share. B. Store them on a VM that's protected by a password. C. Store the certificates in Azure Key Vault. - C. Store the certificates in Azure Key Vault. Azure Key Vault enables you to store your secrets in a single, central location. Key Vault also makes it easier to enroll and renew certificates from public certificate authorities (CAs).
How can Tailwind Traders ensure that certain VM workloads are physically isolated from workloads being run by other Azure customers? A. Configure the network to ensure that VMs on the same physical host are isolated. B. This is not possible. These workloads need to be run on-premises. C. Run the VMs on Azure Dedicated Host. - C. Run the VMs on Azure Dedicated Host. Azure Dedicated Host provides dedicated physical servers to host your Azure VMs for Windows and Linux. What are network security groups? - A network security group enables you to filter network traffic to and from Azure resources within an Azure virtual network. You can think of NSGs like an internal firewall. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol. Azure Application Gateway - Web application firewall (WAF) is a feature of Azure Application Gateway that provides your web applications with centralized, inbound protection against common exploits and vulnerabilities. Azure Firewall - provides: Inbound protection for non-HTTP/S protocols (for example, RDP, SSH, and FTP). Outbound network-level protection for all ports and protocols. Application-level protection for outbound HTTP/S. An attacker can bring down your website by sending a large volume of network traffic to your servers. Which Azure service can help Tailwind Traders protect its App Service instance from this kind of attack? Azure Firewall Network security groups Azure DDoS Protection - Azure DDoS Protection DDoS Protection helps protect your Azure resources from DDoS attacks. A DDoS attack attempts to overwhelm and exhaust an application's resources, making the application slow or unresponsive to legitimate users. What's the best way for Tailwind Traders to limit all outbound traffic from VMs to known hosts? Configure Azure DDoS Protection to limit network access to trusted ports and hosts. Create application rules in Azure Firewall. Ensure that all running applications communicate with only trusted ports and hosts. - Create application rules in Azure Firewall. Azure Firewall enables you to limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDNs). How can Tailwind Traders most easily implement a deny by default policy so that VMs can't connect to each other? Allocate each VM on its own virtual network.
Which is the best way for Tailwind Traders to ensure that the team deploys only cost- effective virtual machine SKU sizes? Create a policy in Azure Policy that specifies the allowed SKU sizes. Periodically inspect the deployment manually to see which SKU sizes are used. Create an Azure RBAC role that defines the allowed virtual machine SKU sizes. - Create a policy in Azure Policy that specifies the allowed SKU sizes. After you enable this policy, that policy is applied when you create new virtual machines or resize existing ones. Azure Policy also evaluates any current virtual machines in your environment. Which is likely the best way for Tailwind Traders to identify which billing department each Azure resource belongs to? Track resource usage in a spreadsheet. Split the deployment into separate Azure subscriptions, where each subscription belongs to its own billing department. Apply a tag to each resource that includes the associated billing department. - Apply a tag to each resource that includes the associated billing department. Tags provide extra information, or metadata, about your resources. The team might create a tag that's named BillingDept whose value would be the name of the billing department. You can use Azure Policy to ensure that the proper tags are assigned when resources are provisioned. Trust Center - - In-depth information about security, privacy, compliance offerings, policies, features, and practices across Microsoft cloud products.
Azure compliance documentation Microsoft Privacy Statement - Azure compliance documentation The compliance documentation provides reference blueprints, or policy definitions, for common standards that you can apply to your Azure subscription. Which is the best first step the team should take to compare the cost of running these environments on Azure versus in their datacenter? They're just test environments. Spin them up and check the bill at the end of the month. Assume that running in the cloud costs about the same as running in the datacenter. Run the Total Cost of Ownership Calculator. - Run the Total Cost of Ownership Calculator. Running the Total Cost of Ownership Calculator is a great first step because it can provide an accurate comparison of running workloads in the datacenter versus on Azure, certified by an independent research company. What's the best way to ensure that the development team doesn't provision too many virtual machines at the same time? Do nothing. Let the development team use what they need. Apply spending limits to the development team's Azure subscription. Verbally give the development lead a budget and hold them accountable for overages. - Apply spending limits to the development team's Azure subscription. If you exceed your spending limit, active resources are deallocated. You can then decide whether to increase your limit or provision fewer resources. Which is the most efficient way for the testing team to save costs on virtual machines on weekends, when testers are not at work? Delete the virtual machines before the weekend and create a new set the following week. Deallocate virtual machines when they're not in use. Just let everything run. Azure bills you only for the CPU time that you use. - Deallocate virtual machines when they're not in use. When you deallocate virtual machines, the associated hard disks and data are still kept in Azure. But you don't pay for CPU or network consumption, which can help save costs. Resources in the Dev and Test environments are each paid for by different departments. What's the best way to categorize costs by department? Apply a tag to each virtual machine that identifies the appropriate billing department. Split the cost evenly between departments. Keep a spreadsheet that lists each team's resources. - Apply a tag to each virtual machine that identifies the appropriate billing department. You can apply tags to groups of Azure resources to organize billing data. Azure Cosmos DB - - globally distributed, multi-model database service
Azure Kubernetes Service - a complete orchestration service for containers with distributed architectures and large volumes of containers. Orchestration is the task of automating and managing a large number of containers and how they interact. Azure App Service - enables you to build and host web apps, background jobs, mobile back- ends, and RESTful APIs in the programming language of your choice without managing infrastructure. Supports Windows and Linux and enables automated deployments from GitHub, Azure DevOps, or any Git repo. Azure ExpressRoute - For environments where you need greater bandwidth and even higher levels of security, Azure ExpressRoute is the best approach. ExpressRoute provides dedicated private connectivity to Azure that doesn't travel over the internet. Not encrypted* Policy-based VPNs - static routing specify statically the IP address of packets that should be encrypted through each tunnel Route-based VPNs - dynamic routing With route-based gateways, IPSec tunnels are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet. Route-based VPNs are the preferred connection method for on-premises devices. They're more resilient to topology changes such as the creation of new subnets. Azure Bot Service - virtual agent that interfaces with humans via natural language Azure Cognitive Services - a service that can understand the content and meaning of images, video, or audio, or that can translate text into a different language Azure Cognitive Services Personalizer - predict user behavior or provide users with personalized recommendations Azure Machine Learning - predict future outcomes based on private historical data or build a model by using your own data Azure DevTest - automate and manage test-lab creation GitHub vs Azure DevOps - GitHub