Scroll down to see your responses and detailed results
Prepare for the Microsoft Azure Fundamentals AZ-900 exam with our free practice test. Randomly generated and customizable, this test allows you to choose the number of questions.
What is the primary benefit of using templates for deploying resources in Azure?
They enable users to describe resources using procedural syntax to control the sequence of deployment.
They automatically update all resources to the latest Azure features upon deployment.
They ensure individual resource deployment, one resource at a time, for detailed control.
They allow users to define the desired state of resources using a declarative syntax.
ARM templates support declarative syntax, allowing users to define the 'what' instead of the 'how' in their infrastructure. This ensures consistency and repeatability in deployments, as the same template can be used to set up identical environments multiple times without manual configuration. Answer choices that mention 'procedural syntax' or 'individual deployment' do not align with the nature of ARM templates which are intended for declarative, consistent resource deployment.
What is the role of Azure Resource Manager in Azure?
Monitors the performance of Azure services and sends alerts in case of any service issues
Provides a management layer that allows users to create, update, and delete resources in their Azure account
Is primarily used for cost analysis and managing Azure expenditure
Automates complex deployments by executing user-defined scripts for resource setup and configuration
Manages user access and permissions for Azure resources
Serves as a dedicated security feature for protecting Azure services from unauthorized access
Azure Resource Manager is the deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. Using it, you can manage your infrastructure through declarative templates rather than scripting. It ensures that all resources in a solution are consistently deployed with a single, coordinated operation. Answers mentioning solely cost management or as a security feature are incorrect, as these are distinct aspects that might be facilitated by ARM but are not its primary role.
The cloud provider is responsible for securing customer data at all times in the shared responsibility model.
This statement is correct.
This statement is incorrect.
In the shared responsibility model, the customer is responsible for securing their data, applications, and identity management, while the cloud provider is tasked with the security of the cloud infrastructure itself, such as physical hosts and network infrastructure. This is why it's essential for customers to implement their own security measures for their data and applications that reside in the cloud.
What distinguishes built-in roles in Azure RBAC from custom roles?
Built-in roles define the geographic scope of access, whereas custom roles are used to restrict access to specific resource types regardless of location.
Built-in roles are predefined by Azure and cannot be modified, while custom roles allow for the specification of a unique set of permissions.
Built-in roles enable just-in-time access, whereas custom roles provide permanent access to Azure resources.
Custom roles can only be applied to resource groups, while built-in roles are applicable at all levels of the Azure hierarchy.
Built-in roles are provided by Azure to cover the most common needs for access permissions, such as Owner, Contributor, and Reader. These roles are designed by Azure and cannot be changed. In contrast, custom roles can be created by users to grant specific permissions not covered by built-in roles. Custom roles are flexible and can be tailored to an organization's specific needs, allowing precise control over access to Azure resources. This distinction is critical in creating a security environment that both protects resources and provides sufficient access for users to perform their jobs effectively.
Which cloud service model provides virtualized computing resources over the internet, allowing users to run applications and store data without managing physical servers?
Platform as a Service (PaaS)
Software as a Service (SaaS)
Function as a Service (FaaS)
Infrastructure as a Service (IaaS)
Infrastructure as a Service (IaaS) offers virtualized computing resources such as virtual machines, storage, and networks over the internet. Users can deploy and run their applications without managing the underlying physical servers, making it a flexible and scalable option for businesses.
Your company needs to analyze performance metrics and resource usage data across a variety of Azure resources to ensure optimal performance and availability. Which service would BEST facilitate the collection and analysis of this telemetry data?
Azure Service Health for a globally distributed monitoring service.
Application Insights for an application performance management service.
Azure Monitor for a comprehensive monitoring experience across all Azure resources.
Azure Policy for enforcing organizational standards and assessing compliance at scale.
Log Analytics for querying and visualizing log data from Azure resources.
Azure Advisor for personalized recommendations on Azure best practices.
Azure Monitor is the best choice for collecting and analyzing performance metrics and resource usage data across various Azure resources. It provides a comprehensive solution for monitoring the health and performance of your applications, infrastructure, and network. Azure Monitor can collect data at different granularities, aggregate it for analysis, and initiate actions based on insights derived from the data, making it the optimal tool for this task. While other services like Application Insights and Log Analytics are parts of Azure Monitor, they are more specialized tools. Application Insights is tailored specifically for web applications, whereas Log Analytics is a tool within Azure Monitor for querying and analyzing log data across different resources.
Your company has deployed a multi-tier application in Azure, where the frontend is publicly accessible while the backend databases should be secured and not accessible from the Internet. Which type of endpoint should be configured for the backend databases to ensure they are only reachable from within the Azure Virtual Network?
Private endpoints
On-premises data gateway
Public endpoints
Service endpoints
Private endpoints allow Azure resources to be accessed via a private IP address within a Virtual Network, ensuring that the backend databases would not be accessible from the public internet, but only through the internal network. In contrast, public endpoints are reachable over the public internet, which would not meet the company's requirement for backend security.
A company wants to migrate a large number of files from their on-premises data center to Azure Blob Storage. The migration process needs to be automated, efficient, and capable of resuming in case of interruptions. Which Azure service should the company use to accomplish this requirement?
Create an automated script using Azure Virtual Machines to manually copy files over Remote Desktop Protocol (RDP)
Implement Azure File Sync to keep the data in sync between on-premises and Azure Blob Storage
Utilize AzCopy with appropriate parameters to manage large-scale data transfer and resume interrupted transfers
Use Azure Storage Explorer to perform an iterative copy process with manual intervention if interrupted
AzCopy is a command-line utility designed for copying data to and from Microsoft Azure Blob, File, and Table storage, using simple commands with optimal performance. It is especially good for automating the migration of large amounts of data, as it supports resume on failure capabilities, which is necessary for handling interruptions during the data transfer process. This makes it the best choice for the company's requirements. Azure Storage Explorer offers a graphical interface for managing Azure storage data but does not inherently support automation or resumable transfers. Azure File Sync is for synchronizing files between Azure File shares and on-premises Windows Servers, which does not align with the requirement to migrate data to Blob Storage.
Which Azure Storage tier is optimized for storing data that is infrequently accessed but should be retained for a long period and still needs to be retrieved quickly when needed?
Cool
Premium Performance
Archive
Hot
The Cool tier is optimized for storing data that is infrequently accessed and stored for at least 30 days, such as backup data or older media content. This tier provides a cost-effective way to store data that is not accessed frequently but requires fast access when needed. The Hot tier is suitable for data accessed frequently, and the Archive tier is used for data that can tolerate several hours of retrieval latency and is stored for at least 180 days. Premium Performance tier is an incorrect term and does not represent any of the Azure Storage tiers.
What is a key benefit of cloud manageability for an organization's IT infrastructure?
Custom hardware configuration
Reduced initial setup cost
Automated software updates and patch management
Unlimited physical access to servers
The correct answer is 'Automated software updates and patch management', as cloud providers typically handle the maintenance of underlying infrastructure, including the management of software updates and patching, which reduces the burden on in-house IT teams. This streamlines operations and helps to ensure that systems remain secure and up-to-date with minimal intervention. 'Reduced initial setup cost’ while a benefit of cloud computing, is not directly related to manageability. 'Unlimited physical access to servers' is incorrect because physical access is typically restricted and not a factor in cloud manageability. 'Custom hardware configuration' is not a key benefit of manageability; on the contrary, one of the points of manageability in the cloud is reducing the need for custom hardware solutions.
What does the consumption-based model in cloud computing refer to?
Billing is based on a sliding scale that adjusts based on the user's company size.
Users pay a fixed cost for unlimited access to resources, similar to traditional software licenses.
Users enjoy free access to cloud resources for a limited trial period before committing to payment.
Users pay only for the resources they consume, such as bandwidth or storage space, without significant upfront costs.
The consumption-based model is a billing approach where users pay only for the resources they consume, such as storage, processing time, or bandwidth, rather than paying for hardware or software licenses upfront. This model offers flexibility and cost savings since users are not required to invest in their own computing infrastructure and can scale their usage up or down according to their needs. Fixed cost models, while they can exist in some cloud scenarios, typically involve a predetermined fee regardless of the actual usage, which is not the essence of the consumption-based model. Sliding scale and free trial are not billing models associated with regular cloud service consumption.
An Azure Storage account must be created before deploying a virtual machine.
True
False
An Azure Storage account is not a prerequisite for deploying a virtual machine because VM disks can be managed by Azure without the need to manually create a storage account first. Azure manages the storage of the virtual machine's VHD automatically with Azure managed disks. The confusion may arise from early Azure models where manual storage account management was needed for unmanaged disks. Managed disks simplify disk management for Azure virtual machines by managing the storage accounts in the background.
A company wants to enhance its security posture by adding an extra layer of verification to user sign-ins and transactions. They aim to provide this additional security measure without significantly impacting user experience. Which Azure authentication method should they implement?
Single sign-on (SSO)
Regular password authentication with complexity requirements
Passwordless authentication
Username-only sign in
Multi-factor authentication (MFA)
Multi-factor authentication (MFA) is the correct choice because it provides an additional layer of security by requiring two or more verification methods—a password, a phone call, a text message, or a verification app. MFA does not significantly impact user experience after initial setup and offers a substantial increase in account security. Single sign-on (SSO) simplifies user access by reducing password fatigue, but it does not in itself provide an additional verification layer. Passwordless authentication eliminates the need for a password but it is focused on user convenience rather than adding an additional verification step.
Your company is planning to deploy several virtual machines (VMs) on Azure to handle varying workloads. Which factor will NOT directly affect the cost of these Azure VMs?
The color theme of the Azure portal
The Azure region in which the VMs are deployed
The operating system selected for the VMs
The size of the VM (e.g., number of CPUs, amount of RAM)
While the choice of operating system, the size of the VM, and the region where it is deployed can significantly influence the cost due to licensing fees, hardware resources needed, and data transfer costs, respectively, the color theme of the Azure portal is simply a user interface customization option and has no impact on pricing. It's important to distinguish between aspects of the service that have a pricing implication and those that are merely aesthetic or user experience choices.
Your company wants to grant a user the ability to start and restart virtual machines, but not to create or delete them. Which built-in role should you assign to the user to provide the necessary permissions?
Reader
Virtual Machine Contributor
Owner
Virtual Machine User Login
The built-in Virtual Machine Contributor role provides the ability to manage virtual machines in Azure, not their networking components or storage accounts, nor does it allow the user to create or delete virtual machines. This alignment with the requirement makes it the best choice. The Virtual Machine User Login role only allows a user to log into a virtual machine. The Owner role provides full access, including creating and deleting virtual machines, which exceeds the required permissions. The Reader role grants read-only access and would not permit the user to start or restart virtual machines.
Looks like thats it! You can go back and review your answers or click the button below to grade your test.