This is a list of practice questions for Microsoft Azure Fundamentals (AZ-900) exam with answers.
Question
You need to deploy a serverless solution that meets the following requirements:
- Execution is triggered through an HTTP request.
- You pay only for the time that your code runs.
- You do not have to manage the application infrastructure.
Which Azure service should you use?
You should use Azure Functions. This is a serverless platform that lets you execute your code when needed and pay for the actual runtime only, without worrying about configuration or management of the underlying physical and application infrastructure. Azure Functions can be triggered by various event types, including HTTP requests.
Question
Your company plans to migrate applications and services to the cloud. You recommend for a hybrid cloud to be deployed. Why would you make this recommendation?
To augment on-premises resources by providing overflow capacity
By implementing a hybrid cloud, your company can augment on-premises resources by providing overflow capacity. A hybrid cloud is the combination of two or more cloud models, such as public and private, and provides benefits from both models. It can give businesses the flexibility to use public cloud resources when they need them, while also keeping sensitive data and applications on-premises in a private cloud. A hybrid cloud can also help organizations manage peaks and valleys in traffic more efficiently. By using a hybrid cloud model, businesses do not have to overprovision computing resources in anticipation of high demand; they can simply bring in extra resources from the public cloud when they need them.
Question
Your company has a new policy to restrict administrative access to resources at the resource group and resource scopes in a detailed, granular way. Access will be granted to various groups and individual users. You need to implement the new policy. What should you use?
Role-based access control (RBAC)
You should use RBAC. RBAC supports various scopes, including management groups, subscriptions, resource groups, and resources. Roles can be assigned to groups, users, other security principals, and managed identifies. RBAC has over 70 built-in roles and supports the creation and assignment of custom roles.
Question
Which Azure solution should you use to build a baseline behavioural profile of organisational entities to identify anomalous activity?
Microsoft Sentinel
Microsoft Sentinel is a security information and event manager (SIEM) platform that can analyze data across the enterprise to identify potential threats, including anomalous activities of users or applications, and help with a faster and smarter response.
Question
What is Azure Virtual Desktop (AVD)?
Azure Virtual Desktop (AVD) supports Remote Desktop clients on MacOS and iOS. Other supported platforms include Windows Desktop, Web, Android, and Microsoft Store Client.
You are not charged for the use of AVD on a monthly basis accordingly by active users. AVD is a service that does not require any additional licenses. You can use it with your existing Microsoft 365 or Windows per-user license. However, you are charged for the virtual machines where AVD runs.
AVD users should exist in the same Windows Server AD that is linked to Azure AD. AVD does not support the use of Microsoft accounts or Azure AD B2B when users are sourced from a separate Azure AD tenant.
Question
Which three authentication types are supported by both SSPR and MFA?
The authentication types supported by both SSPR and MFA are:
- Password
- SMS
- Voice call
Question
What is Azure Dedicated Hosts?
A provided physical server is dedicated to your organization’s workload only. Azure Dedicated Hosts are isolated physical servers where you run your organization’s workload only. They are not shared with any other Azure customers to meet corporate compliance guidelines and standards.
You cannot share provided physical servers across your multiple Azure subscriptions. The underlying physical hosts are single-tenant, so they are dedicated to one Azure subscription only.
You are not charged per number of VMs deployed. Azure Dedicated Hosts are charged per dedicated host, regardless of how many VMs you run on the host.
Question
You need to ensure consistent performance for users who access your application, which runs on customised Linux virtual machines. What should you use to provision virtual machines automatically?
You should use scale sets to provision virtual machines automatically. An Azure virtual machine scale set is a group of identical, autoscaling virtual machines in the Azure cloud. Virtual machine scale sets allow you to easily deploy and manage a large number of virtual machines as a single unit, making them ideal for scalable workloads like web servers, application servers, and batch processing jobs. You can create your own virtual machine scale sets from scratch or use pre-configured ones from the Azure Marketplace.
Question
What is a management group?
Management groups let you organize multiple subscriptions as a single management entity to facilitate easier management. You can create managements groups in a hierarchical structure with the top level of the hierarchy at the tenant level and all of the subscriptions are contained in that tenant. Any conditions applied to a management group apply to all subscriptions contained in that management group object.
Question
Your company wants to ensure that it meets its internal compliance goals and that Azure resources are compliant with company standards. This will include ongoing evaluation for compliance and the identification of non-compliant resources. You need to recommend a solution.
What should you use?
You should use Azure Policy. Azure Policy lets a company enforce rules that apply to resources to help ensure compliance with company standards. Policies can also be used to ensure that resources meet service level agreement (SLA) requirements. Resources are evaluated based on policies and non-compliant resources are identified.
Question
What can Application Security Groups help you do?
ASGs let you organize similar servers so you can easily define and implement security policies based on those groups. ASGs let you apply security to the group as a whole.
